openstack/puppet-cinder
Code Issues Proposed changes

Remove old authtoken options

Browse Source 
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section

Change-Id: I7d833d2223a67e6226afc27c154011748e9747e4
This commit is contained in:
Iury Gregory Melo Ferreira
2016-11-05 15:44:52 -03:00
parent ae0b525f8a
commit ee082367f8
4 changed files with 41 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
manifests/api.pp
View File

@@ -146,36 +146,13 @@
# (optional) Type of authentication to be used.
# Defaults to 'keystone'
#
# [*osapi_volume_listen_port*]
# (optional) What port the API listens on. Defaults to $::os_service_default
# If this value is modified the catalog URLs in the keystone::auth class
# will also need to be changed to match.
#
# DEPRECATED PARAMETERS
#
# [*keystone_enabled*]
# (optional) Deprecated. Use auth_strategy instead.
# Defaults to undef
#
# [*keystone_tenant*]
# (optional) Deprecated. Use cinder::keystone::authtoken::project_name instead.
# Defaults to undef.
#
# [*keystone_user*]
# (optional) Deprecated. Use cinder::keystone::authtoken::username instead.
# Defaults to undef.
#
# [*keystone_password*]
# (optional) Deprecated. Use cinder::keystone::authtoken::password instead.
# Defaults to undef.
#
# [*identity_uri*]
# (optional) Deprecated. Use cinder::keystone::authtoken::auth_url instead.
# Defaults to undef.
#
# [*auth_uri*]
# (optional) Deprecated. Use cinder::keystone::authtoken::auth_uri instead.
# Defaults to undef.
#
# [*memcached_servers*]
# (Optional) Deprecated. Use cinder::keystone::authtoken::memcached_servers.
# Defaults to undef.
#
# [*validation_options*]
# (optional) Service validation options
# Should be a hash of options defined in openstacklib::service_validation
@@ -192,13 +169,7 @@
# try_sleep: 10
# Defaults to {}
#
# [*osapi_volume_listen_port*]
# (optional) What port the API listens on. Defaults to $::os_service_default
# If this value is modified the catalog URLs in the keystone::auth class
# will also need to be changed to match.
#
class cinder::api (
$keystone_enabled = true,
$nova_catalog_info = 'compute:Compute Service:publicURL',
$nova_catalog_admin_info = 'compute:Compute Service:adminURL',
$os_region_name = $::os_service_default,
@@ -234,12 +205,6 @@ class cinder::api (
$osapi_volume_listen_port = $::os_service_default,
# DEPRECATED PARAMETERS
$validation_options = {},
$keystone_tenant = undef,
$keystone_user = undef,
$keystone_password = undef,
$identity_uri = undef,
$auth_uri = undef,
$memcached_servers = undef,
) inherits cinder::params {
include ::cinder::deps
@@ -255,32 +220,6 @@ class cinder::api (
$key_file_real = pick($::cinder::key_file, $key_file)
$ca_file_real = pick($::cinder::ca_file, $ca_file)
if $identity_uri {
warning('cinder::api::identity_uri is deprecated, use cinder::keystone::authtoken::auth_url instead.')
}
if $auth_uri {
warning('cinder::api::auth_uri is deprecated, use cinder::keystone::authtoken::auth_uri instead.')
}
if $keystone_tenant {
warning('cinder::api::keystone_tenant is deprecated, use cinder::keystone::authtoken::project_name instead.')
}
if $keystone_user {
warning('cinder::api::keystone_user is deprecated, use cinder::keystone::authtoken::username instead.')
}
if $keystone_password {
warning('cinder::api::keystone_password is deprecated, use cinder::keystone::authtoken::password instead.')
}
if $memcached_servers {
warning('cinder::api::memcached_servers is deprecated, use cinder::keystone::authtoken::memcached_servers instead.')
}
if $keystone_enabled {
warning('keystone_enabled is deprecated, use auth_strategy instead.')
$auth_strategy_real = $keystone_enabled
} else {
$auth_strategy_real = $auth_strategy
}
if $use_ssl_real {
if is_service_default($cert_file_real) {
fail('The cert_file parameter is required when use_ssl is set to true')
@@ -382,7 +321,7 @@ running as a standalone service, or httpd for being run by a httpd server")
'barbican/auth_endpoint': value => $keymgr_encryption_auth_url;
}
if $auth_strategy_real {
if $auth_strategy == 'keystone' {
include ::cinder::keystone::authtoken
}
@@ -403,9 +342,9 @@ running as a standalone service, or httpd for being run by a httpd server")
}
if $validate {
$keystone_tenant_real = pick($keystone_tenant, $::cinder::keystone::authtoken::project_name)
$keystone_username_real = pick($keystone_user, $::cinder::keystone::authtoken::username)
$keystone_password_real = pick($keystone_password, $::cinder::keystone::authtoken::password)
$keystone_tenant_real = $::cinder::keystone::authtoken::project_name
$keystone_username_real = $::cinder::keystone::authtoken::username
$keystone_password_real = $::cinder::keystone::authtoken::password
$defaults = {
'cinder-api' => {

24
manifests/keystone/authtoken.pp
View File

@@ -82,12 +82,12 @@
# server and ignore it if not. "strict" like "permissive" but if the bind
# type is unknown the token will be rejected. "required" any form of token
# binding is needed to be allowed. Finally the name of a binding method that
# must be present in tokens. String value.
# Defaults to $::os_service_default.
#
# [*hash_algorithms*]
# (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
# single algorithm or multiple. The algorithms are those supported by Python
# must be present in tokens. String value.
# standard hashlib.new(). The hashes will be tried in the order given, so put
# the preferred one first for performance. The result of the first hash will
# be stored in the cache. This will typically be set to multiple values only
@@ -230,23 +230,16 @@ class cinder::keystone::authtoken(
include ::cinder::deps
if is_service_default($password) and ! $::cinder::api::keystone_password {
if is_service_default($password) {
fail('Please set password for cinder service user')
}
$username_real = pick($::cinder::api::keystone_user,$username)
$password_real = pick($::cinder::api::keystone_password,$password)
$project_name_real = pick($::cinder::api::keystone_tenant,$project_name)
$auth_uri_real = pick($::cinder::api::auth_uri,$auth_uri)
$auth_url_real = pick($::cinder::api::identity_uri,$auth_url)
$memcached_servers_real = pick($::cinder::api::memcached_servers,$memcached_servers)
keystone::resource::authtoken { 'cinder_config':
username => $username_real,
password => $password_real,
project_name => $project_name_real,
auth_url => $auth_url_real,
auth_uri => $auth_uri_real,
username => $username,
password => $password,
project_name => $project_name,
auth_url => $auth_url,
auth_uri => $auth_uri,
auth_version => $auth_version,
auth_type => $auth_type,
auth_section => $auth_section,
@@ -272,11 +265,10 @@ class cinder::keystone::authtoken(
memcache_security_strategy => $memcache_security_strategy,
memcache_use_advanced_pool => $memcache_use_advanced_pool,
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
memcached_servers => $memcached_servers_real,
memcached_servers => $memcached_servers,
region_name => $region_name,
revocation_cache_time => $revocation_cache_time,
signing_dir => $signing_dir,
token_cache_time => $token_cache_time,
}
}

9
releasenotes/notes/remove_old_authtoken_options-e619dc4773a373af.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
other:
- removed deprecated cinder::api::keystone_user
- removed deprecated cinder::api::keystone_password
- removed deprecated cinder::api::keystone_tenant
- removed deprecated cinder::api::auth_uri
- removed deprecated cinder::api::identity_uri
- removed deprecated cinder::api::memcached_servers
- removed deprecated cinder::api::keystone_enabled

62
spec/classes/cinder_api_spec.rb
View File

@@ -3,8 +3,14 @@ require 'spec_helper'
describe 'cinder::api' do
shared_examples_for 'cinder api' do
let :pre_condition do
"class { '::cinder::keystone::authtoken':
password => 'foo',
}"
end
let :req_params do
{:keystone_password => 'foo'}
{}
end
describe 'with only required params' do
@@ -46,22 +52,6 @@ describe 'cinder::api' do
is_expected.to contain_cinder_config('DEFAULT/os_region_name').with(
:value => '<SERVICE DEFAULT>'
)
is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with(
:value => 'http://localhost:5000'
)
is_expected.to contain_cinder_config('keystone_authtoken/auth_url').with(
:value => 'http://localhost:35357'
)
is_expected.to contain_cinder_config('keystone_authtoken/project_name').with(
:value => 'services'
)
is_expected.to contain_cinder_config('keystone_authtoken/username').with(
:value => 'cinder'
)
is_expected.to contain_cinder_config('keystone_authtoken/password').with(
:value => 'foo'
)
is_expected.to contain_cinder_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_password').with_value('<SERVICE DEFAULT>')
@@ -86,22 +76,6 @@ describe 'cinder::api' do
it { is_expected.to contain_cinder_config('DEFAULT/nova_catalog_info').with_value('compute:nova:publicURL') }
end
describe 'without deprecated keystone_authtoken parameters' do
let :params do
req_params.merge({
'keystone_user' => 'dummy',
'keystone_tenant' => 'mytenant',
'identity_uri' => 'https://127.0.0.1:35357/deprecated',
'auth_uri' => 'https://127.0.0.1:5000/deprecated',
})
end
it { is_expected.to contain_cinder_config('keystone_authtoken/auth_url').with_value('https://127.0.0.1:35357/deprecated') }
it { is_expected.to contain_cinder_config('keystone_authtoken/username').with_value('dummy') }
it { is_expected.to contain_cinder_config('keystone_authtoken/project_name').with_value('mytenant') }
it { is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with_value('https://127.0.0.1:5000/deprecated') }
end
describe 'with a custom region for nova' do
let :params do
req_params.merge({'os_region_name' => 'MyRegion'})
@@ -218,7 +192,6 @@ describe 'cinder::api' do
describe 'with sync_db set to false' do
let :params do
{
:keystone_password => 'dummy',
:enabled => true,
:sync_db => false,
}
@@ -309,17 +282,6 @@ describe 'cinder::api' do
)}
end
describe "with deprecated memcached servers for keystone authtoken" do
let :params do
req_params.merge({
:memcached_servers => '1.1.1.1:11211',
})
end
it 'configures memcached servers' do
is_expected.to contain_cinder_config('keystone_authtoken/memcached_servers').with_value('1.1.1.1:11211')
end
end
describe 'with a custom osapi_max_limit' do
let :params do
req_params.merge({'osapi_max_limit' => '10000'})
@@ -337,7 +299,10 @@ describe 'cinder::api' do
let :pre_condition do
"include ::apache
class { 'cinder': rabbit_password => 'secret' }"
class { 'cinder': rabbit_password => 'secret' }
class { '::cinder::keystone::authtoken':
password => 'foo',
}"
end
it 'configures cinder-api service with Apache' do
@@ -356,7 +321,10 @@ describe 'cinder::api' do
let :pre_condition do
"include ::apache
class { 'cinder': rabbit_password => 'secret' }"
class { 'cinder': rabbit_password => 'secret' }
class { '::cinder::keystone::authtoken':
password => 'foo',
}"
end
it_raises 'a Puppet::Error', /Invalid service_name/