Add Cinder API v3 support

The v1 api is deprecated and is not under active development.

This patch:
* activate v2 Keystone resources by default from now.
* allow to activate cinder v3 api (enabled by default, like recommended
  by OpenStack logs)
* allow to manage Keystone resources for v3 API, enabled by default from
  Mitaka.

Depends-On: Ibfc3988a4de47c9d7d97159e7d1c0e57d64979ae
Change-Id: Ie2ca974dfa583c176fce4907f1d81c80426ecccc

manifests/init.pp

@@ -193,7 +193,11 @@
 #   Defaults to 'true'.
 #
 # [*enable_v2_api*]
-#   (Optional) Whether to enable the v1 API (true/false).
+#   (Optional) Whether to enable the v2 API (true/false).
+#   Defaults to 'true'.
+#
+# [*enable_v3_api*]
+#   (Optional) Whether to enable the v3 API (true/false).
 #   Defaults to 'true'.
 #
 # [*lock_path*]
@@ -307,6 +311,7 @@ class cinder (
   $default_availability_zone          = false,
   $enable_v1_api                      = true,
   $enable_v2_api                      = true,
+  $enable_v3_api                      = true,
   $lock_path                          = $::cinder::params::lock_path,
   $image_conversion_dir               = $::os_service_default,
   $host                               = $::os_service_default,
@@ -433,10 +438,11 @@ class cinder (
     }
   }
 
-  # V1/V2 APIs
+  # V1/V2/V3 APIs
   cinder_config {
     'DEFAULT/enable_v1_api':        value => $enable_v1_api;
     'DEFAULT/enable_v2_api':        value => $enable_v2_api;
+    'DEFAULT/enable_v3_api':        value => $enable_v3_api;
     'oslo_concurrency/lock_path':   value => $lock_path;
   }
 

manifests/keystone/auth.pp

@@ -16,12 +16,21 @@
 # [*email_user_v2*]
 #   Email for Cinder v2 user. Optional. Defaults to 'cinderv2@localhost'.
 #
+# [*password_user_v3*]
+#   Password for Cinder v3 user. Optional. Defaults to undef.
+#
+# [*email_user_v3*]
+#   Email for Cinder v3 user. Optional. Defaults to 'cinderv3@localhost'.
+#
 # [*auth_name*]
 #   Username for Cinder service. Optional. Defaults to 'cinder'.
 #
 # [*auth_name_v2*]
 #   Username for Cinder v2 service. Optional. Defaults to 'cinderv2'.
 #
+# [*auth_name_v3*]
+#   Username for Cinder v3 service. Optional. Defaults to 'cinderv3'.
+#
 # [*configure_endpoint*]
 #   Should Cinder endpoint be configured? Optional. Defaults to 'true'.
 #   API v1 endpoint should be enabled in Icehouse for compatibility with Nova.
@@ -29,12 +38,18 @@
 # [*configure_endpoint_v2*]
 #   Should Cinder v2 endpoint be configured? Optional. Defaults to 'true'.
 #
+# [*configure_endpoint_v3*]
+#   Should Cinder v3 endpoint be configured? Optional. Defaults to 'true'.
+#
 # [*configure_user*]
 #   Should the service user be configured? Optional. Defaults to 'true'.
 #
 # [*configure_user_v2*]
 #   Should the service user be configured for cinder v2? Optional. Defaults to 'false'.
 #
+# [*configure_user_v3*]
+#   Should the service user be configured for cinder v3? Optional. Defaults to 'false'.
+#
 # [*configure_user_role*]
 #   Should the admin role be configured for the service user?
 #   Optional. Defaults to 'true'.
@@ -43,6 +58,10 @@
 #   Should the admin role be configured for the service user for cinder v2?
 #   Optional. Defaults to 'false'.
 #
+# [*configure_user_role_v3*]
+#   Should the admin role be configured for the service user for cinder v3?
+#   Optional. Defaults to 'false'.
+#
 # [*service_name*]
 #   (optional) Name of the service.
 #   Defaults to the value of auth_name, but must differ from the value
@@ -53,12 +72,20 @@
 #   Defaults to the value of auth_name_v2, but must differ from the value
 #   of service_name.
 #
+# [*service_name_v3*]
+#   (optional) Name of the v3 service.
+#   Defaults to the value of auth_name_v3, but must differ from the value
+#   of service_name.
+#
 # [*service_type*]
 #    Type of service. Optional. Defaults to 'volume'.
 #
 # [*service_type_v2*]
 #    Type of API v2 service. Optional. Defaults to 'volumev2'.
 #
+# [*service_type_v3*]
+#    Type of API v3 service. Optional. Defaults to 'volumev3'.
+#
 # [*service_description*]
 #    (optional) Description for keystone service.
 #    Defaults to 'Cinder Service'.
@@ -67,6 +94,10 @@
 #    (optional) Description for keystone v2 service.
 #    Defaults to 'Cinder Service v2'.
 #
+# [*service_description_v3*]
+#    (optional) Description for keystone v3 service.
+#    Defaults to 'Cinder Service v3'.
+#
 # [*region*]
 #    Region for endpoint. Optional. Defaults to 'RegionOne'.
 #
@@ -76,6 +107,9 @@
 # [*tenant_user_v2*]
 #    Tenant for Cinder v2 user. Optional. Defaults to 'services'.
 #
+# [*tenant_user_v3*]
+#    Tenant for Cinder v3 user. Optional. Defaults to 'services'.
+#
 # [*public_url*]
 #   (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8776/v1/%(tenant_id)s')
 #   This url should *not* contain any trailing '/'.
@@ -100,6 +134,18 @@
 #   (optional) The v2 endpoint's admin url. (Defaults to 'http://127.0.0.1:8776/v2/%(tenant_id)s')
 #   This url should *not* contain any trailing '/'.
 #
+# [*public_url_v3*]
+#   (optional) The v3 endpoint's public url. (Defaults to 'http://127.0.0.1:8776/v3/%(tenant_id)s')
+#   This url should *not* contain any trailing '/'.
+#
+# [*internal_url_v3*]
+#   (optional) The v3 endpoint's internal url. (Defaults to 'http://127.0.0.1:8776/v3/%(tenant_id)s')
+#   This url should *not* contain any trailing '/'.
+#
+# [*admin_url_v3*]
+#   (optional) The v3 endpoint's admin url. (Defaults to 'http://127.0.0.1:8776/v3/%(tenant_id)s')
+#   This url should *not* contain any trailing '/'.
+#
 # === Examples
 #
 #  class { 'cinder::keystone::auth':
@@ -111,35 +157,49 @@
 class cinder::keystone::auth (
   $password,
   $password_user_v2       = undef,
+  $password_user_v3       = undef,
   $auth_name              = 'cinder',
   $auth_name_v2           = 'cinderv2',
+  $auth_name_v3           = 'cinderv3',
   $tenant                 = 'services',
   $tenant_user_v2         = 'services',
+  $tenant_user_v3         = 'services',
   $email                  = 'cinder@localhost',
   $email_user_v2          = 'cinderv2@localhost',
+  $email_user_v3          = 'cinderv3@localhost',
   $public_url             = 'http://127.0.0.1:8776/v1/%(tenant_id)s',
   $internal_url           = 'http://127.0.0.1:8776/v1/%(tenant_id)s',
   $admin_url              = 'http://127.0.0.1:8776/v1/%(tenant_id)s',
   $public_url_v2          = 'http://127.0.0.1:8776/v2/%(tenant_id)s',
   $internal_url_v2        = 'http://127.0.0.1:8776/v2/%(tenant_id)s',
   $admin_url_v2           = 'http://127.0.0.1:8776/v2/%(tenant_id)s',
+  $public_url_v3          = 'http://127.0.0.1:8776/v3/%(tenant_id)s',
+  $internal_url_v3        = 'http://127.0.0.1:8776/v3/%(tenant_id)s',
+  $admin_url_v3           = 'http://127.0.0.1:8776/v3/%(tenant_id)s',
   $configure_endpoint     = true,
   $configure_endpoint_v2  = true,
+  $configure_endpoint_v3  = true,
   $configure_user         = true,
   $configure_user_v2      = false,
+  $configure_user_v3      = false,
   $configure_user_role    = true,
   $configure_user_role_v2 = false,
+  $configure_user_role_v3 = false,
   $service_name           = undef,
   $service_name_v2        = undef,
+  $service_name_v3        = undef,
   $service_type           = 'volume',
   $service_type_v2        = 'volumev2',
+  $service_type_v3        = 'volumev3',
   $service_description    = 'Cinder Service',
   $service_description_v2 = 'Cinder Service v2',
+  $service_description_v3 = 'Cinder Service v3',
   $region                 = 'RegionOne',
 ) {
 
   $real_service_name = pick($service_name, $auth_name)
   $real_service_name_v2 = pick($service_name_v2, $auth_name_v2)
+  $real_service_name_v3 = pick($service_name_v3, $auth_name_v3)
 
   if $real_service_name == $real_service_name_v2 {
     fail('cinder::keystone::auth parameters service_name and service_name_v2 must be different.')
@@ -179,6 +239,23 @@ class cinder::keystone::auth (
     internal_url        => $internal_url_v2,
   }
 
+  keystone::resource::service_identity { 'cinderv3':
+    configure_user      => $configure_user_v3,
+    configure_user_role => $configure_user_role_v3,
+    configure_endpoint  => $configure_endpoint_v3,
+    service_type        => $service_type_v3,
+    service_description => $service_description_v3,
+    service_name        => $real_service_name_v3,
+    region              => $region,
+    auth_name           => $auth_name_v3,
+    password            => $password_user_v3,
+    email               => $email_user_v3,
+    tenant              => $tenant_user_v3,
+    public_url          => $public_url_v3,
+    admin_url           => $admin_url_v3,
+    internal_url        => $internal_url_v3,
+  }
+
   if $configure_user_role {
     Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'cinder-api' |>
     Keystone_user_role["${auth_name}@${tenant}"] -> Cinder::Type <| |>

spec/classes/cinder_keystone_auth_spec.rb

@@ -27,6 +27,10 @@ describe 'cinder::keystone::auth' do
         :ensure      => 'present',
         :description => 'Cinder Service v2'
       )
+      is_expected.to contain_keystone_service('cinderv3::volumev3').with(
+        :ensure      => 'present',
+        :description => 'Cinder Service v3'
+      )
 
     end
 
@@ -44,6 +48,13 @@ describe 'cinder::keystone::auth' do
         :admin_url    => 'http://127.0.0.1:8776/v2/%(tenant_id)s',
         :internal_url => 'http://127.0.0.1:8776/v2/%(tenant_id)s'
       )
+
+      is_expected.to contain_keystone_endpoint('RegionOne/cinderv3::volumev3').with(
+        :ensure       => 'present',
+        :public_url   => 'http://127.0.0.1:8776/v3/%(tenant_id)s',
+        :admin_url    => 'http://127.0.0.1:8776/v3/%(tenant_id)s',
+        :internal_url => 'http://127.0.0.1:8776/v3/%(tenant_id)s'
+      )
     end
   end
 
@@ -56,7 +67,10 @@ describe 'cinder::keystone::auth' do
          :internal_url    => 'https://10.0.42.3:4242/v41/%(tenant_id)s',
          :public_url_v2   => 'https://10.0.42.1:4242/v42/%(tenant_id)s',
          :admin_url_v2    => 'https://10.0.42.2:4242/v42/%(tenant_id)s',
-         :internal_url_v2 => 'https://10.0.42.3:4242/v42/%(tenant_id)s'
+         :internal_url_v2 => 'https://10.0.42.3:4242/v42/%(tenant_id)s',
+         :public_url_v3   => 'https://10.0.42.1:4242/v43/%(tenant_id)s',
+         :admin_url_v3    => 'https://10.0.42.2:4242/v43/%(tenant_id)s',
+         :internal_url_v3 => 'https://10.0.42.3:4242/v43/%(tenant_id)s'
        })
      end
 
@@ -74,6 +88,13 @@ describe 'cinder::keystone::auth' do
          :admin_url    => 'https://10.0.42.2:4242/v42/%(tenant_id)s',
          :internal_url => 'https://10.0.42.3:4242/v42/%(tenant_id)s'
        )
+
+       is_expected.to contain_keystone_endpoint('RegionThree/cinderv3::volumev3').with(
+         :ensure       => 'present',
+         :public_url   => 'https://10.0.42.1:4242/v43/%(tenant_id)s',
+         :admin_url    => 'https://10.0.42.2:4242/v43/%(tenant_id)s',
+         :internal_url => 'https://10.0.42.3:4242/v43/%(tenant_id)s'
+       )
      end
   end
 
@@ -81,11 +102,13 @@ describe 'cinder::keystone::auth' do
      before do
        params.merge!(
         :configure_endpoint    => false,
-        :configure_endpoint_v2 => false
+        :configure_endpoint_v2 => false,
+        :configure_endpoint_v3 => false
       )
     end
     it { is_expected.to_not contain_keystone_endpoint('RegionOne/cinder::volume') }
     it { is_expected.to_not contain_keystone_endpoint('RegionOne/cinderv2::volumev2') }
+    it { is_expected.to_not contain_keystone_endpoint('RegionOne/cinderv3::volumev3') }
   end
 
   describe 'when user is_expected.to not be configured' do
@@ -138,12 +161,30 @@ describe 'cinder::keystone::auth' do
 
   end
 
+  describe 'when user and user role for v3 is_expected.to be configured' do
+    before do
+       params.merge!(
+        :configure_user_v3      => true,
+        :configure_user_role_v3 => true,
+      )
+    end
+
+    it { is_expected.to contain_keystone__resource__service_identity('cinderv3').with(
+      :configure_user      => true,
+      :configure_user_role => true,
+      :email               => 'cinderv3@localhost',
+      :tenant              => 'services'
+    ) }
+
+  end
+
   describe 'when overriding service names' do
 
     before do
        params.merge!(
         :service_name    => 'cinder_service',
         :service_name_v2 => 'cinder_service_v2',
+        :service_name_v3 => 'cinder_service_v3',
       )
     end
 
@@ -151,8 +192,10 @@ describe 'cinder::keystone::auth' do
     it { is_expected.to contain_keystone_user_role('cinder@services') }
     it { is_expected.to contain_keystone_service('cinder_service::volume') }
     it { is_expected.to contain_keystone_service('cinder_service_v2::volumev2') }
+    it { is_expected.to contain_keystone_service('cinder_service_v3::volumev3') }
     it { is_expected.to contain_keystone_endpoint('RegionOne/cinder_service::volume') }
     it { is_expected.to contain_keystone_endpoint('RegionOne/cinder_service_v2::volumev2') }
+    it { is_expected.to contain_keystone_endpoint('RegionOne/cinder_service_v3::volumev3') }
 
   end
 

spec/classes/cinder_spec.rb

@@ -231,17 +231,19 @@ describe 'cinder' do
     it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
   end
 
-  describe 'with APIs set for Kilo (proposed)' do
+  describe 'with APIs set for Mitaka (proposed)' do
     let :params do
       {
         :enable_v1_api   => false,
         :enable_v2_api   => true,
+        :enable_v3_api   => true,
         :rabbit_password => 'guest',
       }
     end
 
     it { is_expected.to contain_cinder_config('DEFAULT/enable_v1_api').with_value(false) }
     it { is_expected.to contain_cinder_config('DEFAULT/enable_v2_api').with_value(true) }
+    it { is_expected.to contain_cinder_config('DEFAULT/enable_v3_api').with_value(true) }
 
   end