openstack/puppet-cinder
Code Issues Proposed changes

Merge "glance: Add support for service user options"

Browse Source
This commit is contained in:
Zuul
2025-10-13 13:58:52 +00:00
committed by Gerrit Code Review
parent bd033daa98 eb73df68a1
commit 84b18ae172
3 changed files with 190 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
manifests/glance.pp
View File

@@ -47,6 +47,67 @@
# (optional) Default core properties of image
# Defaults to $facts['os_service_default']
#
# [*cafile*]
# (optional) PEM encoded Certificate Authority to use
# when verifying HTTPs connections.
# Defaults to $facts['os_service_default']
#
# [*certfile*]
# (optional) PEM encoded client certificate cert file.
# Defaults to $facts['os_service_default']
#
# [*keyfile*]
# (optional) PEM encoded client certificate key file.
# Defaults to $facts['os_service_default']
#
# [*insecure*]
# (optional) Verify HTTPS connections.
# Defaults to $facts['os_service_default']
#
# [*timeout*]
# (optional) Timeout value for http requests.
# Defaults to $facts['os_service_default']
#
# [*collect_timing*]
# (optional) Collect per-API call timing information.
# Defaults to $facts['os_service_default']
#
# [*split_loggers*]
# (optional) Log requests to multiple loggers.
# Defaults to $facts['os_service_default']
#
# [*auth_type*]
# (optional) Authentication type to load.
# Defaults to undef
#
# [*auth_url*]
# (optional) Identity service url.
# Defaults to 'http://127.0.0.1:5000'
#
# [*username*]
# (optional) Glance admin username.
# Defaults to 'glance'
#
# [*password*]
# (optional) Nova admin password.
# Defaults to $facts['os_service_default']
#
# [*user_domain_name*]
# (optional) Glance admin user domain name.
# Defaults to 'Default'
#
# [*project_name*]
# (optional) Glance admin project name.
# Defaults to 'services'
#
# [*project_domain_name*]
# (optional) Glance admin project domain name.
# Defaults to 'Default'
#
# [*system_scope*]
# (optional) Scope for system operations
# Defaults to $facts['os_service_default']
#
# === Author(s)
#
# Emilien Macchi <emilien.macchi@enovance.com>
@@ -77,9 +138,32 @@ class cinder::glance (
$verify_glance_signatures = $facts['os_service_default'],
$glance_catalog_info = $facts['os_service_default'],
$glance_core_properties = $facts['os_service_default'],
$cafile = $facts['os_service_default'],
$certfile = $facts['os_service_default'],
$keyfile = $facts['os_service_default'],
$insecure = $facts['os_service_default'],
$timeout = $facts['os_service_default'],
$collect_timing = $facts['os_service_default'],
$split_loggers = $facts['os_service_default'],
$auth_type = undef,
$auth_url = 'http://127.0.0.1:5000',
$username = 'glance',
$password = $facts['os_service_default'],
$user_domain_name = 'Default',
$project_name = 'services',
$project_domain_name = 'Default',
$system_scope = $facts['os_service_default'],
) {
include cinder::deps
if $auth_type == undef {
warning("The auth_type parameter will defaults to 'password' in a future release. \
Make sure parameters such as password are properly set.")
$auth_type_real = $facts['os_service_default']
} else {
$auth_type_real = $auth_type
}
cinder_config {
'DEFAULT/glance_api_servers': value => join(any2array($glance_api_servers), ',');
'DEFAULT/glance_num_retries': value => $glance_num_retries;
@@ -91,4 +175,30 @@ class cinder::glance (
'DEFAULT/glance_catalog_info': value => $glance_catalog_info;
'DEFAULT/glance_core_properties': value => join(any2array($glance_core_properties), ',');
}
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $facts['os_service_default']
$project_domain_name_real = $facts['os_service_default']
}
cinder_config {
'glance/cafile': value => $cafile;
'glance/certfile': value => $certfile;
'glance/keyfile': value => $keyfile;
'glance/insecure': value => $insecure;
'glance/timeout': value => $timeout;
'glance/collect_timing': value => $collect_timing;
'glance/split_loggers': value => $split_loggers;
'glance/auth_type': value => $auth_type_real;
'glance/auth_url': value => $auth_url;
'glance/username': value => $username;
'glance/user_domain_name': value => $user_domain_name;
'glance/password': value => $password, secret => true;
'glance/project_name': value => $project_name_real;
'glance/project_domain_name': value => $project_domain_name_real;
'glance/system_scope': value => $system_scope;
}
}

11
releasenotes/notes/glance-service-user-cred-2ad9451a397def37.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
features:
- |
The ``glance::cinder`` class now supports parameters to configure options
for service-to-service communication between cinder and glance.
upgrade:
- |
The default value of ``glance::cinder::auth_type`` will be changed to
``password`` in the future release. Make sure the ``glance::cinder``
class parameters such as ``password`` is set properly.

80
spec/classes/cinder_glance_spec.rb
View File

@@ -21,11 +21,11 @@ require 'spec_helper'
describe 'cinder::glance' do
shared_examples 'cinder::glance' do
context 'with defaults' do
let :params do
{}
end
let :params do
{}
end
context 'with defaults' do
it 'configures cinder.conf with defaults' do
is_expected.to contain_cinder_config('DEFAULT/glance_api_servers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('DEFAULT/glance_num_retries').with_value('<SERVICE DEFAULT>')
@@ -36,12 +36,27 @@ describe 'cinder::glance' do
is_expected.to contain_cinder_config('DEFAULT/verify_glance_signatures').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('DEFAULT/glance_catalog_info').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('DEFAULT/glance_core_properties').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/collect_timing').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/split_loggers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/auth_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/auth_url').with_value('http://127.0.0.1:5000')
is_expected.to contain_cinder_config('glance/username').with_value('glance')
is_expected.to contain_cinder_config('glance/user_domain_name').with_value('Default')
is_expected.to contain_cinder_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_cinder_config('glance/project_name').with_value('services')
is_expected.to contain_cinder_config('glance/project_domain_name').with_value('Default')
is_expected.to contain_cinder_config('glance/system_scope').with_value('<SERVICE DEFAULT>')
end
end
context 'with parameters overridden' do
let :params do
{
before :each do
params.merge!({
:glance_api_servers => '10.0.0.1:9292',
:glance_num_retries => 3,
:glance_api_insecure => false,
@@ -51,10 +66,24 @@ describe 'cinder::glance' do
:verify_glance_signatures => true,
:glance_catalog_info => 'image:glance:publicURL',
:glance_core_properties => 'checksum',
}
:cafile => '/etc/ssl/certs/ca.crt',
:certfile => '/etc/ssl/certs/cert.crt',
:keyfile => '/etc/ssl/private/key.key',
:insecure => false,
:timeout => 30,
:collect_timing => true,
:split_loggers => true,
:auth_type => 'password',
:auth_url => 'http://127.0.0.2:5000',
:username => 'alt_glance',
:password => 'glancepass',
:user_domain_name => 'UserDomain',
:project_name => 'alt_service',
:project_domain_name => 'ProjectDomain',
})
end
it 'configures cinder.conf with defaults' do
it 'configures cinder.conf with overridden values' do
is_expected.to contain_cinder_config('DEFAULT/glance_api_servers').with_value('10.0.0.1:9292')
is_expected.to contain_cinder_config('DEFAULT/glance_num_retries').with_value('3')
is_expected.to contain_cinder_config('DEFAULT/glance_api_insecure').with_value(false)
@@ -64,16 +93,31 @@ describe 'cinder::glance' do
is_expected.to contain_cinder_config('DEFAULT/verify_glance_signatures').with_value(true)
is_expected.to contain_cinder_config('DEFAULT/glance_catalog_info').with_value('image:glance:publicURL')
is_expected.to contain_cinder_config('DEFAULT/glance_core_properties').with_value('checksum')
is_expected.to contain_cinder_config('glance/cafile').with_value('/etc/ssl/certs/ca.crt')
is_expected.to contain_cinder_config('glance/certfile').with_value('/etc/ssl/certs/cert.crt')
is_expected.to contain_cinder_config('glance/keyfile').with_value('/etc/ssl/private/key.key')
is_expected.to contain_cinder_config('glance/insecure').with_value(false)
is_expected.to contain_cinder_config('glance/timeout').with_value(30)
is_expected.to contain_cinder_config('glance/collect_timing').with_value(true)
is_expected.to contain_cinder_config('glance/split_loggers').with_value(true)
is_expected.to contain_cinder_config('glance/auth_type').with_value('password')
is_expected.to contain_cinder_config('glance/auth_url').with_value('http://127.0.0.2:5000')
is_expected.to contain_cinder_config('glance/username').with_value('alt_glance')
is_expected.to contain_cinder_config('glance/user_domain_name').with_value('UserDomain')
is_expected.to contain_cinder_config('glance/password').with_value('glancepass').with_secret(true)
is_expected.to contain_cinder_config('glance/project_name').with_value('alt_service')
is_expected.to contain_cinder_config('glance/project_domain_name').with_value('ProjectDomain')
is_expected.to contain_cinder_config('glance/system_scope').with_value('<SERVICE DEFAULT>')
end
end
context 'with parameters in array' do
let :params do
{
before :each do
params.merge!({
:glance_api_servers => ['10.0.0.1:9292','10.0.0.2:9292'],
:allowed_direct_url_schemes => [ 'file', 'cinder'],
:glance_core_properties => ['checksum', 'container_format'],
}
})
end
it 'should configure parameters in comma-separated list' do
@@ -82,6 +126,20 @@ describe 'cinder::glance' do
is_expected.to contain_cinder_config('DEFAULT/glance_core_properties').with_value('checksum,container_format')
end
end
context 'with system_scope set' do
before :each do
params.merge!({
:system_scope => 'all'
})
end
it {
is_expected.to contain_cinder_config('glance/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('glance/system_scope').with_value('all')
}
end
end
on_supported_os({