openstack
/
puppet-glance
Code Issues Proposed changes

Merge "Use identity_uri and auth_uri by default"

This commit is contained in:
Jenkins 2016-01-05 17:51:56 +00:00 committed by Gerrit Code Review
parent 17101434e1 148253cd27
commit aea8027cbd
4 changed files with 25 additions and 345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
manifests/api.pp
View File

@ -76,35 +76,13 @@
# then region name can be specified.
# Defaults to $::os_service_default.
#
# [*auth_host*]
# (optional) DEPRECATED Host running auth service.
# Defaults to '127.0.0.1'.
#
# [*auth_url*]
# (optional) DEPRECATED Authentication URL.
# Defaults to 'http://localhost:5000/v2.0'.
#
# [*auth_port*]
# (optional) DEPRECATED Port to use for auth service on auth_host.
# Defaults to '35357'.
#
# [*auth_uri*]
# (optional) Complete public Identity API endpoint.
# Defaults to false.
#
# [*auth_admin_prefix*]
# (optional) DEPRECATED Path part of the auth url.
# This allow admin auth URIs like http://auth_host:35357/keystone/admin.
# (where '/keystone/admin' is auth_admin_prefix)
# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
#
# [*auth_protocol*]
# (optional) DEPRECATED Protocol to use for auth.
# Defaults to 'http'.
# Defaults to 'http://127.0.0.1:5000/'.
#
# [*identity_uri*]
# (optional) Complete admin Identity API endpoint.
# Defaults to: false
# Defaults to 'http://127.0.0.1:35357/'.
#
# [*pipeline*]
# (optional) Partial name of a pipeline in your paste configuration file with the
@ -269,8 +247,8 @@ class glance::api(
$delayed_delete = $::os_service_default,
$auth_type = 'keystone',
$auth_region = $::os_service_default,
$auth_uri = false,
$identity_uri = false,
$auth_uri = 'http://127.0.0.1:5000/',
$identity_uri = 'http://127.0.0.1:35357/',
$pipeline = 'keystone',
$keystone_tenant = 'services',
$keystone_user = 'glance',
@ -302,12 +280,6 @@ class glance::api(
$token_cache_time = $::os_service_default,
$validate = false,
$validation_options = {},
# DEPRECATED PARAMETERS
$auth_host = '127.0.0.1',
$auth_url = 'http://localhost:5000/v2.0',
$auth_port = '35357',
$auth_admin_prefix = false,
$auth_protocol = 'http',
) inherits glance {
include ::glance::policy
@ -390,61 +362,6 @@ class glance::api(
'DEFAULT/registry_port': value => $registry_port;
}
if $identity_uri {
glance_api_config { 'keystone_authtoken/identity_uri': value => $identity_uri; }
} else {
glance_api_config { 'keystone_authtoken/identity_uri': ensure => absent; }
}
if $auth_uri {
glance_api_config { 'keystone_authtoken/auth_uri': value => $auth_uri; }
} else {
glance_api_config { 'keystone_authtoken/auth_uri': value => "${auth_protocol}://${auth_host}:5000/"; }
}
# if both auth_uri and identity_uri are set we skip these deprecated settings entirely
if !$auth_uri or !$identity_uri {
if $auth_host {
warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_api_config { 'keystone_authtoken/auth_host': value => $auth_host; }
} else {
glance_api_config { 'keystone_authtoken/auth_host': ensure => absent; }
}
if $auth_port {
warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_api_config { 'keystone_authtoken/auth_port': value => $auth_port; }
} else {
glance_api_config { 'keystone_authtoken/auth_port': ensure => absent; }
}
if $auth_protocol {
warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_api_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; }
} else {
glance_api_config { 'keystone_authtoken/auth_protocol': ensure => absent; }
}
if $auth_admin_prefix {
warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
glance_api_config {
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
}
} else {
glance_api_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; }
}
} else {
glance_api_config {
'keystone_authtoken/auth_host': ensure => absent;
'keystone_authtoken/auth_port': ensure => absent;
'keystone_authtoken/auth_protocol': ensure => absent;
'keystone_authtoken/auth_admin_prefix': ensure => absent;
}
}
# Set the pipeline, it is allowed to be blank
if $pipeline != '' {
validate_re($pipeline, '^(\w+([+]\w+)*)*$')
@ -465,9 +382,11 @@ class glance::api(
'keystone_authtoken/admin_password': value => $keystone_password, secret => true;
'keystone_authtoken/token_cache_time': value => $token_cache_time;
'keystone_authtoken/signing_dir': value => $signing_dir;
'keystone_authtoken/auth_uri': value => $auth_uri;
'keystone_authtoken/identity_uri': value => $identity_uri;
}
glance_cache_config {
'DEFAULT/auth_url' : value => $auth_url;
'DEFAULT/auth_url' : value => $auth_uri;
'DEFAULT/admin_tenant_name': value => $keystone_tenant;
'DEFAULT/admin_user' : value => $keystone_user;
'DEFAULT/admin_password' : value => $keystone_password, secret => true;
@ -532,7 +451,7 @@ class glance::api(
if $validate {
$defaults = {
'glance-api' => {
'command' => "glance --os-auth-url ${auth_url} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} image-list",
'command' => "glance --os-auth-url ${auth_uri} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} image-list",
}
}
$validation_options_hash = merge ($defaults, $validation_options)

86
manifests/registry.pp
View File

@ -71,29 +71,13 @@
# [*auth_type*]
# (optional) Authentication type. Defaults to 'keystone'.
#
# [*auth_host*]
# (optional) DEPRECATED Address of the admin authentication endpoint.
# Defaults to '127.0.0.1'.
#
# [*auth_port*]
# (optional) DEPRECATED Port of the admin authentication endpoint. Defaults to '35357'.
#
# [*auth_admin_prefix*]
# (optional) DEPRECATED path part of the auth url.
# This allow admin auth URIs like http://auth_host:35357/keystone/admin.
# (where '/keystone/admin' is auth_admin_prefix)
# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
#
# [*auth_protocol*]
# (optional) DEPRECATED Protocol to communicate with the admin authentication endpoint.
# Defaults to 'http'. Should be 'http' or 'https'.
#
# [*auth_uri*]
# (optional) Complete public Identity API endpoint.
# Defaults to 'http://127.0.0.1:5000/'.
#
# [*identity_uri*]
# (optional) Complete admin Identity API endpoint.
# Defaults to: false
# Defaults to 'http://127.0.0.1:35357/'.
#
# [*keystone_tenant*]
# (optional) administrative tenant name to connect to keystone.
@ -181,8 +165,8 @@ class glance::registry(
$database_retry_interval = undef,
$database_max_overflow = undef,
$auth_type = 'keystone',
$auth_uri = false,
$identity_uri = false,
$auth_uri = 'http://127.0.0.1:5000/',
$identity_uri = 'http://127.0.0.1:35357/',
$keystone_tenant = 'services',
$keystone_user = 'glance',
$pipeline = 'keystone',
@ -199,11 +183,6 @@ class glance::registry(
$os_region_name = $::os_service_default,
$signing_dir = $::os_service_default,
$token_cache_time = $::os_service_default,
# DEPRECATED PARAMETERS
$auth_host = '127.0.0.1',
$auth_port = '35357',
$auth_admin_prefix = false,
$auth_protocol = 'http',
) inherits glance {
include ::glance::registry::logging
@ -239,61 +218,6 @@ class glance::registry(
'glance_store/os_region_name': value => $os_region_name;
}
if $identity_uri {
glance_registry_config { 'keystone_authtoken/identity_uri': value => $identity_uri; }
} else {
glance_registry_config { 'keystone_authtoken/identity_uri': ensure => absent; }
}
if $auth_uri {
glance_registry_config { 'keystone_authtoken/auth_uri': value => $auth_uri; }
} else {
glance_registry_config { 'keystone_authtoken/auth_uri': value => "${auth_protocol}://${auth_host}:5000/"; }
}
# if both auth_uri and identity_uri are set we skip these deprecated settings entirely
if !$auth_uri or !$identity_uri {
if $auth_host {
warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_registry_config { 'keystone_authtoken/auth_host': value => $auth_host; }
} else {
glance_registry_config { 'keystone_authtoken/auth_host': ensure => absent; }
}
if $auth_port {
warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_registry_config { 'keystone_authtoken/auth_port': value => $auth_port; }
} else {
glance_registry_config { 'keystone_authtoken/auth_port': ensure => absent; }
}
if $auth_protocol {
warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_registry_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; }
} else {
glance_registry_config { 'keystone_authtoken/auth_protocol': ensure => absent; }
}
if $auth_admin_prefix {
warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
glance_registry_config {
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
}
} else {
glance_registry_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; }
}
} else {
glance_registry_config {
'keystone_authtoken/auth_host': ensure => absent;
'keystone_authtoken/auth_port': ensure => absent;
'keystone_authtoken/auth_protocol': ensure => absent;
'keystone_authtoken/auth_admin_prefix': ensure => absent;
}
}
# Set the pipeline, it is allowed to be blank
if $pipeline != '' {
validate_re($pipeline, '^(\w+([+]\w+)*)*$')
@ -314,6 +238,8 @@ class glance::registry(
'keystone_authtoken/admin_password': value => $keystone_password, secret => true;
'keystone_authtoken/token_cache_time': value => $token_cache_time;
'keystone_authtoken/signing_dir': value => $signing_dir;
'keystone_authtoken/auth_uri': value => $auth_uri;
'keystone_authtoken/identity_uri': value => $identity_uri;
}
}

98
spec/classes/glance_api_spec.rb
View File

@ -27,9 +27,6 @@ describe 'glance::api' do
:manage_service => true,
:backlog => '4096',
:workers => '7',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:auth_protocol => 'http',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'ChangeMe',
@ -47,6 +44,8 @@ describe 'glance::api' do
:os_region_name => 'RegionOne',
:signing_dir => '<SERVICE DEFAULT>',
:pipeline => 'keystone',
:auth_uri => 'http://127.0.0.1:5000/',
:identity_uri => 'http://127.0.0.1:35357/',
}
end
@ -64,9 +63,6 @@ describe 'glance::api' do
:enabled => false,
:backlog => '4095',
:workers => '5',
:auth_host => '127.0.0.2',
:auth_port => '35358',
:auth_protocol => 'https',
:keystone_tenant => 'admin2',
:keystone_user => 'admin2',
:keystone_password => 'ChangeMe2',
@ -82,6 +78,8 @@ describe 'glance::api' do
:os_region_name => 'RegionOne2',
:signing_dir => '/path/to/dir',
:pipeline => 'keystone2',
:auth_uri => 'http://127.0.0.1:5000/v2.0',
:identity_uri => 'http://127.0.0.1:35357/v2.0',
}
].each do |param_set|
@ -157,22 +155,11 @@ describe 'glance::api' do
is_expected.to contain_glance_api_config('DEFAULT/key_file').with_ensure('absent')
end
it 'is_expected.to lay down default auth config' do
[
'auth_host',
'auth_port',
'auth_protocol'
].each do |config|
is_expected.to contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
end
end
it { is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') }
it 'is_expected.to configure itself for keystone if that is the auth_type' do
if params[:auth_type] == 'keystone'
is_expected.to contain('paste_deploy/flavor').with_value('keystone+cachemanagement')
['admin_tenant_name', 'admin_user', 'admin_password', 'token_cache_time', 'signing_dir'].each do |config|
['admin_tenant_name', 'admin_user', 'admin_password', 'token_cache_time', 'signing_dir', 'auth_uri', 'identity_uri'].each do |config|
is_expected.to contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
end
is_expected.to contain_glance_api_config('keystone_authtoken/admin_password').with_value(param_hash[:keystone_password]).with_secret(true)
@ -247,38 +234,6 @@ describe 'glance::api' do
end
end
describe 'with overriden auth_admin_prefix' do
let :params do
{
:keystone_password => 'ChangeMe',
:auth_admin_prefix => '/keystone/main'
}
end
it { is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
end
[
'/keystone/',
'keystone/',
'keystone',
'/keystone/admin/',
'keystone/admin/',
'keystone/admin'
].each do |auth_admin_prefix|
describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do
let :params do
{
:keystone_password => 'ChangeMe',
:auth_admin_prefix => auth_admin_prefix
}
end
it { expect { is_expected.to contain_glance_api_config('filter:authtoken/auth_admin_prefix') }.to\
raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
end
end
describe 'with ssl options' do
let :params do
default_params.merge({
@ -323,7 +278,7 @@ describe 'glance::api' do
:provider => 'shell',
:tries => '10',
:try_sleep => '2',
:command => 'glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name services --os-username glance --os-password ChangeMe image-list',
:command => 'glance --os-auth-url http://127.0.0.1:5000/ --os-tenant-name services --os-username glance --os-password ChangeMe image-list',
)}
it { is_expected.to contain_anchor('create glance-api anchor').with(
@ -351,47 +306,6 @@ describe 'glance::api' do
)}
end
describe 'with identity and auth settings' do
let :params do
{
:keystone_password => 'ChangeMe',
}
end
context 'with custom keystone identity_uri' do
let :params do
default_params.merge!({
:identity_uri => 'https://foo.bar:1234/',
})
end
it 'configures identity_uri' do
is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/");
# since only identity_uri is set the deprecated auth parameters is_expected.to
# still get set in case they are still in use
is_expected.to contain_glance_api_config('keystone_authtoken/auth_host').with_value('127.0.0.1');
is_expected.to contain_glance_api_config('keystone_authtoken/auth_port').with_value('35357');
is_expected.to contain_glance_api_config('keystone_authtoken/auth_protocol').with_value('http');
end
end
context 'with custom keystone identity_uri and auth_uri' do
let :params do
default_params.merge!({
:identity_uri => 'https://foo.bar:35357/',
:auth_uri => 'https://foo.bar:5000/v2.0/',
})
end
it 'configures identity_uri' do
is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
is_expected.to contain_glance_api_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
is_expected.to contain_glance_api_config('keystone_authtoken/auth_host').with_ensure('absent')
is_expected.to contain_glance_api_config('keystone_authtoken/auth_port').with_ensure('absent')
is_expected.to contain_glance_api_config('keystone_authtoken/auth_protocol').with_ensure('absent')
is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
end
end
end
describe 'on Debian platforms' do
let :facts do
@default_facts.merge({

89
spec/classes/glance_registry_spec.rb
View File

@ -21,10 +21,8 @@ describe 'glance::registry' do
:enabled => true,
:manage_service => true,
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:auth_protocol => 'http',
:auth_uri => 'http://127.0.0.1:5000/',
:identity_uri => 'http://127.0.0.1:35357/',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'ChangeMe',
@ -44,10 +42,8 @@ describe 'glance::registry' do
:workers => '5',
:enabled => false,
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:auth_protocol => 'http',
:auth_uri => 'http://127.0.0.1:5000/',
:auth_uri => 'http://127.0.0.1:5000/v2.0',
:identity_uri => 'http://127.0.0.1:35357/v2.0',
:keystone_tenant => 'admin',
:keystone_user => 'admin',
:keystone_password => 'ChangeMe',
@ -96,13 +92,11 @@ describe 'glance::registry' do
is_expected.to contain_glance_registry_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
end
[
'auth_host',
'auth_port',
'auth_protocol'
'auth_uri',
'identity_uri'
].each do |config|
is_expected.to contain_glance_registry_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
end
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
if param_hash[:auth_type] == 'keystone'
is_expected.to contain_glance_registry_config("paste_deploy/flavor").with_value('keystone')
is_expected.to contain_glance_registry_config("keystone_authtoken/admin_tenant_name").with_value(param_hash[:keystone_tenant])
@ -188,38 +182,6 @@ describe 'glance::registry' do
end
end
describe 'with overriden auth_admin_prefix' do
let :params do
{
:keystone_password => 'ChangeMe',
:auth_admin_prefix => '/keystone/main'
}
end
it { is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
end
[
'/keystone/',
'keystone/',
'keystone',
'/keystone/admin/',
'keystone/admin/',
'keystone/admin'
].each do |auth_admin_prefix|
describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do
let :params do
{
:keystone_password => 'ChangeMe',
:auth_admin_prefix => auth_admin_prefix
}
end
it { expect { is_expected.to contain_glance_registry_config('filter:authtoken/auth_admin_prefix') }.to\
raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
end
end
describe 'with ssl options' do
let :params do
default_params.merge({
@ -236,47 +198,6 @@ describe 'glance::registry' do
end
end
describe 'with identity and auth settings' do
let :params do
{
:keystone_password => 'ChangeMe',
}
end
context 'with custom keystone identity_uri' do
before do
params.merge!({
:identity_uri => 'https://foo.bar:1234/',
})
end
it 'configures identity_uri' do
is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/");
# since only auth_uri is set the deprecated auth parameters is_expected.to
# still get set in case they are still in use
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_host').with_value('127.0.0.1');
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_port').with_value('35357');
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_protocol').with_value('http');
end
end
context 'with custom keystone identity_uri and auth_uri' do
before do
params.merge!({
:identity_uri => 'https://foo.bar:35357/',
:auth_uri => 'https://foo.bar:5000/v2.0/',
})
end
it 'configures identity_uri' do
is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_host').with_ensure('absent')
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_port').with_ensure('absent')
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_protocol').with_ensure('absent')
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
end
end
end
describe 'on Debian platforms' do
let :facts do
@default_facts.merge({