puppet-glance/lib/puppet/provider/glance.rb

105 lines
3.9 KiB
Ruby
Raw Normal View History

# Since there's only one glance type for now,
# this probably could have all gone in the provider file.
# But maybe this is good long-term.
require 'puppet/util/inifile'
Use OpenstackClient for glance_image auth This patch changes the glance_image provider to use puppet-openstacklib's authentication methods, which use python-openstackclient as an interface, instead of the glance command line client. The benefits of this is: - Code reduction. This patch reduces the amount of code in the glance parent provider and glance_image provider by reusing code from Puppet::Provider::Openstack instead of implementing authentication, retries, and response parsing in the provider. - Presumed reduction in sudden API changes that require quick fixes in this module, such as f377c0229c006b02f43a14be4979553e983cb98e. - Ability to set project-based access control for images Additional reasoning for this change is in the blueprint. Important note: this change does not work on Ubuntu under Juno due to a major bug in the version of python-openstackclient shipped in UCA [1]. This change targets the Kilo releases. Note about performance: the self.instances and instances methods make API requests for each image found in the list of instances. This is not a change from how this was implemented before. The --long formatted list, either from the glance client or openstackclient, does not provide all information needed to query an instance and populate setters. Future patches could possibly improve on this. Other details of this change: - Removes auth_glance method, replaced by the request and glance_request methods - Removes auth_glance_stdin method which was not being used - Removes parse_table which is now unnecessary because openstackclient formats its responses as CSV and Puppet::Provider::Openstack#request returns the results a hash - Removes remove_warnings methods which are handled by Puppet::Provider::Openstack#request - Removes list_glance_images and get_glance_image_attr which are sufficiently replaced by using the 'list' and 'show' commands with Puppet::Provider::Openstack's request method. - Removed self.prefetch since we can't populate auth parameters during a prefetch. Instead we prepopulate the list via the instances method. - Added a flush method to do updates more efficiently - Changed is_public property to accept true/false in addition to yes/no and to munge to a symbol instead of a capitalized string, for consistency with keystone_tenant's enabled property - Move the reset method into the spec tests since it is only necessary for testing - Added tests for glance_image, which did not exist before - Removed connection retry test since this is taken care of in openstacklib [1] https://bugs.launchpad.net/python-openstackclient/+bug/1269821 blueprint use-openstackclient-in-module-resources Change-Id: Iceab5e1c6138e7aba0f883ed4acb8f7ecbcd2830
2015-04-10 21:24:32 +00:00
require 'puppet/provider/openstack'
require 'puppet/provider/openstack/auth'
require 'puppet/provider/openstack/credentials'
class Puppet::Provider::Glance < Puppet::Provider::Openstack
extend Puppet::Provider::Openstack::Auth
def self.request(service, action, properties=nil)
begin
super
rescue Puppet::Error::OpenstackAuthInputError => error
glance_request(service, action, error, properties)
end
end
def self.glance_request(service, action, error, properties=nil)
@credentials.username = glance_credentials['admin_user']
@credentials.password = glance_credentials['admin_password']
@credentials.project_name = glance_credentials['admin_tenant_name']
@credentials.auth_url = auth_endpoint
raise error unless @credentials.set?
Puppet::Provider::Openstack.request(service, action, properties, @credentials)
end
def self.glance_credentials
@glance_credentials ||= get_glance_credentials
end
def self.get_glance_credentials
if glance_file and glance_file['keystone_authtoken'] and
glance_file['keystone_authtoken']['auth_host'] and
glance_file['keystone_authtoken']['auth_port'] and
glance_file['keystone_authtoken']['auth_protocol'] and
glance_file['keystone_authtoken']['admin_tenant_name'] and
glance_file['keystone_authtoken']['admin_user'] and
glance_file['keystone_authtoken']['admin_password'] and
glance_file['glance_store']['os_region_name']
g = {}
g['auth_host'] = glance_file['keystone_authtoken']['auth_host'].strip
g['auth_port'] = glance_file['keystone_authtoken']['auth_port'].strip
g['auth_protocol'] = glance_file['keystone_authtoken']['auth_protocol'].strip
g['admin_tenant_name'] = glance_file['keystone_authtoken']['admin_tenant_name'].strip
g['admin_user'] = glance_file['keystone_authtoken']['admin_user'].strip
g['admin_password'] = glance_file['keystone_authtoken']['admin_password'].strip
g['os_region_name'] = glance_file['glance_store']['os_region_name'].strip
# auth_admin_prefix not required to be set.
g['auth_admin_prefix'] = (glance_file['keystone_authtoken']['auth_admin_prefix'] || '').strip
return g
elsif glance_file and glance_file['keystone_authtoken'] and
glance_file['keystone_authtoken']['identity_uri'] and
glance_file['keystone_authtoken']['admin_tenant_name'] and
glance_file['keystone_authtoken']['admin_user'] and
glance_file['keystone_authtoken']['admin_password'] and
glance_file['glance_store']['os_region_name']
g = {}
g['identity_uri'] = glance_file['keystone_authtoken']['identity_uri'].strip
g['admin_tenant_name'] = glance_file['keystone_authtoken']['admin_tenant_name'].strip
g['admin_user'] = glance_file['keystone_authtoken']['admin_user'].strip
g['admin_password'] = glance_file['keystone_authtoken']['admin_password'].strip
g['os_region_name'] = glance_file['glance_store']['os_region_name'].strip
return g
else
raise(Puppet::Error, 'File: /etc/glance/glance-api.conf does not contain all required sections.')
end
end
def self.auth_endpoint
@auth_endpoint ||= get_auth_endpoint
end
def self.get_auth_endpoint
g = glance_credentials
if g.key?('identity_uri')
"#{g['identity_uri']}/"
else
"#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}#{g['auth_admin_prefix']}/v2.0/"
end
end
def self.glance_file
return @glance_file if @glance_file
@glance_file = Puppet::Util::IniConfig::File.new
@glance_file.read('/etc/glance/glance-api.conf')
@glance_file
end
def self.glance_hash
@glance_hash ||= build_glance_hash
end
Use OpenstackClient for glance_image auth This patch changes the glance_image provider to use puppet-openstacklib's authentication methods, which use python-openstackclient as an interface, instead of the glance command line client. The benefits of this is: - Code reduction. This patch reduces the amount of code in the glance parent provider and glance_image provider by reusing code from Puppet::Provider::Openstack instead of implementing authentication, retries, and response parsing in the provider. - Presumed reduction in sudden API changes that require quick fixes in this module, such as f377c0229c006b02f43a14be4979553e983cb98e. - Ability to set project-based access control for images Additional reasoning for this change is in the blueprint. Important note: this change does not work on Ubuntu under Juno due to a major bug in the version of python-openstackclient shipped in UCA [1]. This change targets the Kilo releases. Note about performance: the self.instances and instances methods make API requests for each image found in the list of instances. This is not a change from how this was implemented before. The --long formatted list, either from the glance client or openstackclient, does not provide all information needed to query an instance and populate setters. Future patches could possibly improve on this. Other details of this change: - Removes auth_glance method, replaced by the request and glance_request methods - Removes auth_glance_stdin method which was not being used - Removes parse_table which is now unnecessary because openstackclient formats its responses as CSV and Puppet::Provider::Openstack#request returns the results a hash - Removes remove_warnings methods which are handled by Puppet::Provider::Openstack#request - Removes list_glance_images and get_glance_image_attr which are sufficiently replaced by using the 'list' and 'show' commands with Puppet::Provider::Openstack's request method. - Removed self.prefetch since we can't populate auth parameters during a prefetch. Instead we prepopulate the list via the instances method. - Added a flush method to do updates more efficiently - Changed is_public property to accept true/false in addition to yes/no and to munge to a symbol instead of a capitalized string, for consistency with keystone_tenant's enabled property - Move the reset method into the spec tests since it is only necessary for testing - Added tests for glance_image, which did not exist before - Removed connection retry test since this is taken care of in openstacklib [1] https://bugs.launchpad.net/python-openstackclient/+bug/1269821 blueprint use-openstackclient-in-module-resources Change-Id: Iceab5e1c6138e7aba0f883ed4acb8f7ecbcd2830
2015-04-10 21:24:32 +00:00
def bool_to_sym(bool)
bool == true ? :true : :false
end
end