Allow more flexible definition of fetcher_keystone parameters

This change allows using different credentials for authtoken middleware and keystone fetcher. This is useful when credentials for different scopes are needed for these two modules. Change-Id: I5e103786b6c179e68bc54fa2b4b26bbdd2127e55
2021-10-31 17:57:15 +09:00 · 2021-10-31 17:57:15 +09:00 · 4e6806f54f
parent 39c9ad822b
commit 4e6806f54f
4 changed files with 177 additions and 15 deletions
--- a/manifests/fetcher/keystone.pp
+++ b/manifests/fetcher/keystone.pp
@ -0,0 +1,78 @@
+# == Class: cloudkitty::fetcher::keystone
+#
+# Configure the fetcher_keystone parameters
+#
+# === Parameters
+#
+# [*auth_section*]
+#  Config Section from which to load plugin specific options (string value)
+#  Defaults to 'keystone_authtoken'. The default will be changed in
+#  a future release.
+#
+# [*auth_url*]
+#  (Optional) The URL to use for authentication.
+#  Defaults to $::os_service_default.
+#
+# [*username*]
+#  (Optional) The name of the service user
+#  Defaults to $::os_service_default.
+#
+# [*password*]
+#  (Optional) Password to create for the service user
+#  Defaults to $::os_service_default.
+#
+# [*project_name*]
+#  (Optional) Service project name
+#  Defaults to $::os_service_default.
+#
+# [*user_domain_name*]
+#  (Optional) Name of domain for $username
+#  Defaults to $::os_service_default.
+#
+# [*project_domain_name*]
+#  (Optional) Name of domain for $project_name
+#  Defaults to $::os_service_default.
+#
+# [*auth_type*]
+#  (Optional) An authentication type to use with an OpenStack Identity server.
+#  Defaults to $::os_service_default.
+#
+# [*keystone_version*]
+#  (Optional) Keystone version to use.
+#  Defaults to $::os_service_defaul.
+#
+class cloudkitty::fetcher::keystone (
+  $auth_section        = undef,
+  $auth_url            = $::os_service_default,
+  $username            = $::os_service_default,
+  $password            = $::os_service_default,
+  $project_name        = $::os_service_default,
+  $user_domain_name    = $::os_service_default,
+  $project_domain_name = $::os_service_default,
+  $auth_type           = $::os_service_default,
+  $keystone_version    = $::os_service_default,
+) {
+
+  include cloudkitty::deps
+
+  if defined('$::cloudkitty::auth_section') and $::cloudkitty::auth_section {
+    $auth_section_real = $::cloudkitty::auth_section
+  } else {
+    if $auth_section == undef {
+      warning('Default of the auth_section parameter will be changed in a future release')
+    }
+    $auth_section_real = pick($auth_section, 'keystone_authtoken')
+  }
+  $keystone_version_real = pick($::cloudkitty::keystone_version, $keystone_version)
+
+  cloudkitty_config {
+    'fetcher_keystone/auth_section':        value => $auth_section_real;
+    'fetcher_keystone/username':            value => $username;
+    'fetcher_keystone/password':            value => $password, secret => true;
+    'fetcher_keystone/project_name':        value => $project_name;
+    'fetcher_keystone/user_domain_name':    value => $user_domain_name;
+    'fetcher_keystone/project_domain_name': value => $project_domain_name;
+    'fetcher_keystone/auth_url':            value => $auth_url;
+    'fetcher_keystone/keystone_version':    value => $keystone_version_real;
+  }
+}
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -220,14 +220,6 @@
 #   (Optional) Driver used to fetch tenant list.
 #   Defaults to $::os_service_default.
 #
-# [*auth_section*]
-#   (Optional) Config Section from which to load plugin specific options
-#   Defaults to 'keystone_authtoken'
-#
-# [*keystone_version*]
-#   (Optional) Keystone version to use.
-#   Defaults to '3'
-#
 # [*metrics_config*]
 #   (Optional) A hash of the metrics.yaml configuration.
 #   Defaults to undef
@ -243,6 +235,14 @@
 #   (Optional) Accept clients using either SSL or plain TCP
 #   Defaults to undef.
 #
+# [*auth_section*]
+#   (Optional) Config Section from which to load plugin specific options
+#   Defaults to undef
+#
+# [*keystone_version*]
+#   (Optional) Keystone version to use.
+#   Defaults to undef
+#
 class cloudkitty(
  $package_ensure                     = 'present',
  $rabbit_use_ssl                     = $::os_service_default,
@ -291,12 +291,12 @@ class cloudkitty(
  $storage_backend                    = $::os_service_default,
  $storage_version                    = $::os_service_default,
  $fetcher_backend                    = $::os_service_default,
-  $auth_section                       = 'keystone_authtoken',
-  $keystone_version                   = '3',
  Optional[Hash] $metrics_config      = undef,
  # DEPRECATED PARAMETERS
  $tenant_fetcher_backend             = undef,
  $amqp_allow_insecure_clients        = undef,
+  $auth_section                       = undef,
+  $keystone_version                   = undef,
 ) {

  if $tenant_fetcher_backend != undef {
@ -308,6 +308,14 @@ class cloudkitty(
 will be removed in a future release.')
  }

+  if $auth_section != undef {
+    warning('The cloudkitty::auth_section parameter is deprecated. Use the cloudkitty::fetcher_keystone class')
+  }
+  if $keystone_version != undef {
+    warning('The cloudkitty::keystone_version parameter is deprecated. Use the cloudkitty::fetcher_keystone class')
+  }
+  include cloudkitty::fetcher::keystone
+
  include cloudkitty::params
  include cloudkitty::db
  include cloudkitty::deps
@ -392,11 +400,6 @@ will be removed in a future release.')
    'fetcher/backend': value => $fetcher_backend;
  }

-  cloudkitty_config {
-    'fetcher_keystone/auth_section':     value => $auth_section;
-    'fetcher_keystone/keystone_version': value => $keystone_version;
-  }
-
  if $metrics_config {
    file {'metrics.yml':
      ensure                  => present,
--- a/releasenotes/notes/fetcher_keystone-4ed116e2b11a1a0e.yaml
+++ b/releasenotes/notes/fetcher_keystone-4ed116e2b11a1a0e.yaml
@ -0,0 +1,18 @@
+---
+features:
+  - |
+    The new ``cloudkitty::fetcher::keystone`` class has been aded.
+
+upgrade:
+  - |
+    Default of the ``cloudkitty::fetcher::keystone`` parameter will be updated
+    in a future release. Please explicitly set the parameter or use new
+    parameters to define keystone credentials.
+
+deprecations:
+  - |
+    The following two parameters of the ``cloudkitty`` class have been
+    deprecated and will be removed in a future release.
+
+    - ``auth_section``
+    - ``keystone_version``
--- a/spec/classes/cloudkitty_fetcher_keystone_spec.rb
+++ b/spec/classes/cloudkitty_fetcher_keystone_spec.rb
@ -0,0 +1,63 @@
+require 'spec_helper'
+
+describe 'cloudkitty::fetcher::keystone' do
+
+  shared_examples_for 'cloudkitty::fetcher::keystone' do
+    context 'with defaults' do
+      let :params do
+        {}
+      end
+
+      it 'configures the fetcher_keystone parameters' do
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/auth_section').with_value('keystone_authtoken')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/username').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/password').with_value('<SERVICE DEFAULT>').with_secret(true)
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/project_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/user_domain_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/project_domain_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/auth_url').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/keystone_version').with_value('<SERVICE DEFAULT>')
+      end
+    end
+
+    context 'with parameters set' do
+      let :params do
+        {
+          :auth_section        => '<SERVICE DEFAULT>',
+          :username            => 'cloudkitty',
+          :password            => 'cloudkitty_password',
+          :project_name        => 'service',
+          :user_domain_name    => 'Default',
+          :project_domain_name => 'Default',
+          :auth_url            => 'http://127.0.0.1:5000',
+          :keystone_version    => 3,
+        }
+      end
+
+      it 'configures the fetcher_keystone parameters' do
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/auth_section').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/username').with_value('cloudkitty')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/password').with_value('cloudkitty_password').with_secret(true)
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/project_name').with_value('service')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/user_domain_name').with_value('Default')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/project_domain_name').with_value('Default')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/auth_url').with_value('http://127.0.0.1:5000')
+        is_expected.to contain_cloudkitty_config('fetcher_keystone/keystone_version').with_value(3)
+      end
+    end
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      context 'with default parameters' do
+        it_behaves_like 'cloudkitty::fetcher::keystone'
+      end
+    end
+  end
+end