diff --git a/manifests/api.pp b/manifests/api.pp
index 0155dccb..b84e5a6c 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -19,21 +19,6 @@
# (optional) The name of the auth user
# Defaults to cinder
#
-# [*keystone_auth_host*]
-# (optional) DEPRECATED The keystone host
-# Defaults to localhost
-# Use auth_uri instead.
-#
-# [*keystone_auth_port*]
-# (optional) DEPRECATED The keystone auth port
-# Defaults to 35357
-# Use auth_uri instead.
-#
-# [*keystone_auth_protocol*]
-# (optional) DEPRECATED The protocol used to access the auth host
-# Defaults to http.
-# Use auth_uri instead.
-#
# [*privileged_user*]
# (optional) Enables OpenStack privileged account.
# Defaults to false.
@@ -76,29 +61,13 @@
# (optional) Same as nova_catalog_info, but for admin endpoint.
# Defaults to 'compute:Compute Service:adminURL'
#
-# [*keystone_auth_admin_prefix*]
-# (optional) DEPRECATED The admin_prefix used to admin endpoint of the auth
-# host. This allow admin auth URIs like http://auth_host:35357/keystone.
-# (where '/keystone' is the admin prefix)
-# Defaults to false for empty. If defined, should be a string with a
-# leading '/' and no trailing '/'.
-# Use auth_uri instead.
-#
-# [*keystone_auth_uri*]
-# (optional) DEPRECATED Renamed to auth_uri
-# Defaults to 'false'.
-#
# [*auth_uri*]
# (optional) Public Identity API endpoint.
-# Defaults to 'false'.
+# Defaults to 'http://localhost:5000/'.
#
# [*identity_uri*]
# (optional) Complete admin Identity API endpoint.
-# Defaults to: false
-#
-# [*service_port*]
-# (optional) DEPRECATED The Keystone public api port
-# Defaults to 5000
+# Defaults to: 'http://localhost:35357/'.
#
# [*service_workers*]
# (optional) Number of cinder-api workers
@@ -164,8 +133,8 @@ class cinder::api (
$keystone_enabled = true,
$keystone_tenant = 'services',
$keystone_user = 'cinder',
- $auth_uri = false,
- $identity_uri = false,
+ $auth_uri = 'http://localhost:5000/',
+ $identity_uri = 'http://localhost:35357/',
$nova_catalog_info = 'compute:Compute Service:publicURL',
$nova_catalog_admin_info = 'compute:Compute Service:adminURL',
$os_region_name = $::os_service_default,
@@ -188,12 +157,6 @@ class cinder::api (
$sync_db = true,
# DEPRECATED PARAMETERS
$validation_options = {},
- $keystone_auth_uri = false,
- $keystone_auth_host = 'localhost',
- $keystone_auth_port = '35357',
- $keystone_auth_protocol = 'http',
- $keystone_auth_admin_prefix = false,
- $service_port = '5000',
) {
include ::cinder::params
@@ -268,25 +231,10 @@ class cinder::api (
'DEFAULT/os_privileged_user_auth_url': value => $os_privileged_user_auth_url;
}
-
- if $keystone_auth_uri and $auth_uri {
- fail('both keystone_auth_uri and auth_uri are set and they have the same meaning')
- }
- elsif !$keystone_auth_uri and !$auth_uri {
- warning('use of keystone_auth_protocol, keystone_auth_host, and service_port is deprecated, please set auth_uri directly')
- $auth_uri_real = "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/"
- }
- elsif $keystone_auth_uri {
- warning('keystone_auth_uri has been renamed to auth_uri')
- $auth_uri_real = $keystone_auth_uri
- }
- else {
- $auth_uri_real = $auth_uri
- }
-
cinder_config {
- 'keystone_authtoken/auth_uri': value => $auth_uri_real;
- 'keymgr/encryption_auth_url' : value => $keymgr_encryption_auth_url;
+ 'keystone_authtoken/auth_uri' : value => $auth_uri;
+ 'keystone_authtoken/identity_uri' : value => $identity_uri;
+ 'keymgr/encryption_auth_url' : value => $keymgr_encryption_auth_url;
}
if $keystone_enabled {
@@ -296,75 +244,6 @@ class cinder::api (
'keystone_authtoken/admin_user': value => $keystone_user;
'keystone_authtoken/admin_password': value => $keystone_password, secret => true;
}
-
-
- # if both auth_uri and identity_uri are set we skip these deprecated settings entirely
- if !$auth_uri or !$identity_uri {
- if $keystone_auth_host {
- warning('The keystone_auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
- cinder_config {
- 'keystone_authtoken/auth_host': value => $keystone_auth_host;
- }
- } else {
- cinder_config {
- 'keystone_authtoken/auth_host': ensure => absent;
- }
- }
-
- if $keystone_auth_protocol {
- warning('The keystone_auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
- cinder_config {
- 'keystone_authtoken/auth_protocol': value => $keystone_auth_protocol;
- }
- } else {
- cinder_config {
- 'keystone_authtoken/auth_protocol': ensure => absent;
- }
- }
-
- if $keystone_auth_port {
- warning('The keystone_auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
- cinder_config {
- 'keystone_authtoken/auth_port': value => $keystone_auth_port;
- }
- } else {
- cinder_config {
- 'keystone_authtoken/auth_port': ensure => absent;
- }
- }
-
- if $keystone_auth_admin_prefix {
- warning('The keystone_auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
- validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$')
- cinder_api_paste_ini {
- 'filter:authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix;
- }
- } else {
- cinder_api_paste_ini {
- 'filter:authtoken/auth_admin_prefix': ensure => absent;
- }
- }
- }
- else {
- cinder_api_paste_ini {
- 'filter:authtoken/auth_admin_prefix': ensure => absent;
- }
- cinder_config {
- 'keystone_authtoken/auth_port': ensure => absent;
- 'keystone_authtoken/auth_host': ensure => absent;
- 'keystone_authtoken/auth_protocol': ensure => absent;
- }
- }
- }
-
- if $identity_uri {
- cinder_config {
- 'keystone_authtoken/identity_uri': value => $identity_uri;
- }
- } else {
- cinder_config {
- 'keystone_authtoken/identity_uri': ensure => absent;
- }
}
if (!is_service_default($ratelimits)) {
@@ -377,7 +256,7 @@ class cinder::api (
if $validate {
$defaults = {
'cinder-api' => {
- 'command' => "cinder --os-auth-url ${auth_uri_real} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} list",
+ 'command' => "cinder --os-auth-url ${auth_uri} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} list",
}
}
$validation_options_hash = merge ($defaults, $validation_options)
diff --git a/spec/classes/cinder_api_spec.rb b/spec/classes/cinder_api_spec.rb
index 20ba3964..c7d52921 100644
--- a/spec/classes/cinder_api_spec.rb
+++ b/spec/classes/cinder_api_spec.rb
@@ -48,6 +48,9 @@ describe 'cinder::api' do
is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with(
:value => 'http://localhost:5000/'
)
+ is_expected.to contain_cinder_config('keystone_authtoken/identity_uri').with(
+ :value => 'http://localhost:35357/'
+ )
is_expected.to contain_cinder_config('keystone_authtoken/admin_tenant_name').with(
:value => 'services'
)
@@ -57,27 +60,6 @@ describe 'cinder::api' do
is_expected.to contain_cinder_config('keystone_authtoken/admin_password').with(
:value => 'foo'
)
- is_expected.to contain_cinder_config('keystone_authtoken/auth_protocol').with(
- :value => 'http'
- )
- is_expected.to contain_cinder_config('keystone_authtoken/auth_host').with(
- :value => 'localhost'
- )
- is_expected.to contain_cinder_config('keystone_authtoken/auth_port').with(
- :value => '35357'
- )
- is_expected.not_to contain_cinder_config('keystone_authtoken/service_protocol').with(
- :value => 'http'
- )
- is_expected.not_to contain_cinder_config('keystone_authtoken/service_host').with(
- :value => 'localhost'
- )
- is_expected.not_to contain_cinder_config('keystone_authtoken/service_port').with(
- :value => '5000'
- )
- is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix').with(
- :ensure => 'absent'
- )
is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_password').with_value('<SERVICE DEFAULT>')
@@ -189,17 +171,6 @@ describe 'cinder::api' do
end
end
- describe 'with custom auth_uri' do
- let :params do
- req_params.merge({'keystone_auth_uri' => 'http://localhost:8080/v2.0/'})
- end
- it 'should configure cinder auth_uri correctly' do
- is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with(
- :value => 'http://localhost:8080/v2.0/'
- )
- end
- end
-
describe 'with only required params' do
let :params do
req_params.merge({'bind_host' => '192.168.1.3'})
@@ -222,53 +193,6 @@ describe 'cinder::api' do
it { is_expected.not_to contain_class('cinder::db::sync') }
end
- [ '/keystone', '/keystone/admin' ].each do |keystone_auth_admin_prefix|
- describe "with keystone_auth_admin_prefix containing correct value #{keystone_auth_admin_prefix}" do
- let :params do
- {
- :keystone_auth_admin_prefix => keystone_auth_admin_prefix,
- :keystone_password => 'dummy'
- }
- end
-
- it { is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix').with(
- :value => "#{keystone_auth_admin_prefix}"
- )}
- end
- end
-
- describe "with keystone_auth_admin_prefix containing correct value ''" do
- let :params do
- {
- :keystone_auth_admin_prefix => '',
- :keystone_password => 'dummy'
- }
- end
-
- it { is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix')}
- end
-
- [
- '/keystone/',
- 'keystone/',
- 'keystone',
- '/keystone/admin/',
- 'keystone/admin/',
- 'keystone/admin'
- ].each do |keystone_auth_admin_prefix|
- describe "with keystone_auth_admin_prefix containing incorrect value #{keystone_auth_admin_prefix}" do
- let :params do
- {
- :keystone_auth_admin_prefix => keystone_auth_admin_prefix,
- :keystone_password => 'dummy'
- }
- end
-
- it { expect { is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix') }.to \
- raise_error(Puppet::Error, /validate_re\(\): "#{keystone_auth_admin_prefix}" does not match/) }
- end
- end
-
describe 'with enabled false' do
let :params do
req_params.merge({'enabled' => false})
@@ -356,30 +280,13 @@ describe 'cinder::api' do
let :params do
req_params.merge({
:identity_uri => 'https://localhost:35357/',
- :auth_uri => 'https://localhost:5000/v2.0/',
+ :auth_uri => 'https://localhost:5000/',
})
end
it 'configures identity_uri and auth_uri but deprecates old auth settings' do
is_expected.to contain_cinder_config('keystone_authtoken/identity_uri').with_value("https://localhost:35357/")
- is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with_value("https://localhost:5000/v2.0/")
- is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix').with(:ensure => 'absent')
- is_expected.to contain_cinder_config('keystone_authtoken/auth_port').with(:ensure => 'absent')
- is_expected.not_to contain_cinder_config('keystone_authtoken/service_port').with(:ensure => 'absent')
- is_expected.to contain_cinder_config('keystone_authtoken/auth_protocol').with(:ensure => 'absent')
- is_expected.not_to contain_cinder_config('keystone_authtoken/service_protocol').with(:ensure => 'absent')
- is_expected.to contain_cinder_config('keystone_authtoken/auth_host').with(:ensure => 'absent')
- is_expected.not_to contain_cinder_config('keystone_authtoken/service_host').with(:ensure => 'absent')
+ is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with_value("https://localhost:5000/")
end
end
- describe 'when someone sets keystone_auth_uri and auth_uri' do
- let :params do
- req_params.merge({
- :keystone_auth_uri => 'http://thisis',
- :auth_uri => 'http://broken',
- })
- end
-
- it_raises 'a Puppet::Error', /both keystone_auth_uri and auth_uri are set and they have the same meaning/
- end
end