Add support for auth_admin_prefix in glance

Add support for auth_admin_prefix in glance::registry, glance::api & in the glance provider. Change-Id: I646c621f0a42cd987bc409b17066f8ac13556883
2013-06-11 11:28:53 +02:00 · 2013-06-11 11:28:53 +02:00 · dc98e9bb58
parent 202a27b66a
commit dc98e9bb58
5 changed files with 161 additions and 4 deletions
--- a/lib/puppet/provider/glance.rb
+++ b/lib/puppet/provider/glance.rb
@ -9,7 +9,7 @@ class Puppet::Provider::Glance < Puppet::Provider
  end

  def self.get_glance_credentials
-    if glance_file and glance_file['keystone_authtoken'] and 
+    if glance_file and glance_file['keystone_authtoken'] and
      glance_file['keystone_authtoken']['auth_host'] and
      glance_file['keystone_authtoken']['auth_port'] and
      glance_file['keystone_authtoken']['auth_protocol'] and
@ -21,6 +21,7 @@ class Puppet::Provider::Glance < Puppet::Provider
        g['auth_host'] = glance_file['keystone_authtoken']['auth_host'].strip
        g['auth_port'] = glance_file['keystone_authtoken']['auth_port'].strip
        g['auth_protocol'] = glance_file['keystone_authtoken']['auth_protocol'].strip
+        g['auth_admin_prefix'] = glance_file['keystone_authtoken'].fetch('auth_admin_prefix', '').strip
        g['admin_tenant_name'] = glance_file['keystone_authtoken']['admin_tenant_name'].strip
        g['admin_user'] = glance_file['keystone_authtoken']['admin_user'].strip
        g['admin_password'] = glance_file['keystone_authtoken']['admin_password'].strip
@ -40,7 +41,7 @@ class Puppet::Provider::Glance < Puppet::Provider

  def self.get_auth_endpoint
    g = glance_credentials
-    "#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}/v2.0/"
+    "#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}#{g['auth_admin_prefix']}/v2.0/"
  end

  def self.glance_file
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -28,6 +28,10 @@
 #  * auth_type - Type is authorization being used. Optional. Defaults to 'keystone'
 #  * auth_host - Host running auth service. Optional. Defaults to '127.0.0.1'.
 #  * auth_port - Port to use for auth service on auth_host. Optional. Defaults to '35357'.
+#  * auth_admin_prefix - (optional) path part of the auth url.
+#    This allow admin auth URIs like http://auth_host:35357/keystone/admin.
+#    (where '/keystone/admin' is auth_admin_prefix)
+#    Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
 #  * auth_protocol - Protocol to use for auth. Optional. Defaults to 'http'.
 #  * keystone_tenant - tenant to authenticate to. Optioal. Defaults to admin.
 #  * keystone_user User to authenticate as with keystone Optional. Defaults to admin.
@ -49,6 +53,7 @@ class glance::api(
  $auth_type         = 'keystone',
  $auth_host         = '127.0.0.1',
  $auth_port         = '35357',
+  $auth_admin_prefix = false,
  $auth_protocol     = 'http',
  $pipeline          = 'keystone+cachemanagement',
  $keystone_tenant   = 'admin',
@ -134,6 +139,17 @@ class glance::api(
    'keystone_authtoken/protocol':          value => $protocol;
  }

+  if $auth_admin_prefix {
+    validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+    glance_api_config {
+      'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
+    }
+  } else {
+    glance_api_config {
+      'keystone_authtoken/auth_admin_prefix': ensure => absent;
+    }
+  }
+
  # keystone config
  if $auth_type == 'keystone' {
    glance_api_config {
--- a/manifests/registry.pp
+++ b/manifests/registry.pp
@ -1,3 +1,66 @@
+# == Class: glance::registry
+#
+# Installs and configures glance-registry
+#
+# === Parameters
+#
+#  [*keystone_password*]
+#    (required) The keystone password for administrative user
+#
+#  [*verbose*]
+#    (optional) Enable verbose logs (true|false). Defaults to false.
+#
+#  [*debug*]
+#    (optional) Enable debug logs (true|false). Defaults to false.
+#
+#  [*bind_host*]
+#    (optional) The address of the host to bind to. Defaults to '0.0.0.0'.
+#
+#  [*bind_port*]
+#    (optional) The port the server should bind to. Defaults to '9191'.
+#
+#  [*log_file*]
+#    (optional) Log file for glance-registry.
+#    Defaults to '/var/log/glance/registry.log'.
+#
+#  [*sql_connection*]
+#    (optional) SQL connection string.
+#    Defaults to 'sqlite:///var/lib/glance/glance.sqlite'.
+#
+#  [*sql_idle_timeout*]
+#    (optional) SQL connections idle timeout. Defaults to '3600'.
+#
+#  [*auth_type*]
+#    (optional) Authentication type. Defaults to 'keystone'.
+#
+#  [*auth_host*]
+#    (optional) Address of the admin authentication endpoint.
+#    Defaults to '127.0.0.1'.
+#
+#  [*auth_port*]
+#    (optional) Port of the admin authentication endpoint. Defaults to '35357'.
+#
+#  [*auth_admin_prefix*]
+#    (optional) path part of the auth url.
+#    This allow admin auth URIs like http://auth_host:35357/keystone/admin.
+#    (where '/keystone/admin' is auth_admin_prefix)
+#    Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
+#
+#  [*auth_protocol*]
+#    (optional) Protocol to communicate with the admin authentication endpoint.
+#    Defaults to 'http'. Should be 'http' or 'https'.
+#
+#  [*keystone_tenant*]
+#    (optional) administrative tenant name to connect to keystone.
+#    Defaults to 'admin'.
+#
+#  [*keystone_user*]
+#    (optional) administrative user name to connect to keystone.
+#    Defaults to 'admin'.
+#
+#  [*enabled*]
+#    (optional) Should the service be enabled. Defaults to true.
+#
 class glance::registry(
  $keystone_password,
  $verbose           = false,
@ -10,6 +73,7 @@ class glance::registry(
  $auth_type         = 'keystone',
  $auth_host         = '127.0.0.1',
  $auth_port         = '35357',
+  $auth_admin_prefix = false,
  $auth_protocol     = 'http',
  $keystone_tenant   = 'admin',
  $keystone_user     = 'admin',
@ -64,6 +128,17 @@ class glance::registry(
    'keystone_authtoken/auth_protocol': value => $auth_protocol;
  }

+  if $auth_admin_prefix {
+    validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+    glance_registry_config {
+      'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
+    }
+  } else {
+    glance_registry_config {
+      'keystone_authtoken/auth_admin_prefix': ensure => absent;
+    }
+  }
+
  # keystone config
  if $auth_type == 'keystone' {
    glance_registry_config {
--- a/spec/classes/glance_api_spec.rb
+++ b/spec/classes/glance_api_spec.rb
@ -115,6 +115,7 @@ describe 'glance::api' do
          should contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
        end
      end
+      it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') }

      it 'should configure itself for keystone if that is the auth_type' do
        if params[:auth_type] == 'keystone'
@ -134,11 +135,43 @@ describe 'glance::api' do
    let :params do
      {
        :keystone_password => 'ChangeMe',
-        :pipeline           => 'keystone',
+        :pipeline          => 'keystone',
      }
    end

    it { should contain_glance_api_config('paste_deploy/flavor').with_value('keystone') }
  end

+  describe 'with overriden auth_admin_prefix' do
+    let :params do
+      {
+        :keystone_password => 'ChangeMe',
+        :auth_admin_prefix => '/keystone/main'
+      }
+    end
+
+    it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
+  end
+
+  [
+    '/keystone/',
+    'keystone/',
+    'keystone',
+    '/keystone/admin/',
+    'keystone/admin/',
+    'keystone/admin'
+  ].each do |auth_admin_prefix|
+    describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do
+      let :params do
+        {
+          :keystone_password => 'ChangeMe',
+          :auth_admin_prefix => auth_admin_prefix
+        }
+      end
+
+      it { expect { should contain_glance_api_config('filter:authtoken/auth_admin_prefix') }.to\
+        raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
+    end
+  end
+
 end
--- a/spec/classes/glance_registry_spec.rb
+++ b/spec/classes/glance_registry_spec.rb
@ -1,4 +1,3 @@
-require 'spec_helper'

 describe 'glance::registry' do

@ -99,6 +98,7 @@ describe 'glance::registry' do
        ].each do |config|
          should contain_glance_registry_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
        end
+        should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
        if param_hash[:auth_type] == 'keystone'
          should contain_glance_registry_config("paste_deploy/flavor").with_value('keystone')
          should contain_glance_registry_config("keystone_authtoken/admin_tenant_name").with_value(param_hash[:keystone_tenant])
@ -108,4 +108,36 @@ describe 'glance::registry' do
      end
    end
  end
+
+  describe 'with overriden auth_admin_prefix' do
+    let :params do
+      {
+        :keystone_password => 'ChangeMe',
+        :auth_admin_prefix => '/keystone/main'
+      }
+    end
+
+    it { should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
+  end
+
+  [
+    '/keystone/',
+    'keystone/',
+    'keystone',
+    '/keystone/admin/',
+    'keystone/admin/',
+    'keystone/admin'
+  ].each do |auth_admin_prefix|
+    describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do
+      let :params do
+        {
+          :keystone_password => 'ChangeMe',
+          :auth_admin_prefix => auth_admin_prefix
+        }
+      end
+
+      it { expect { should contain_glance_registry_config('filter:authtoken/auth_admin_prefix') }.to\
+        raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
+    end
+  end
 end