Use consistent names for service_credentials options

This change renames ceilometer::agent::auth and its parameters to be
consistent with the section name and the parameter names in ceilometer
service. This allows operators more easily guess how the class and its
parameters correspond to the options in ceilometer.

Change-Id: I7ec7e5e36cad537117e8abb8fe0e67b8b8be48e9
This commit is contained in:
Takashi Kajinami 2021-02-16 11:54:05 +09:00
parent d27fbd3fed
commit 9a5323ad18
5 changed files with 191 additions and 38 deletions

View File

@ -1,5 +1,6 @@
# == Class: ceilometer::agent::auth
#
# DEPRECATED !
# The ceilometer::agent::auth class helps configure common
# auth settings for the agents.
#
@ -7,22 +8,22 @@
#
# [*auth_url*]
# (Optional) the keystone public endpoint
# Defaults to 'http://localhost:5000'.
# Defaults to undef.
#
# [*auth_region*]
# (Optional) the keystone region of this node
# Defaults to $::os_service_default.
# Defaults to undef.
#
# [*auth_user*]
# (Optional) the keystone user for ceilometer services
# Defaults to 'ceilometer'.
# Defaults to undef.
#
# [*auth_password*]
# (Required) the keystone password for ceilometer services
#
# [*auth_tenant_name*]
# (Optional) the keystone tenant name for ceilometer services
# Defaults to 'services'.
# Defaults to undef.
#
# [*auth_tenant_id*]
# (Optional) the keystone tenant id for ceilometer services.
@ -39,58 +40,43 @@
#
# [*auth_user_domain_name*]
# (Optional) domain name for auth user.
# Defaults to 'Default'.
# Defaults to undef.
#
# [*auth_project_domain_name*]
# (Optional) domain name for auth project.
# Defaults to 'Default'.
# Defaults to undef.
#
# [*auth_type*]
# (Optional) Authentication type to load.
# Defaults to 'password'.
# Defaults to undef.
#
class ceilometer::agent::auth (
$auth_password,
$auth_url = 'http://localhost:5000',
$auth_region = $::os_service_default,
$auth_user = 'ceilometer',
$auth_tenant_name = 'services',
$auth_url = undef,
$auth_region = undef,
$auth_user = undef,
$auth_tenant_name = undef,
$auth_tenant_id = undef,
$auth_cacert = undef,
$auth_endpoint_type = undef,
$auth_user_domain_name = 'Default',
$auth_project_domain_name = 'Default',
$auth_type = 'password',
$auth_user_domain_name = undef,
$auth_project_domain_name = undef,
$auth_type = undef
) {
include ceilometer::deps
if ! $auth_cacert {
ceilometer_config { 'service_credentials/cafile': ensure => absent }
} else {
ceilometer_config { 'service_credentials/cafile': value => $auth_cacert }
}
warning('The ceilometer::agent::auth class has been deprecated. \
Use the ceilometer::agent::service_credentials classs instead')
ceilometer_config {
'service_credentials/auth_url' : value => $auth_url;
'service_credentials/region_name' : value => $auth_region;
'service_credentials/username' : value => $auth_user;
'service_credentials/password' : value => $auth_password, secret => true;
'service_credentials/project_name' : value => $auth_tenant_name;
'service_credentials/user_domain_name' : value => $auth_user_domain_name;
'service_credentials/project_domain_name': value => $auth_project_domain_name;
'service_credentials/auth_type' : value => $auth_type;
}
include ceilometer::agent::service_credentials
# Since we use names instead of ids for keystone credentials in most of
# our modules, we'll just deprecated this feature and don't migrate this
# to the new service_credentials class.
if $auth_tenant_id {
ceilometer_config {
'service_credentials/project_id' : value => $auth_tenant_id;
}
}
if $auth_endpoint_type {
ceilometer_config {
'service_credentials/interface' : value => $auth_endpoint_type;
}
}
}

View File

@ -0,0 +1,90 @@
# == Class: ceilometer::agent::service_credentials
#
# The ceilometer::agent::service_credentials class helps configure common
# service credentials settings for the agents.
#
# === Parameters:
#
# [*auth_url*]
# (Optional) the keystone public endpoint
# Defaults to 'http://localhost:5000'.
#
# [*region_name*]
# (Optional) the keystone region of this node
# Defaults to $::os_service_default.
#
# [*username*]
# (Optional) the keystone user for ceilometer services
# Defaults to 'ceilometer'.
#
# [*password*]
# (Required) the keystone password for ceilometer services
#
# [*project_name*]
# (Optional) the keystone project name for ceilometer services
# Defaults to 'services'.
#
# [*cafile*]
# (Optional) Certificate chain for SSL validation.
# Defaults to $::os_service_default.
#
# [*interface*]
# (Optional) Type of endpoint in Identity service catalog to use for
# communication with OpenStack services.
# Defaults to $::os_service_default.
#
# [*user_domain_name*]
# (Optional) domain name for auth user.
# Defaults to 'Default'.
#
# [*project_domain_name*]
# (Optional) domain name for auth project.
# Defaults to 'Default'.
#
# [*auth_type*]
# (Optional) Authentication type to load.
# Defaults to 'password'.
#
class ceilometer::agent::service_credentials (
$password = false,
$auth_url = 'http://localhost:5000',
$region_name = $::os_service_default,
$username = 'ceilometer',
$project_name = 'services',
$cafile = $::os_service_default,
$interface = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$auth_type = 'password',
) {
include ceilometer::deps
$password_real = pick($::ceilometer::agent::auth::auth_password, $password)
if ! $password_real {
fail('The password parameter is required')
}
$auth_url_real = pick($::ceilometer::agent::auth::auth_url, $auth_url)
$region_name_real = pick($::ceilometer::agent::auth::auth_region, $region_name)
$username_real = pick($::ceilometer::agent::auth::auth_user, $username)
$project_name_real = pick($::ceilometer::agent::auth::auth_tenant_name, $project_name)
$cafile_real = pick($::ceilometer::agent::auth::auth_cacert, $cafile)
$interface_real = pick($::ceilometer::agent::auth::auth_endpoint_type, $interface)
$user_domain_name_real = pick($::ceilometer::agent::auth::auth_user_domain_name, $user_domain_name)
$project_domain_name_real = pick($::ceilometer::agent::auth::auth_project_domain_name, $project_domain_name)
$auth_type_real = pick($::ceilometer::agent::auth::auth_type, $auth_type)
ceilometer_config {
'service_credentials/auth_url' : value => $auth_url_real;
'service_credentials/region_name' : value => $region_name_real;
'service_credentials/username' : value => $username_real;
'service_credentials/password' : value => $password_real, secret => true;
'service_credentials/project_name' : value => $project_name_real;
'service_credentials/cafile' : value => $cafile_real;
'service_credentials/interface' : value => $interface_real;
'service_credentials/user_domain_name' : value => $user_domain_name_real;
'service_credentials/project_domain_name': value => $project_domain_name_real;
'service_credentials/auth_type' : value => $auth_type_real;
}
}

View File

@ -0,0 +1,5 @@
---
deprecations:
- |
The ``ceilometer::agent::auth`` class has been deprecated. Use the
``ceilometer::agent::service_credentials`` class instead.

View File

@ -21,10 +21,9 @@ describe 'ceilometer::agent::auth' do
is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000')
is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value(params[:auth_password]).with_secret(true)
is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true)
is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services')
is_expected.to contain_ceilometer_config('service_credentials/cafile').with(:ensure => 'absent')
is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password')

View File

@ -0,0 +1,73 @@
require 'spec_helper'
describe 'ceilometer::agent::service_credentials' do
let :pre_condition do
"class { 'ceilometer': telemetry_secret => 's3cr3t' }"
end
let :params do
{ :password => 'password' }
end
shared_examples_for 'ceilometer::agent::service_credentials' do
context 'wtih default values' do
it 'configures authentication' do
is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000')
is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true)
is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services')
is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/interface').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password')
end
end
context 'when overriding parameters' do
before do
params.merge!(
:auth_url => 'http://192.168.0.1:5000',
:region_name => 'regionOne',
:username => 'ceilometer2',
:project_name => 'services2',
:cafile => '/tmp/dummy.pem',
:interface => 'internalURL',
:auth_type => 'v3password',
:user_domain_name => 'MyDomain',
:project_domain_name => 'MyProjDomain',
)
end
it 'configures the specified values' do
is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://192.168.0.1:5000')
is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('regionOne')
is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer2')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true)
is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services2')
is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('/tmp/dummy.pem')
is_expected.to contain_ceilometer_config('service_credentials/interface').with_value('internalURL')
is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('MyDomain')
is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('MyProjDomain')
is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('v3password')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ceilometer::agent::service_credentials'
end
end
end