openstack
/
puppet-heat
Code Issues Proposed changes

Remove deprecated parameter stack_user_domain 

According to [1], stack_user_domain parameter is deprecated,
and now will be used stack_user_domain_name parameter instead.

[1] http://docs.openstack.org/kilo/config-reference/content/orchestration-configuring-api.html

Change-Id: I558eaf311af8751897c402b3d3c2d82b4fadb07d
This commit is contained in:
Denis Egorenko 2015-07-29 13:46:20 +03:00
parent 0e850373a8
commit b7d19f43bd
5 changed files with 3 additions and 419 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

189
lib/puppet/provider/heat_domain_id_setter/ruby.rb
View File

@ -1,189 +0,0 @@
## NB: This must work with Ruby 1.8!
# This provider permits the stack_user_domain parameter in heat.conf
# to be set by providing a domain_name to the Puppet module and
# using the Keystone REST API to translate the name into the corresponding
# UUID.
#
# This requires that tenant names be unique. If there are multiple matches
# for a given tenant name, this provider will raise an exception.
require 'rubygems'
require 'net/http'
require 'json'
class KeystoneError < Puppet::Error
end
class KeystoneConnectionError < KeystoneError
end
class KeystoneAPIError < KeystoneError
end
# Provides common request handling semantics to the other methods in
# this module.
#
# +req+::
# An HTTPRequest object
# +url+::
# A parsed URL (returned from URI.parse)
def handle_request(req, url)
begin
# There is issue with ipv6 where address has to be in brackets, this causes the
# underlying ruby TCPSocket to fail. Net::HTTP.new will fail without brackets on
# joining the ipv6 address with :port or passing brackets to TCPSocket. It was
# found that if we use Net::HTTP.start with url.hostname the incriminated code
# won't be hit.
use_ssl = url.scheme == "https" ? true : false
res = Net::HTTP.start(url.hostname, url.port, {:use_ssl => use_ssl}) {|http|
http.request(req)
}
if res.code != '200'
raise KeystoneAPIError, "Received error response from Keystone server at #{url}: #{res.message}"
end
rescue Errno::ECONNREFUSED => detail
raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
rescue SocketError => detail
raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
end
res
end
# Authenticates to a Keystone server and obtains an authentication token.
# It returns a 2-element +[token, authinfo]+, where +token+ is a token
# suitable for passing to openstack apis in the +X-Auth-Token+ header, and
# +authinfo+ is the complete response from Keystone, including the service
# catalog (if available).
#
# +auth_url+::
# Keystone endpoint URL. This function assumes API version
# 2.0 and an administrative endpoint, so this will typically look like
# +http://somehost:35357/v2.0+.
#
# +username+::
# Username for authentication.
#
# +password+::
# Password for authentication
#
# +tenantID+::
# Tenant UUID
#
# +tenantName+::
# Tenant name
#
def heat_handle_requests(auth_url,
username,
password,
tenantId=nil,
tenantName=nil)
post_args = {
'auth' => {
'passwordCredentials' => {
'username' => username,
'password' => password
},
}}
if tenantId
post_args['auth']['tenantId'] = tenantId
end
if tenantName
post_args['auth']['tenantName'] = tenantName
end
url = URI.parse("#{auth_url}/tokens")
req = Net::HTTP::Post.new url.path
req['content-type'] = 'application/json'
req.body = post_args.to_json
res = handle_request(req, url)
data = JSON.parse res.body
return data['access']['token']['id'], data
end
# Queries a Keystone server to a list of all tenants.
#
# +auth_url+::
# Keystone endpoint. See the notes for +auth_url+ in
# +heat_handle_requests+.
#
# +token+::
# A Keystone token that will be passed in requests as the value of the
# +X-Auth-Token+ header.
#
def keystone_v3_domains(auth_url,
token)
auth_url.sub!('v2.0', 'v3')
url = URI.parse("#{auth_url}/domains")
req = Net::HTTP::Get.new url.path
req['content-type'] = 'application/json'
req['x-auth-token'] = token
res = handle_request(req, url)
data = JSON.parse res.body
data['domains']
end
Puppet::Type.type(:heat_domain_id_setter).provide(:ruby) do
def authenticate
token, authinfo = heat_handle_requests(
@resource[:auth_url],
@resource[:auth_username],
@resource[:auth_password],
nil,
@resource[:auth_tenant_name])
return token
end
def find_domain_by_name(token)
domains = keystone_v3_domains(
@resource[:auth_url],
token)
domains.select{|domain| domain['name'] == @resource[:domain_name]}
end
def exists?
false
end
def create
config
end
# This looks for the domain specified by the 'domain_name' parameter to
# the resource and returns the corresponding UUID if there is a single
# match.
#
# Raises a KeystoneAPIError if:
#
# - There are multiple matches, or
# - There are zero matches
def get_domain_id
token = authenticate
domains = find_domain_by_name(token)
if domains.length == 1
return domains[0]['id']
elsif domains.length > 1
name = domains[0]['name']
raise KeystoneAPIError, 'Found multiple matches for domain name "#{name}"'
else
raise KeystoneAPIError, 'Unable to find matching domain'
end
end
def config
Puppet::Type.type(:heat_config).new(
{:name => 'DEFAULT/stack_user_domain', :value => "#{get_domain_id}"}
).create
end
end

31
lib/puppet/type/heat_domain_id_setter.rb
View File

@ -1,31 +0,0 @@
Puppet::Type.newtype(:heat_domain_id_setter) do
ensurable
newparam(:name, :namevar => true) do
desc 'The name of the setting to update'
end
newparam(:domain_name) do
desc 'The heat domain name'
end
newparam(:auth_url) do
desc 'The Keystone endpoint URL'
defaultto 'http://localhost:35357/v2.0'
end
newparam(:auth_username) do
desc 'Username with which to authenticate'
defaultto 'admin'
end
newparam(:auth_password) do
desc 'Password with which to authenticate'
end
newparam(:auth_tenant_name) do
desc 'Tenant name with which to authenticate'
defaultto 'admin'
end
end

13
manifests/keystone/domain.pp
View File

@ -57,19 +57,10 @@ class heat::keystone::domain (
logoutput => 'on_failure'
}
heat_domain_id_setter { 'heat_domain_id':
ensure => present,
domain_name => $domain_name,
auth_url => $auth_url,
auth_username => $keystone_admin,
auth_password => $keystone_password,
auth_tenant_name => $keystone_tenant,
require => Exec['heat_domain_create'],
}
heat_config {
'DEFAULT/stack_domain_admin': value => $domain_admin;
'DEFAULT/stack_domain_admin': value => $domain_admin;
'DEFAULT/stack_domain_admin_password': value => $domain_password, secret => true;
'DEFAULT/stack_user_domain_name': value => $domain_name;
}
}

12
spec/classes/heat_keystone_domain_spec.rb
View File

@ -18,17 +18,7 @@ describe 'heat::keystone::domain' do
is_expected.to contain_heat_config('DEFAULT/stack_domain_admin').with_value(params[:domain_admin])
is_expected.to contain_heat_config('DEFAULT/stack_domain_admin_password').with_value(params[:domain_password])
is_expected.to contain_heat_config('DEFAULT/stack_domain_admin_password').with_secret(true)
end
it 'should configure heat domain id' do
is_expected.to contain_heat_domain_id_setter('heat_domain_id').with(
:ensure => 'present',
:domain_name => params[:domain_name],
:auth_url => params[:auth_url],
:auth_username => params[:keystone_admin],
:auth_password => params[:keystone_password],
:auth_tenant_name => params[:keystone_tenant]
)
is_expected.to contain_heat_config('DEFAULT/stack_user_domain_name').with_value(params[:domain_name])
end
it 'should exec helper script' do

177
spec/unit/provider/heat_domain_id_setter/heat_spec.rb
View File

@ -1,177 +0,0 @@
require 'spec_helper'
require 'puppet'
require 'puppet/type/heat_domain_id_setter'
provider_class = Puppet::Type.type(:heat_domain_id_setter).provider(:ruby)
# used to simulate an authentication response from Keystone
# (POST v2.0/tokens)
auth_response = {
'access' => {
'token' => {
'id' => 'TOKEN',
}
}
}
# used to simulate a response to GET v3/domains
domains_response = {
'domains' => [
{
'name' => 'heat',
'id' => 'UUID_HEAT'
},
{
'name' => 'multiple_matches_domain',
'id' => 'UUID1'
},
{
'name' => 'multiple_matches_domain',
'id' => 'UUID2'
},
]
}
# Stub for ini_setting resource
Puppet::Type.newtype(:ini_setting) do
end
# Stub for ini_setting provider
Puppet::Type.newtype(:ini_setting).provide(:ruby) do
def create
end
end
describe 'Puppet::Type.type(:heat_keystone_domain_id_setter)' do
let :params do
{
:name => 'heat_domain_id',
:ensure => 'present',
:domain_name => 'heat',
:auth_url => 'http://127.0.0.1:35357/v2.0',
:auth_username => 'admin',
:auth_password => 'admin_passwd',
:auth_tenant_name => 'admin',
}
end
it 'should have a non-nil provider' do
expect(provider_class).not_to be_nil
end
context 'when url is correct' do
before :each do
stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").
to_return(:status => 200,
:body => auth_response.to_json,
:headers => {})
stub_request(:get, "http://127.0.0.1:35357/v3/domains").
with(:headers => {'X-Auth-Token'=>'TOKEN'}).
to_return(:status => 200,
:body => domains_response.to_json,
:headers => {})
end
it 'should create a resource' do
resource = Puppet::Type::Heat_domain_id_setter.new(params)
provider = provider_class.new(resource)
expect(provider.exists?).to be_falsey
expect(provider.create).to be_nil
end
end
# What happens if we ask for a domain that does not exist?
context 'when domain cannot be found' do
before :each do
stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").
to_return(:status => 200,
:body => auth_response.to_json,
:headers => {})
stub_request(:get, "http://127.0.0.1:35357/v3/domains").
with(:headers => {'X-Auth-Token'=>'TOKEN'}).
to_return(:status => 200,
:body => domains_response.to_json,
:headers => {})
params.merge!(:domain_name => 'bad_domain_name')
end
it 'should receive an api error' do
resource = Puppet::Type::Heat_domain_id_setter.new(params)
provider = provider_class.new(resource)
expect(provider.exists?).to be_falsey
expect { provider.create }.to raise_error KeystoneAPIError, /Unable to find matching domain/
end
end
# What happens if we ask for a domain name that results in multiple
# matches?
context 'when there are multiple matching domains' do
before :each do
stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").
to_return(:status => 200,
:body => auth_response.to_json,
:headers => {})
stub_request(:get, "http://127.0.0.1:35357/v3/domains").
with(:headers => {'X-Auth-Token'=>'TOKEN'}).
to_return(:status => 200,
:body => domains_response.to_json,
:headers => {})
params.merge!(:domain_name => 'multiple_matches_domain')
end
it 'should receive an api error' do
resource = Puppet::Type::Heat_domain_id_setter.new(params)
provider = provider_class.new(resource)
expect(provider.exists?).to be_falsey
expect { provider.create }.to raise_error KeystoneAPIError, /Found multiple matches for domain name/
end
end
# What happens if we pass a bad password?
context 'when password is incorrect' do
before :each do
stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").
to_return(:status => 401,
:body => auth_response.to_json,
:headers => {})
end
it 'should receive an authentication error' do
resource = Puppet::Type::Heat_domain_id_setter.new(params)
provider = provider_class.new(resource)
expect(provider.exists?).to be_falsey
expect { provider.create }.to raise_error KeystoneAPIError
end
end
# What happens if the server is not listening?
context 'when keystone server is unavailable' do
before :each do
stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").to_raise Errno::ECONNREFUSED
end
it 'should receive a connection error' do
resource = Puppet::Type::Heat_domain_id_setter.new(params)
provider = provider_class.new(resource)
expect(provider.exists?).to be_falsey
expect { provider.create }.to raise_error KeystoneConnectionError
end
end
# What happens if we mistype the hostname?
context 'when keystone server is unknown' do
before :each do
stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").to_raise SocketError, 'getaddrinfo: Name or service not known'
end
it 'should receive a connection error' do
resource = Puppet::Type::Heat_domain_id_setter.new(params)
provider = provider_class.new(resource)
expect(provider.exists?).to be_falsey
expect { provider.create }.to raise_error KeystoneConnectionError
end
end
end