remove password defaults

This commit removes the password defaults. Users should not rely on password defaults.
2012-10-14 12:36:13 -07:00 · 2012-10-14 12:36:13 -07:00 · 7c396acd66
commit 7c396acd66
parent e6216be659
10 changed files with 52 additions and 30 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -28,6 +28,7 @@
 #
 #
 class glance::api(
+  $keystone_password,
  $verbose           = 'False',
  $debug             = 'False',
  $bind_host         = '0.0.0.0',
@ -44,7 +45,6 @@ class glance::api(
  $auth_url          = "http://127.0.0.1:5000/",
  $keystone_tenant   = 'admin',
  $keystone_user     = 'admin',
-  $keystone_password = 'ChangeMe',
  $enabled           = true,
  $sql_idle_timeout  = '3600',
  $sql_connection    = 'sqlite:///var/lib/glance/glance.sqlite'
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@ -15,8 +15,9 @@
 #  $region :: Region where endpoint is set.
 #
 class glance::keystone::auth(
+  $password,
+  $email              = 'glance@localhost',
  $auth_name          = 'glance',
-  $password           = 'glance_password',
  $configure_endpoint = true,
  $service_type       = 'image',
  $public_address     = '127.0.0.1',
@ -24,7 +25,6 @@ class glance::keystone::auth(
  $internal_address   = '127.0.0.1',
  $port               = '9292',
  $region             = 'RegionOne',
-  $email              = 'glance@localhost',
  $tenant             = 'services'
 ) {

--- a/manifests/registry.pp
+++ b/manifests/registry.pp
@ -1,6 +1,7 @@
 class glance::registry(
-  $verbose       = 'False',
-  $debug         = 'False',
+  $keystone_password,
+  $verbose           = 'False',
+  $debug             = 'False',
  $bind_host         = '0.0.0.0',
  $bind_port         = '9191',
  $log_file          = '/var/log/glance/registry.log',
@ -12,7 +13,6 @@ class glance::registry(
  $auth_protocol     = 'http',
  $keystone_tenant   = 'admin',
  $keystone_user     = 'admin',
-  $keystone_password = 'ChangeMe',
  $enabled           = true
 ) inherits glance {

--- a/spec/classes/glance_api_spec.rb
+++ b/spec/classes/glance_api_spec.rb
@ -34,7 +34,7 @@ describe 'glance::api' do
    }
  end

-  [{},
+  [{:keystone_password => 'ChangeMe'},
   {
      :verbose           => 'true',
      :debug             => 'true',
@ -59,7 +59,7 @@ describe 'glance::api' do
    }
  ].each do |param_set|

-    describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
+    describe "when #{param_set == {:keystone_password => 'ChangeMe'} ? "using default" : "specifying"} class parameters" do

      let :param_hash do
        default_params.merge(param_set)
--- a/spec/classes/glance_backend_file_spec.rb
+++ b/spec/classes/glance_backend_file_spec.rb
@ -7,6 +7,10 @@ describe 'glance::backend::file' do
    }
  end

+  let :pre_condition do
+    'class { "glance::api": keystone_password => "pass" }'
+  end
+
  it { should contain_glance_api_config('DEFAULT/default_store').with_value('file') }
  it { should contain_glance_api_config('DEFAULT/filesystem_store_datadir').with_value('/var/lib/glance/images/') }

--- a/spec/classes/glance_backend_swift_spec.rb
+++ b/spec/classes/glance_backend_swift_spec.rb
@ -14,6 +14,10 @@ describe 'glance::backend::swift' do
    }
  end

+  let :pre_condition do
+    'class { "glance::api": keystone_password => "pass" }'
+  end
+
  it { should contain_glance_api_config('DEFAULT/default_store').with_value('swift') }
  it { should contain_glance_api_config('DEFAULT/swift_store_key').with_value('key') }
  it { should contain_glance_api_config('DEFAULT/swift_store_user').with_value('user') }
--- a/spec/classes/glance_keystone_auth_spec.rb
+++ b/spec/classes/glance_keystone_auth_spec.rb
@ -4,9 +4,13 @@ describe 'glance::keystone::auth' do

  describe 'with defaults' do

+    let :params do
+      {:password => 'pass'}
+    end
+
    it { should contain_keystone_user('glance').with(
      :ensure   => 'present',
-      :password => 'glance_password'
+      :password => 'pass'
    )}

    it { should contain_keystone_user_role('glance@services').with(
@ -62,6 +66,7 @@ describe 'glance::keystone::auth' do

    let :params do
      {
+        :password         => 'pass',
        :public_address   => '10.0.0.1',
        :admin_address    => '10.0.0.2',
        :internal_address => '10.0.0.3',
@ -85,11 +90,11 @@ describe 'glance::keystone::auth' do
    let :params do
      {
        :configure_endpoint => false,
+        :password         => 'pass',
      }
    end
-  
+
    it { should_not contain_keystone_endpoint('glance') }
-      
  end

 end
--- a/spec/classes/glance_notify_qpid_spec.rb
+++ b/spec/classes/glance_notify_qpid_spec.rb
@ -9,6 +9,10 @@ describe 'glance::notify::qpid' do
    {:qpid_password => 'pass'}
  end

+  let :pre_condition do
+    'class { "glance::api": keystone_password => "pass" }'
+  end
+
  it { should contain_glance_api_config('DEFAULT/notifier_strategy').with_value('qpid') }
  it { should contain_glance_api_config('DEFAULT/qpid_username').with_value('guest') }
  it { should contain_glance_api_config('DEFAULT/qpid_password').with_value('pass') }
--- a/spec/classes/glance_notify_rabbitmq_spec.rb
+++ b/spec/classes/glance_notify_rabbitmq_spec.rb
@ -5,6 +5,11 @@ describe 'glance::notify::rabbitmq' do
      :osfamily => 'Debian'
    }
  end
+
+  let :pre_condition do
+    'class { "glance::api": keystone_password => "pass" }'
+  end
+
  let :params do
    {:rabbit_password => 'pass'}
  end
--- a/spec/classes/glance_registry_spec.rb
+++ b/spec/classes/glance_registry_spec.rb
@ -10,14 +10,14 @@ describe 'glance::registry' do

  let :default_params do
    {
-      :verbose      => 'False',
-      :debug        => 'False',
-      :bind_host        => '0.0.0.0',
-      :bind_port        => '9191',
-      :log_file         => '/var/log/glance/registry.log',
-      :sql_connection   => 'sqlite:///var/lib/glance/glance.sqlite',
-      :sql_idle_timeout => '3600',
-      :enabled          => true,
+      :verbose           => 'False',
+      :debug             => 'False',
+      :bind_host         => '0.0.0.0',
+      :bind_port         => '9191',
+      :log_file          => '/var/log/glance/registry.log',
+      :sql_connection    => 'sqlite:///var/lib/glance/glance.sqlite',
+      :sql_idle_timeout  => '3600',
+      :enabled           => true,
      :auth_type         => 'keystone',
      :auth_host         => '127.0.0.1',
      :auth_port         => '35357',
@ -29,16 +29,16 @@ describe 'glance::registry' do
  end

  [
-    {},
+    {:keystone_password => 'ChangeMe'},
    {
-      :verbose => 'true',
-      :debug => 'true',
-      :bind_host => '127.0.0.1',
-      :bind_port => '9111',
-      :log_file => '/var/log/glance-registry.log',
-      :sql_connection => 'sqlite:///var/lib/glance.sqlite',
-      :sql_idle_timeout => '360',
-      :enabled          => false,
+      :verbose           => 'True',
+      :debug             => 'True',
+      :bind_host         => '127.0.0.1',
+      :bind_port         => '9111',
+      :log_file          => '/var/log/glance-registry.log',
+      :sql_connection    => 'sqlite:///var/lib/glance.sqlite',
+      :sql_idle_timeout  => '360',
+      :enabled           => false,
      :auth_type         => 'keystone',
      :auth_host         => '127.0.0.1',
      :auth_port         => '35357',
@ -49,9 +49,9 @@ describe 'glance::registry' do
    }
  ].each do |param_set|

-    describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
+    describe "when #{param_set == {:keystone_password => 'ChangeMe'} ? "using default" : "specifying"} class parameters" do
      let :param_hash do
-        param_set == {} ? default_params : params
+        default_params.merge(param_set)
      end

      let :params do