Remove old authtoken options
Since we are in ocata lets remove all old parameters in api to configure the keystone_authtoken section Change-Id: I7f18b79b9107baad78129b098246bd9c931420dc
This commit is contained in:
parent
05865a15f8
commit
da7bc46203
@ -300,54 +300,6 @@
|
|||||||
# take for evaluation.
|
# take for evaluation.
|
||||||
# Defaults to $::os_service_default.
|
# Defaults to $::os_service_default.
|
||||||
#
|
#
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*auth_uri*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::auth_uri
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*identity_uri*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::auth_url
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*auth_plugin*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::auth_type
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_user*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::username
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_tenant*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::project_name
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_password*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::password
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_user_domain_name*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::user_domain_name
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_user_domain_id*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::user_domain_name
|
|
||||||
# instead, there is no need for both id and name options.
|
|
||||||
# Defaults to $::os_service_default
|
|
||||||
#
|
|
||||||
# [*keystone_project_domain_name*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::project_domain_name
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_project_domain_id*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::project_domain_name
|
|
||||||
# instead, there is no need for both id and name options.
|
|
||||||
# Defaults to $::os_service_default
|
|
||||||
#
|
|
||||||
# [*memcached_servers*]
|
|
||||||
# (Optional) Deprecated. Use heat::keystone::authtoken::memcached_servers.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class heat(
|
class heat(
|
||||||
$package_ensure = 'present',
|
$package_ensure = 'present',
|
||||||
$debug = undef,
|
$debug = undef,
|
||||||
@ -416,17 +368,6 @@ class heat(
|
|||||||
$auth_strategy = 'keystone',
|
$auth_strategy = 'keystone',
|
||||||
$yaql_memory_quota = $::os_service_default,
|
$yaql_memory_quota = $::os_service_default,
|
||||||
$yaql_limit_iterators = $::os_service_default,
|
$yaql_limit_iterators = $::os_service_default,
|
||||||
$auth_uri = undef,
|
|
||||||
$identity_uri = undef,
|
|
||||||
$auth_plugin = undef,
|
|
||||||
$keystone_user = undef,
|
|
||||||
$keystone_tenant = undef,
|
|
||||||
$keystone_password = undef,
|
|
||||||
$keystone_user_domain_name = undef,
|
|
||||||
$keystone_user_domain_id = $::os_service_default,
|
|
||||||
$keystone_project_domain_name = undef,
|
|
||||||
$keystone_project_domain_id = $::os_service_default,
|
|
||||||
$memcached_servers = undef,
|
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include ::heat::logging
|
include ::heat::logging
|
||||||
@ -438,50 +379,6 @@ class heat(
|
|||||||
include ::heat::keystone::authtoken
|
include ::heat::keystone::authtoken
|
||||||
}
|
}
|
||||||
|
|
||||||
if $auth_uri {
|
|
||||||
warning('auth_uri is deprecated, use heat::keystone::authtoken::auth_uri instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $identity_uri {
|
|
||||||
warning('identity_uri is deprecated, use heat::keystone::authtoken::auth_url instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $auth_plugin {
|
|
||||||
warning('auth_plugin is deprecated, use heat::keystone::authtoken::auth_type instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_user {
|
|
||||||
warning('keystone_user is deprecated, use heat::keystone::authtoken::username instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_tenant {
|
|
||||||
warning('keystone_tenant is deprecated, use heat::keystone::authtoken::project_name instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_password {
|
|
||||||
warning('keystone_password is deprecated, use heat::keystone::authtoken::password instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_user_domain_name {
|
|
||||||
warning('keystone_user_domain_name is deprecated, use heat::keystone::authtoken::user_domain_name instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_user_domain_id {
|
|
||||||
warning('keystone_user_domain_id is deprecated, use the name option instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_project_domain_name {
|
|
||||||
warning('keystone_project_domain_name is deprecated, use heat::keystone::authtoken::project_domain_name instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_project_domain_id {
|
|
||||||
warning('keystone_project_domain_id is deprecated, use the name option instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $memcached_servers {
|
|
||||||
warning('memcached_servers is deprecated, use heat::keystone::authtoken::memcached_servers instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
package { 'heat-common':
|
package { 'heat-common':
|
||||||
ensure => $package_ensure,
|
ensure => $package_ensure,
|
||||||
name => $::heat::params::common_package_name,
|
name => $::heat::params::common_package_name,
|
||||||
@ -539,22 +436,20 @@ class heat(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$auth_url_real = pick($identity_uri, $::heat::keystone::authtoken::auth_url)
|
$auth_url = $::heat::keystone::authtoken::auth_url
|
||||||
$keystone_user_real = pick($keystone_user, $::heat::keystone::authtoken::username)
|
$keystone_username = $::heat::keystone::authtoken::username
|
||||||
$keystone_password_real = pick($keystone_password, $::heat::keystone::authtoken::password)
|
$keystone_password = $::heat::keystone::authtoken::password
|
||||||
$keystone_project_domain_name_real = pick($keystone_project_domain_name, $::heat::keystone::authtoken::project_domain_name)
|
$keystone_project_domain_name = $::heat::keystone::authtoken::project_domain_name
|
||||||
$keystone_user_domain_name_real = pick($keystone_user_domain_name, $::heat::keystone::authtoken::user_domain_name)
|
$keystone_user_domain_name = $::heat::keystone::authtoken::user_domain_name
|
||||||
|
|
||||||
heat_config {
|
heat_config {
|
||||||
'trustee/auth_type': value => 'password';
|
'trustee/auth_type': value => 'password';
|
||||||
'trustee/auth_url': value => $auth_url_real;
|
'trustee/auth_url': value => $auth_url;
|
||||||
'trustee/username': value => $keystone_user_real;
|
'trustee/username': value => $keystone_username;
|
||||||
'trustee/password': value => $keystone_password_real, secret => true;
|
'trustee/password': value => $keystone_password, secret => true;
|
||||||
'trustee/project_domain_id': value => $keystone_project_domain_id;
|
'trustee/project_domain_name': value => $keystone_project_domain_name;
|
||||||
'trustee/user_domain_id': value => $keystone_user_domain_id;
|
'trustee/user_domain_name': value => $keystone_user_domain_name;
|
||||||
'trustee/project_domain_name': value => $keystone_project_domain_name_real;
|
'clients_keystone/auth_uri': value => $auth_url;
|
||||||
'trustee/user_domain_name': value => $keystone_user_domain_name_real;
|
|
||||||
'clients_keystone/auth_uri': value => $auth_url_real;
|
|
||||||
'clients_heat/url': value => $heat_clients_url;
|
'clients_heat/url': value => $heat_clients_url;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -223,31 +223,21 @@ class heat::keystone::authtoken(
|
|||||||
$token_cache_time = $::os_service_default,
|
$token_cache_time = $::os_service_default,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
if is_service_default($password) and ! $::heat::keystone_password {
|
if is_service_default($password) {
|
||||||
fail('Please set password for heat service user')
|
fail('Please set password for heat service user')
|
||||||
}
|
}
|
||||||
|
|
||||||
$auth_uri_real = pick($::heat::auth_uri, $auth_uri)
|
|
||||||
$auth_url_real = pick($::heat::identity_uri, $auth_url)
|
|
||||||
$auth_type_real = pick($::heat::auth_plugin, $auth_type)
|
|
||||||
$username_real = pick($::heat::keystone_user, $username)
|
|
||||||
$password_real = pick($::heat::keystone_password, $password)
|
|
||||||
$project_name_real = pick($::heat::keystone_tenant, $project_name)
|
|
||||||
$user_domain_name_real = pick($::heat::keystone_user_domain_name, $user_domain_name)
|
|
||||||
$project_domain_name_real = pick($::heat::keystone_project_domain_name, $project_domain_name)
|
|
||||||
$memcached_servers_real = pick($::heat::memcached_servers, $memcached_servers)
|
|
||||||
|
|
||||||
keystone::resource::authtoken { 'heat_config':
|
keystone::resource::authtoken { 'heat_config':
|
||||||
username => $username_real,
|
username => $username,
|
||||||
password => $password_real,
|
password => $password,
|
||||||
project_name => $project_name_real,
|
project_name => $project_name,
|
||||||
auth_url => $auth_url_real,
|
auth_url => $auth_url,
|
||||||
auth_uri => $auth_uri_real,
|
auth_uri => $auth_uri,
|
||||||
auth_version => $auth_version,
|
auth_version => $auth_version,
|
||||||
auth_type => $auth_type_real,
|
auth_type => $auth_type,
|
||||||
auth_section => $auth_section,
|
auth_section => $auth_section,
|
||||||
user_domain_name => $user_domain_name_real,
|
user_domain_name => $user_domain_name,
|
||||||
project_domain_name => $project_domain_name_real,
|
project_domain_name => $project_domain_name,
|
||||||
insecure => $insecure,
|
insecure => $insecure,
|
||||||
cache => $cache,
|
cache => $cache,
|
||||||
cafile => $cafile,
|
cafile => $cafile,
|
||||||
@ -268,7 +258,7 @@ class heat::keystone::authtoken(
|
|||||||
memcache_security_strategy => $memcache_security_strategy,
|
memcache_security_strategy => $memcache_security_strategy,
|
||||||
memcache_use_advanced_pool => $memcache_use_advanced_pool,
|
memcache_use_advanced_pool => $memcache_use_advanced_pool,
|
||||||
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
||||||
memcached_servers => $memcached_servers_real,
|
memcached_servers => $memcached_servers,
|
||||||
region_name => $region_name,
|
region_name => $region_name,
|
||||||
revocation_cache_time => $revocation_cache_time,
|
revocation_cache_time => $revocation_cache_time,
|
||||||
signing_dir => $signing_dir,
|
signing_dir => $signing_dir,
|
||||||
|
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
other:
|
||||||
|
- removed deprecated heat::auth_uri
|
||||||
|
- removed deprecated heat::identity_uri
|
||||||
|
- removed deprecated heat::auth_plugin
|
||||||
|
- removed deprecated heat::keystone_user
|
||||||
|
- removed deprecated heat::keystone_password
|
||||||
|
- removed deprecated heat::keystone_tenant
|
||||||
|
- removed deprecated heat::keystone_user_domain_name
|
||||||
|
- removed deprecated heat::keystone_user_domain_id
|
||||||
|
- removed deprecated heat::keystone_project_domain_name
|
||||||
|
- removed deprecated heat::keystone_project_domain_id
|
||||||
|
- removed deprecated heat::memcached_servers
|
@ -97,8 +97,10 @@ describe 'heat::api_cfn' do
|
|||||||
|
|
||||||
context 'with $sync_db set to false in ::heat' do
|
context 'with $sync_db set to false in ::heat' do
|
||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"class {'heat':
|
"class { '::heat::keystone::authtoken':
|
||||||
keystone_password => 'password',
|
password => 'a_big_secret',
|
||||||
|
}
|
||||||
|
class {'heat':
|
||||||
sync_db => false
|
sync_db => false
|
||||||
}"
|
}"
|
||||||
end
|
end
|
||||||
|
@ -98,8 +98,10 @@ describe 'heat::api_cloudwatch' do
|
|||||||
|
|
||||||
context 'with $sync_db set to false in ::heat' do
|
context 'with $sync_db set to false in ::heat' do
|
||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"class {'heat':
|
"class { '::heat::keystone::authtoken':
|
||||||
keystone_password => 'password',
|
password => 'a_big_secret',
|
||||||
|
}
|
||||||
|
class {'heat':
|
||||||
sync_db => false
|
sync_db => false
|
||||||
}"
|
}"
|
||||||
end
|
end
|
||||||
|
@ -97,9 +97,11 @@ describe 'heat::api' do
|
|||||||
|
|
||||||
context 'with $sync_db set to false in ::heat' do
|
context 'with $sync_db set to false in ::heat' do
|
||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"class {'heat':
|
"class { '::heat::keystone::authtoken':
|
||||||
keystone_password => 'password',
|
password => 'a_big_secret',
|
||||||
sync_db => false
|
}
|
||||||
|
class {'heat':
|
||||||
|
sync_db => false,
|
||||||
}"
|
}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
require 'spec_helper'
|
require 'spec_helper'
|
||||||
|
|
||||||
describe 'heat' do
|
describe 'heat' do
|
||||||
|
let :pre_condition do
|
||||||
|
"class { '::heat::keystone::authtoken':
|
||||||
|
password => 'secretpassword',
|
||||||
|
}"
|
||||||
|
end
|
||||||
|
|
||||||
let :params do
|
let :params do
|
||||||
{
|
{
|
||||||
@ -17,7 +22,6 @@ describe 'heat' do
|
|||||||
:database_idle_timeout => 3600,
|
:database_idle_timeout => 3600,
|
||||||
:keystone_ec2_uri => 'http://127.0.0.1:5000/v2.0/ec2tokens',
|
:keystone_ec2_uri => 'http://127.0.0.1:5000/v2.0/ec2tokens',
|
||||||
:flavor => 'keystone',
|
:flavor => 'keystone',
|
||||||
:keystone_password => 'secretpassword',
|
|
||||||
:heat_clients_url => '<SERVICE DEFAULT>',
|
:heat_clients_url => '<SERVICE DEFAULT>',
|
||||||
:purge_config => false,
|
:purge_config => false,
|
||||||
:yaql_limit_iterators => 400,
|
:yaql_limit_iterators => 400,
|
||||||
@ -104,12 +108,10 @@ describe 'heat' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
it 'configures project_domain_*' do
|
it 'configures project_domain_*' do
|
||||||
is_expected.to contain_heat_config('trustee/project_domain_id').with_value('<SERVICE DEFAULT>')
|
|
||||||
is_expected.to contain_heat_config('trustee/project_domain_name').with_value( 'Default' )
|
is_expected.to contain_heat_config('trustee/project_domain_name').with_value( 'Default' )
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'configures user_domain_*' do
|
it 'configures user_domain_*' do
|
||||||
is_expected.to contain_heat_config('trustee/user_domain_id').with_value('<SERVICE DEFAULT>')
|
|
||||||
is_expected.to contain_heat_config('trustee/user_domain_name').with_value( 'Default' )
|
is_expected.to contain_heat_config('trustee/user_domain_name').with_value( 'Default' )
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -160,7 +162,6 @@ describe 'heat' do
|
|||||||
is_expected.to contain_heat_config('clients_heat/url').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_heat_config('clients_heat/url').with_value('<SERVICE DEFAULT>')
|
||||||
end
|
end
|
||||||
|
|
||||||
it_configures "with default auth method"
|
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'rabbit without HA support (with backward compatibility)' do
|
shared_examples_for 'rabbit without HA support (with backward compatibility)' do
|
||||||
@ -374,21 +375,9 @@ describe 'heat' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for "with default auth method" do
|
|
||||||
it 'configures auth_uri, identity_uri, admin_tenant_name, admin_user, admin_password' do
|
|
||||||
is_expected.to contain_heat_config('keystone_authtoken/auth_uri').with_value("http://127.0.0.1:5000/")
|
|
||||||
is_expected.to contain_heat_config('keystone_authtoken/auth_url').with_value("http://127.0.0.1:35357/")
|
|
||||||
is_expected.to contain_heat_config('keystone_authtoken/project_name').with_value("services")
|
|
||||||
is_expected.to contain_heat_config('keystone_authtoken/username').with_value("heat")
|
|
||||||
is_expected.to contain_heat_config('keystone_authtoken/password').with_secret( true )
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
shared_examples_for "with custom keystone project_domain_* and user_domain_*" do
|
shared_examples_for "with custom keystone project_domain_* and user_domain_*" do
|
||||||
before do
|
before do
|
||||||
params.merge!({
|
params.merge!({
|
||||||
:keystone_project_domain_id => 'domain1',
|
|
||||||
:keystone_user_domain_id => 'domain1',
|
|
||||||
:keystone_project_domain_name => 'domain1',
|
:keystone_project_domain_name => 'domain1',
|
||||||
:keystone_user_domain_name => 'domain1',
|
:keystone_user_domain_name => 'domain1',
|
||||||
})
|
})
|
||||||
@ -396,8 +385,6 @@ describe 'heat' do
|
|||||||
it 'configures project_domain_* and user_domain_*' do
|
it 'configures project_domain_* and user_domain_*' do
|
||||||
is_expected.to contain_heat_config('trustee/project_domain_name').with_value("domain1");
|
is_expected.to contain_heat_config('trustee/project_domain_name').with_value("domain1");
|
||||||
is_expected.to contain_heat_config('trustee/user_domain_name').with_value("domain1");
|
is_expected.to contain_heat_config('trustee/user_domain_name').with_value("domain1");
|
||||||
is_expected.to contain_heat_config('trustee/project_domain_id').with_value("domain1");
|
|
||||||
is_expected.to contain_heat_config('trustee/user_domain_id').with_value("domain1");
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user