Allow more flexible definition of fetcher_keystone parameters
This change allows using different credentials for authtoken middleware and keystone fetcher. This is useful when credentials for different scopes are needed for these two modules. Change-Id: I5e103786b6c179e68bc54fa2b4b26bbdd2127e55
This commit is contained in:
parent
39c9ad822b
commit
4e6806f54f
|
@ -0,0 +1,78 @@
|
|||
# == Class: cloudkitty::fetcher::keystone
|
||||
#
|
||||
# Configure the fetcher_keystone parameters
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*auth_section*]
|
||||
# Config Section from which to load plugin specific options (string value)
|
||||
# Defaults to 'keystone_authtoken'. The default will be changed in
|
||||
# a future release.
|
||||
#
|
||||
# [*auth_url*]
|
||||
# (Optional) The URL to use for authentication.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*username*]
|
||||
# (Optional) The name of the service user
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*password*]
|
||||
# (Optional) Password to create for the service user
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*project_name*]
|
||||
# (Optional) Service project name
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*user_domain_name*]
|
||||
# (Optional) Name of domain for $username
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*project_domain_name*]
|
||||
# (Optional) Name of domain for $project_name
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*auth_type*]
|
||||
# (Optional) An authentication type to use with an OpenStack Identity server.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*keystone_version*]
|
||||
# (Optional) Keystone version to use.
|
||||
# Defaults to $::os_service_defaul.
|
||||
#
|
||||
class cloudkitty::fetcher::keystone (
|
||||
$auth_section = undef,
|
||||
$auth_url = $::os_service_default,
|
||||
$username = $::os_service_default,
|
||||
$password = $::os_service_default,
|
||||
$project_name = $::os_service_default,
|
||||
$user_domain_name = $::os_service_default,
|
||||
$project_domain_name = $::os_service_default,
|
||||
$auth_type = $::os_service_default,
|
||||
$keystone_version = $::os_service_default,
|
||||
) {
|
||||
|
||||
include cloudkitty::deps
|
||||
|
||||
if defined('$::cloudkitty::auth_section') and $::cloudkitty::auth_section {
|
||||
$auth_section_real = $::cloudkitty::auth_section
|
||||
} else {
|
||||
if $auth_section == undef {
|
||||
warning('Default of the auth_section parameter will be changed in a future release')
|
||||
}
|
||||
$auth_section_real = pick($auth_section, 'keystone_authtoken')
|
||||
}
|
||||
$keystone_version_real = pick($::cloudkitty::keystone_version, $keystone_version)
|
||||
|
||||
cloudkitty_config {
|
||||
'fetcher_keystone/auth_section': value => $auth_section_real;
|
||||
'fetcher_keystone/username': value => $username;
|
||||
'fetcher_keystone/password': value => $password, secret => true;
|
||||
'fetcher_keystone/project_name': value => $project_name;
|
||||
'fetcher_keystone/user_domain_name': value => $user_domain_name;
|
||||
'fetcher_keystone/project_domain_name': value => $project_domain_name;
|
||||
'fetcher_keystone/auth_url': value => $auth_url;
|
||||
'fetcher_keystone/keystone_version': value => $keystone_version_real;
|
||||
}
|
||||
}
|
|
@ -220,14 +220,6 @@
|
|||
# (Optional) Driver used to fetch tenant list.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*auth_section*]
|
||||
# (Optional) Config Section from which to load plugin specific options
|
||||
# Defaults to 'keystone_authtoken'
|
||||
#
|
||||
# [*keystone_version*]
|
||||
# (Optional) Keystone version to use.
|
||||
# Defaults to '3'
|
||||
#
|
||||
# [*metrics_config*]
|
||||
# (Optional) A hash of the metrics.yaml configuration.
|
||||
# Defaults to undef
|
||||
|
@ -243,6 +235,14 @@
|
|||
# (Optional) Accept clients using either SSL or plain TCP
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*auth_section*]
|
||||
# (Optional) Config Section from which to load plugin specific options
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*keystone_version*]
|
||||
# (Optional) Keystone version to use.
|
||||
# Defaults to undef
|
||||
#
|
||||
class cloudkitty(
|
||||
$package_ensure = 'present',
|
||||
$rabbit_use_ssl = $::os_service_default,
|
||||
|
@ -291,12 +291,12 @@ class cloudkitty(
|
|||
$storage_backend = $::os_service_default,
|
||||
$storage_version = $::os_service_default,
|
||||
$fetcher_backend = $::os_service_default,
|
||||
$auth_section = 'keystone_authtoken',
|
||||
$keystone_version = '3',
|
||||
Optional[Hash] $metrics_config = undef,
|
||||
# DEPRECATED PARAMETERS
|
||||
$tenant_fetcher_backend = undef,
|
||||
$amqp_allow_insecure_clients = undef,
|
||||
$auth_section = undef,
|
||||
$keystone_version = undef,
|
||||
) {
|
||||
|
||||
if $tenant_fetcher_backend != undef {
|
||||
|
@ -308,6 +308,14 @@ class cloudkitty(
|
|||
will be removed in a future release.')
|
||||
}
|
||||
|
||||
if $auth_section != undef {
|
||||
warning('The cloudkitty::auth_section parameter is deprecated. Use the cloudkitty::fetcher_keystone class')
|
||||
}
|
||||
if $keystone_version != undef {
|
||||
warning('The cloudkitty::keystone_version parameter is deprecated. Use the cloudkitty::fetcher_keystone class')
|
||||
}
|
||||
include cloudkitty::fetcher::keystone
|
||||
|
||||
include cloudkitty::params
|
||||
include cloudkitty::db
|
||||
include cloudkitty::deps
|
||||
|
@ -392,11 +400,6 @@ will be removed in a future release.')
|
|||
'fetcher/backend': value => $fetcher_backend;
|
||||
}
|
||||
|
||||
cloudkitty_config {
|
||||
'fetcher_keystone/auth_section': value => $auth_section;
|
||||
'fetcher_keystone/keystone_version': value => $keystone_version;
|
||||
}
|
||||
|
||||
if $metrics_config {
|
||||
file {'metrics.yml':
|
||||
ensure => present,
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
The new ``cloudkitty::fetcher::keystone`` class has been aded.
|
||||
|
||||
upgrade:
|
||||
- |
|
||||
Default of the ``cloudkitty::fetcher::keystone`` parameter will be updated
|
||||
in a future release. Please explicitly set the parameter or use new
|
||||
parameters to define keystone credentials.
|
||||
|
||||
deprecations:
|
||||
- |
|
||||
The following two parameters of the ``cloudkitty`` class have been
|
||||
deprecated and will be removed in a future release.
|
||||
|
||||
- ``auth_section``
|
||||
- ``keystone_version``
|
|
@ -0,0 +1,63 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'cloudkitty::fetcher::keystone' do
|
||||
|
||||
shared_examples_for 'cloudkitty::fetcher::keystone' do
|
||||
context 'with defaults' do
|
||||
let :params do
|
||||
{}
|
||||
end
|
||||
|
||||
it 'configures the fetcher_keystone parameters' do
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/auth_section').with_value('keystone_authtoken')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/username').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/project_name').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/user_domain_name').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/project_domain_name').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/auth_url').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/keystone_version').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with parameters set' do
|
||||
let :params do
|
||||
{
|
||||
:auth_section => '<SERVICE DEFAULT>',
|
||||
:username => 'cloudkitty',
|
||||
:password => 'cloudkitty_password',
|
||||
:project_name => 'service',
|
||||
:user_domain_name => 'Default',
|
||||
:project_domain_name => 'Default',
|
||||
:auth_url => 'http://127.0.0.1:5000',
|
||||
:keystone_version => 3,
|
||||
}
|
||||
end
|
||||
|
||||
it 'configures the fetcher_keystone parameters' do
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/auth_section').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/username').with_value('cloudkitty')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/password').with_value('cloudkitty_password').with_secret(true)
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/project_name').with_value('service')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/user_domain_name').with_value('Default')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/project_domain_name').with_value('Default')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/auth_url').with_value('http://127.0.0.1:5000')
|
||||
is_expected.to contain_cloudkitty_config('fetcher_keystone/keystone_version').with_value(3)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
context 'with default parameters' do
|
||||
it_behaves_like 'cloudkitty::fetcher::keystone'
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue