From d82c232b5e7c782803844826fde9f4242dd6437f Mon Sep 17 00:00:00 2001
From: iberezovskiy <iberezovskiy@mirantis.com>
Date: Tue, 24 May 2016 16:29:46 +0300
Subject: [PATCH] Use 'password' auth_type by default

It's better to use 'password' keystone auth plugin by default
for the supporting v2 and v3 keystone API instead of ceilometer
legacy keystone loader which supports only v2.
Remove hard-coded API version from auth_url as well.

Actually this legacy loader has been deprecated in Mitaka and
has been already removed in Newton:
https://review.openstack.org/#/c/307053/

Change-Id: Iad68b6c1c29f9d9cd1b41ecc2898732fa030d401
---
 manifests/agent/auth.pp                          | 16 ++++++++--------
 .../password_auth_type-810a86921a846b2f.yaml     |  5 +++++
 spec/classes/ceilometer_agent_auth_spec.rb       | 10 +++++-----
 3 files changed, 18 insertions(+), 13 deletions(-)
 create mode 100644 releasenotes/notes/password_auth_type-810a86921a846b2f.yaml

diff --git a/manifests/agent/auth.pp b/manifests/agent/auth.pp
index a512fba8..db14d557 100644
--- a/manifests/agent/auth.pp
+++ b/manifests/agent/auth.pp
@@ -7,7 +7,7 @@
 #
 # [*auth_url*]
 #   (Optional) the keystone public endpoint
-#   Defaults to 'http://localhost:5000/v2.0'.
+#   Defaults to 'http://localhost:5000'.
 #
 # [*auth_region*]
 #   (Optional) the keystone region of this node
@@ -39,28 +39,28 @@
 #
 # [*auth_user_domain_name*]
 #   (Optional) domain name for auth user.
-#   Defaults to $::os_service_default.
+#   Defaults to 'Default'.
 #
 # [*auth_project_domain_name*]
 #   (Optional) domain name for auth project.
-#   Defaults to $::os_service_default.
+#   Defaults to 'Default'.
 #
 # [*auth_type*]
 #   (Optional) Authentication type to load.
-#   Defaults to $::os_service_default.
+#   Defaults to 'password'.
 #
 class ceilometer::agent::auth (
   $auth_password,
-  $auth_url                 = 'http://localhost:5000/v2.0',
+  $auth_url                 = 'http://localhost:5000',
   $auth_region              = $::os_service_default,
   $auth_user                = 'ceilometer',
   $auth_tenant_name         = 'services',
   $auth_tenant_id           = undef,
   $auth_cacert              = undef,
   $auth_endpoint_type       = undef,
-  $auth_user_domain_name    = $::os_service_default,
-  $auth_project_domain_name = $::os_service_default,
-  $auth_type                = $::os_service_default,
+  $auth_user_domain_name    = 'Default',
+  $auth_project_domain_name = 'Default',
+  $auth_type                = 'password',
 ) {
 
   if ! $auth_cacert {
diff --git a/releasenotes/notes/password_auth_type-810a86921a846b2f.yaml b/releasenotes/notes/password_auth_type-810a86921a846b2f.yaml
new file mode 100644
index 00000000..c580c332
--- /dev/null
+++ b/releasenotes/notes/password_auth_type-810a86921a846b2f.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - Update auth_type value to 'password' to use keystone auth
+    plugin by default instead of ceilometer legacy keystone loader.
+  - Remove hard-coded API version from auth url
diff --git a/spec/classes/ceilometer_agent_auth_spec.rb b/spec/classes/ceilometer_agent_auth_spec.rb
index 8d940154..72a4d81a 100644
--- a/spec/classes/ceilometer_agent_auth_spec.rb
+++ b/spec/classes/ceilometer_agent_auth_spec.rb
@@ -7,7 +7,7 @@ describe 'ceilometer::agent::auth' do
   end
 
   let :params do
-    { :auth_url         => 'http://localhost:5000/v2.0',
+    { :auth_url         => 'http://localhost:5000',
       :auth_region      => '<SERVICE DEFAULT>',
       :auth_user        => 'ceilometer',
       :auth_password    => 'password',
@@ -18,16 +18,16 @@ describe 'ceilometer::agent::auth' do
   shared_examples_for 'ceilometer-agent-auth' do
 
     it 'configures authentication' do
-      is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000/v2.0')
+      is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000')
       is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('<SERVICE DEFAULT>')
       is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer')
       is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password')
       is_expected.to contain_ceilometer_config('service_credentials/password').with_value(params[:auth_password]).with_secret(true)
       is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services')
       is_expected.to contain_ceilometer_config('service_credentials/ca_file').with(:ensure => 'absent')
-      is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('<SERVICE DEFAULT>')
-      is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('<SERVICE DEFAULT>')
-      is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default')
+      is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default')
+      is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password')
     end
 
     context 'when overriding parameters' do