Merge "Add support for [ec2authtoken] options"

manifests/ec2authtoken.pp

@@ -0,0 +1,125 @@
+# class: heat::ec2authtoken
+#
+# Configure the ec2authtoken section in the configuration file
+#
+# === Parameters
+#
+# [*password*]
+#   (Required) Password for connecting to Keystone services
+#
+# [*username*]
+#   (Optional) The name of the service user
+#   Defaults to 'heat'
+#
+# [*auth_url*]
+#   (Optional) The URL to use for authentication.
+#   Defaults to 'http://127.0.0.1:5000'
+#
+# [*project_name*]
+#   (Optional) Service project name
+#   Defaults to 'services'
+#
+# [*user_domain_name*]
+#   (Optional) Name of domain for $username
+#   Defaults to 'Default'
+#
+# [*project_domain_name*]
+#   (Optional) Name of domain for $project_name
+#   Defaults to 'Default'
+#
+# [*system_scope*]
+#   (Optional) Scope for system operations
+#   Defaults to $facts['os_service_default']
+#
+# [*auth_type*]
+#   (Optional) Authentication type to load
+#   Defaults to 'password'
+#
+# [*insecure*]
+#   (Optional) If true, explicitly allow TLS without checking server cert
+#   against any certificate authorities.  WARNING: not recommended.  Use with
+#   caution.
+#   Defaults to $facts['os_service_default']
+#
+# [*cafile*]
+#   (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
+#   connections.
+#   Defaults to $facts['os_service_default'].
+#
+# [*certfile*]
+#   (Optional) Required if identity server requires client certificate
+#   Defaults to $facts['os_service_default'].
+#
+# [*keyfile*]
+#   (Optional) Required if identity server requires client certificate
+#   Defaults to $facts['os_service_default'].
+#
+# [*region_name*]
+#   (Optional) The region in which the identity server can be found.
+#   Defaults to $facts['os_service_default'].
+#
+# [*valid_interfaces*]
+#   (Optional) List of interfaces, in order of preference, for endpoint URL.
+#   Defaults to $facts['os_service_default'].
+#
+# [*service_name*]
+#  (Optional) The name of the service as it appears in the service catalog.
+#  Defaults to $facts['os_service_default'].
+#
+# [*service_type*]
+#  (Optional) The type of the service as it appears in the service catalog.
+#  Defaults to $facts['os_service_default'].
+#
+# [*timeout*]
+#  (Optional) Timeout value for http requests .
+#  Defaults to $facts['os_service_default'].
+#
+class heat::ec2authtoken (
+  String[1] $password,
+  $username            = 'heat',
+  $auth_url            = 'http://127.0.0.1:5000',
+  $project_name        = 'services',
+  $user_domain_name    = 'Default',
+  $project_domain_name = 'Default',
+  $system_scope        = $facts['os_service_default'],
+  $auth_type           = 'password',
+  $insecure            = $facts['os_service_default'],
+  $cafile              = $facts['os_service_default'],
+  $certfile            = $facts['os_service_default'],
+  $keyfile             = $facts['os_service_default'],
+  $region_name         = $facts['os_service_default'],
+  $valid_interfaces    = $facts['os_service_default'],
+  $service_name        = $facts['os_service_default'],
+  $service_type        = $facts['os_service_default'],
+  $timeout             = $facts['os_service_default'],
+) {
+  include heat::deps
+
+  if is_service_default($system_scope) {
+    $project_name_real = $project_name
+    $project_domain_name_real = $project_domain_name
+  } else {
+    $project_name_real = $facts['os_service_default']
+    $project_domain_name_real = $facts['os_service_default']
+  }
+
+  heat_config {
+    'ec2authtoken/password':            value => $password, secret => true;
+    'ec2authtoken/username':            value => $username;
+    'ec2authtoken/auth_url':            value => $auth_url;
+    'ec2authtoken/project_name':        value => $project_name_real;
+    'ec2authtoken/user_domain_name':    value => $user_domain_name;
+    'ec2authtoken/project_domain_name': value => $project_domain_name_real;
+    'ec2authtoken/system_scope':        value => $system_scope;
+    'ec2authtoken/auth_type':           value => $auth_type;
+    'ec2authtoken/insecure':            value => $insecure;
+    'ec2authtoken/cafile':              value => $cafile;
+    'ec2authtoken/certfile':            value => $certfile;
+    'ec2authtoken/keyfile':             value => $keyfile;
+    'ec2authtoken/region_name':         value => $region_name;
+    'ec2authtoken/valid_interfaces':    value => join(any2array($valid_interfaces), ',');
+    'ec2authtoken/service_name':        value => $service_name;
+    'ec2authtoken/service_type':        value => $service_type;
+    'ec2authtoken/timeout':             value => $timeout;
+  }
+}

releasenotes/notes/ec2authtoken-b6d4c6b6d40fbc16.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    The new ``heat::ec2authtoken`` class has been added.

spec/classes/heat_ec2authtoken_spec.rb

@@ -0,0 +1,101 @@
+require 'spec_helper'
+
+describe 'heat::ec2authtoken' do
+  shared_examples 'heat::ec2authtoken' do
+    let :params do
+      {
+        :password => 'heat_password',
+      }
+    end
+
+    context 'with defaults' do
+      it 'configures defaults' do
+        is_expected.to contain_heat_config('ec2authtoken/password').with_value('heat_password').with_secret(true)
+        is_expected.to contain_heat_config('ec2authtoken/username').with_value('heat')
+        is_expected.to contain_heat_config('ec2authtoken/auth_url').with_value('http://127.0.0.1:5000')
+        is_expected.to contain_heat_config('ec2authtoken/project_name').with_value('services')
+        is_expected.to contain_heat_config('ec2authtoken/project_domain_name').with_value('Default')
+        is_expected.to contain_heat_config('ec2authtoken/user_domain_name').with_value('Default')
+        is_expected.to contain_heat_config('ec2authtoken/system_scope').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/auth_type').with_value('password')
+        is_expected.to contain_heat_config('ec2authtoken/insecure').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/cafile').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/certfile').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/keyfile').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/region_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/valid_interfaces').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/service_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/service_type').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/timeout').with_value('<SERVICE DEFAULT>')
+      end
+    end
+
+    context 'with parameters' do
+      before :each do
+        params.merge!({
+          :username            => 'alt_heat',
+          :auth_url            => 'http://localhost:5000',
+          :project_name        => 'alt_services',
+          :project_domain_name => 'ProjectDomain',
+          :user_domain_name    => 'UserDomain',
+          :auth_type           => 'v3password',
+          :insecure            => false,
+          :cafile              => 'cafile.pem',
+          :certfile            => 'certfile.crt',
+          :keyfile             => 'keyfile',
+          :region_name         => 'regionOne',
+          :valid_interfaces    => ['internal', 'public'],
+          :service_name        => 'keystone',
+          :service_type        => 'identity',
+          :timeout             => 60,
+        })
+      end
+
+      it 'configures client parameters' do
+        is_expected.to contain_heat_config('ec2authtoken/password').with_value('heat_password').with_secret(true)
+        is_expected.to contain_heat_config('ec2authtoken/username').with_value('alt_heat')
+        is_expected.to contain_heat_config('ec2authtoken/auth_url').with_value('http://localhost:5000')
+        is_expected.to contain_heat_config('ec2authtoken/project_name').with_value('alt_services')
+        is_expected.to contain_heat_config('ec2authtoken/project_domain_name').with_value('ProjectDomain')
+        is_expected.to contain_heat_config('ec2authtoken/user_domain_name').with_value('UserDomain')
+        is_expected.to contain_heat_config('ec2authtoken/system_scope').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/auth_type').with_value('v3password')
+        is_expected.to contain_heat_config('ec2authtoken/insecure').with_value(false)
+        is_expected.to contain_heat_config('ec2authtoken/cafile').with_value('cafile.pem')
+        is_expected.to contain_heat_config('ec2authtoken/certfile').with_value('certfile.crt')
+        is_expected.to contain_heat_config('ec2authtoken/keyfile').with_value('keyfile')
+        is_expected.to contain_heat_config('ec2authtoken/region_name').with_value('regionOne')
+        is_expected.to contain_heat_config('ec2authtoken/valid_interfaces').with_value('internal,public')
+        is_expected.to contain_heat_config('ec2authtoken/service_name').with_value('keystone')
+        is_expected.to contain_heat_config('ec2authtoken/service_type').with_value('identity')
+        is_expected.to contain_heat_config('ec2authtoken/timeout').with_value(60)
+      end
+    end
+
+    context 'with system scope' do
+      before :each do
+        params.merge!({
+          :system_scope => 'all',
+        })
+      end
+
+      it 'configures system scope credential' do
+        is_expected.to contain_heat_config('ec2authtoken/project_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/project_domain_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_heat_config('ec2authtoken/system_scope').with_value('all')
+      end
+    end
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_behaves_like 'heat::ec2authtoken'
+    end
+  end
+end