diff --git a/manifests/agent/auth.pp b/manifests/agent/auth.pp index a00f4433..ea1bce25 100644 --- a/manifests/agent/auth.pp +++ b/manifests/agent/auth.pp @@ -1,5 +1,6 @@ # == Class: ceilometer::agent::auth # +# DEPRECATED ! # The ceilometer::agent::auth class helps configure common # auth settings for the agents. # @@ -7,22 +8,22 @@ # # [*auth_url*] # (Optional) the keystone public endpoint -# Defaults to 'http://localhost:5000'. +# Defaults to undef. # # [*auth_region*] # (Optional) the keystone region of this node -# Defaults to $::os_service_default. +# Defaults to undef. # # [*auth_user*] # (Optional) the keystone user for ceilometer services -# Defaults to 'ceilometer'. +# Defaults to undef. # # [*auth_password*] # (Required) the keystone password for ceilometer services # # [*auth_tenant_name*] # (Optional) the keystone tenant name for ceilometer services -# Defaults to 'services'. +# Defaults to undef. # # [*auth_tenant_id*] # (Optional) the keystone tenant id for ceilometer services. @@ -39,58 +40,43 @@ # # [*auth_user_domain_name*] # (Optional) domain name for auth user. -# Defaults to 'Default'. +# Defaults to undef. # # [*auth_project_domain_name*] # (Optional) domain name for auth project. -# Defaults to 'Default'. +# Defaults to undef. # # [*auth_type*] # (Optional) Authentication type to load. -# Defaults to 'password'. +# Defaults to undef. # class ceilometer::agent::auth ( $auth_password, - $auth_url = 'http://localhost:5000', - $auth_region = $::os_service_default, - $auth_user = 'ceilometer', - $auth_tenant_name = 'services', + $auth_url = undef, + $auth_region = undef, + $auth_user = undef, + $auth_tenant_name = undef, $auth_tenant_id = undef, $auth_cacert = undef, $auth_endpoint_type = undef, - $auth_user_domain_name = 'Default', - $auth_project_domain_name = 'Default', - $auth_type = 'password', + $auth_user_domain_name = undef, + $auth_project_domain_name = undef, + $auth_type = undef ) { include ceilometer::deps - if ! $auth_cacert { - ceilometer_config { 'service_credentials/cafile': ensure => absent } - } else { - ceilometer_config { 'service_credentials/cafile': value => $auth_cacert } - } + warning('The ceilometer::agent::auth class has been deprecated. \ +Use the ceilometer::agent::service_credentials classs instead') - ceilometer_config { - 'service_credentials/auth_url' : value => $auth_url; - 'service_credentials/region_name' : value => $auth_region; - 'service_credentials/username' : value => $auth_user; - 'service_credentials/password' : value => $auth_password, secret => true; - 'service_credentials/project_name' : value => $auth_tenant_name; - 'service_credentials/user_domain_name' : value => $auth_user_domain_name; - 'service_credentials/project_domain_name': value => $auth_project_domain_name; - 'service_credentials/auth_type' : value => $auth_type; - } + include ceilometer::agent::service_credentials + # Since we use names instead of ids for keystone credentials in most of + # our modules, we'll just deprecated this feature and don't migrate this + # to the new service_credentials class. if $auth_tenant_id { ceilometer_config { 'service_credentials/project_id' : value => $auth_tenant_id; } } - - if $auth_endpoint_type { - ceilometer_config { - 'service_credentials/interface' : value => $auth_endpoint_type; - } - } } diff --git a/manifests/agent/service_credentials.pp b/manifests/agent/service_credentials.pp new file mode 100644 index 00000000..5d3ed310 --- /dev/null +++ b/manifests/agent/service_credentials.pp @@ -0,0 +1,90 @@ +# == Class: ceilometer::agent::service_credentials +# +# The ceilometer::agent::service_credentials class helps configure common +# service credentials settings for the agents. +# +# === Parameters: +# +# [*auth_url*] +# (Optional) the keystone public endpoint +# Defaults to 'http://localhost:5000'. +# +# [*region_name*] +# (Optional) the keystone region of this node +# Defaults to $::os_service_default. +# +# [*username*] +# (Optional) the keystone user for ceilometer services +# Defaults to 'ceilometer'. +# +# [*password*] +# (Required) the keystone password for ceilometer services +# +# [*project_name*] +# (Optional) the keystone project name for ceilometer services +# Defaults to 'services'. +# +# [*cafile*] +# (Optional) Certificate chain for SSL validation. +# Defaults to $::os_service_default. +# +# [*interface*] +# (Optional) Type of endpoint in Identity service catalog to use for +# communication with OpenStack services. +# Defaults to $::os_service_default. +# +# [*user_domain_name*] +# (Optional) domain name for auth user. +# Defaults to 'Default'. +# +# [*project_domain_name*] +# (Optional) domain name for auth project. +# Defaults to 'Default'. +# +# [*auth_type*] +# (Optional) Authentication type to load. +# Defaults to 'password'. +# +class ceilometer::agent::service_credentials ( + $password = false, + $auth_url = 'http://localhost:5000', + $region_name = $::os_service_default, + $username = 'ceilometer', + $project_name = 'services', + $cafile = $::os_service_default, + $interface = $::os_service_default, + $user_domain_name = 'Default', + $project_domain_name = 'Default', + $auth_type = 'password', +) { + + include ceilometer::deps + + $password_real = pick($::ceilometer::agent::auth::auth_password, $password) + if ! $password_real { + fail('The password parameter is required') + } + + $auth_url_real = pick($::ceilometer::agent::auth::auth_url, $auth_url) + $region_name_real = pick($::ceilometer::agent::auth::auth_region, $region_name) + $username_real = pick($::ceilometer::agent::auth::auth_user, $username) + $project_name_real = pick($::ceilometer::agent::auth::auth_tenant_name, $project_name) + $cafile_real = pick($::ceilometer::agent::auth::auth_cacert, $cafile) + $interface_real = pick($::ceilometer::agent::auth::auth_endpoint_type, $interface) + $user_domain_name_real = pick($::ceilometer::agent::auth::auth_user_domain_name, $user_domain_name) + $project_domain_name_real = pick($::ceilometer::agent::auth::auth_project_domain_name, $project_domain_name) + $auth_type_real = pick($::ceilometer::agent::auth::auth_type, $auth_type) + + ceilometer_config { + 'service_credentials/auth_url' : value => $auth_url_real; + 'service_credentials/region_name' : value => $region_name_real; + 'service_credentials/username' : value => $username_real; + 'service_credentials/password' : value => $password_real, secret => true; + 'service_credentials/project_name' : value => $project_name_real; + 'service_credentials/cafile' : value => $cafile_real; + 'service_credentials/interface' : value => $interface_real; + 'service_credentials/user_domain_name' : value => $user_domain_name_real; + 'service_credentials/project_domain_name': value => $project_domain_name_real; + 'service_credentials/auth_type' : value => $auth_type_real; + } +} diff --git a/releasenotes/notes/service_credentials-c8bf6bbf763bc08e.yaml b/releasenotes/notes/service_credentials-c8bf6bbf763bc08e.yaml new file mode 100644 index 00000000..6d3a3cee --- /dev/null +++ b/releasenotes/notes/service_credentials-c8bf6bbf763bc08e.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + The ``ceilometer::agent::auth`` class has been deprecated. Use the + ``ceilometer::agent::service_credentials`` class instead. diff --git a/spec/classes/ceilometer_agent_auth_spec.rb b/spec/classes/ceilometer_agent_auth_spec.rb index 71ccaeca..9a97a30f 100644 --- a/spec/classes/ceilometer_agent_auth_spec.rb +++ b/spec/classes/ceilometer_agent_auth_spec.rb @@ -21,10 +21,9 @@ describe 'ceilometer::agent::auth' do is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000') is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('') is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer') - is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password') - is_expected.to contain_ceilometer_config('service_credentials/password').with_value(params[:auth_password]).with_secret(true) + is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true) is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services') - is_expected.to contain_ceilometer_config('service_credentials/cafile').with(:ensure => 'absent') + is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('') is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default') is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default') is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password') diff --git a/spec/classes/ceilometer_agent_service_credentials_spec.rb b/spec/classes/ceilometer_agent_service_credentials_spec.rb new file mode 100644 index 00000000..4a20621f --- /dev/null +++ b/spec/classes/ceilometer_agent_service_credentials_spec.rb @@ -0,0 +1,73 @@ +require 'spec_helper' + +describe 'ceilometer::agent::service_credentials' do + + let :pre_condition do + "class { 'ceilometer': telemetry_secret => 's3cr3t' }" + end + + let :params do + { :password => 'password' } + end + + shared_examples_for 'ceilometer::agent::service_credentials' do + + context 'wtih default values' do + it 'configures authentication' do + is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000') + is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('') + is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer') + is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true) + is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services') + is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('') + is_expected.to contain_ceilometer_config('service_credentials/interface').with_value('') + is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default') + is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default') + is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password') + end + end + + context 'when overriding parameters' do + before do + params.merge!( + :auth_url => 'http://192.168.0.1:5000', + :region_name => 'regionOne', + :username => 'ceilometer2', + :project_name => 'services2', + :cafile => '/tmp/dummy.pem', + :interface => 'internalURL', + :auth_type => 'v3password', + :user_domain_name => 'MyDomain', + :project_domain_name => 'MyProjDomain', + ) + end + + it 'configures the specified values' do + is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://192.168.0.1:5000') + is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('regionOne') + is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer2') + is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true) + is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services2') + is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('/tmp/dummy.pem') + is_expected.to contain_ceilometer_config('service_credentials/interface').with_value('internalURL') + is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('MyDomain') + is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('MyProjDomain') + is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('v3password') + end + end + + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'ceilometer::agent::service_credentials' + end + end + +end