Add separate manifest for configuring access from ironic to inspector

Without these parameters ironic uses keystone_authtoken credentials. This is deprecated since Newton and can be removed at any moment. Also introduce "enabled" and "service_url" options for completeness. Change-Id: I652db2b74924789d1431a89af8e07a68699de697 Partial-Bug: #1661250
2017-03-14 16:16:28 +01:00 · 2017-03-14 16:16:28 +01:00 · 09cb07a7c9
commit 09cb07a7c9
parent d3589fc525
3 changed files with 180 additions and 0 deletions
--- a/manifests/drivers/inspector.pp
+++ b/manifests/drivers/inspector.pp
@ -0,0 +1,80 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: ironic::drivers::inspector
+#
+# Configure how Ironic talks to Ironic Inspector.
+#
+# [*enabled*]
+#   Whether or not to enable ironic-inspector support for inspection.
+#   This option does not affect new-style dynamic drivers and fake_inspector.
+#   Defaults to $::os_service_default
+#
+# [*service_url*]
+#   Ironic Inspector API endpoint. If not provided, the service catalog
+#   is used instead.
+#   Defaults to $::os_service_default
+#
+# [*auth_type*]
+#   The authentication plugin to use when connecting to ironic-inspector.
+#   Defaults to 'password'
+#
+# [*auth_url*]
+#   The address of the keystone api endpoint.
+#   Defaults to $::os_service_default
+#
+# [*project_name*]
+#   The Keystone project name.
+#   Defaults to 'services'
+#
+# [*username*]
+#   The admin username for ironic to connect to ironic-inspector.
+#   Defaults to 'ironic'.
+#
+# [*password*]
+#   The admin password for ironic to connect to ironic-inspector.
+#   Defaults to $::os_service_default
+#
+# [*user_domain_name*]
+#   The name of user's domain (required for Identity V3).
+#   Defaults to $::os_service_default
+#
+# [*project_domain_name*]
+#   The name of project's domain (required for Identity V3).
+#   Defaults to $::os_service_default
+#
+class ironic::drivers::inspector (
+  $enabled             = $::os_service_default,
+  $service_url         = $::os_service_default,
+  $auth_type           = 'password',
+  $auth_url            = $::os_service_default,
+  $project_name        = 'services',
+  $username            = 'ironic',
+  $password            = $::os_service_default,
+  $user_domain_name    = $::os_service_default,
+  $project_domain_name = $::os_service_default,
+) {
+
+  include ::ironic::deps
+
+  ironic_config {
+    'inspector/enabled':             value => $enabled;
+    'inspector/service_url':         value => $service_url;
+    'inspector/auth_type':           value => $auth_type;
+    'inspector/username':            value => $username;
+    'inspector/password':            value => $password, secret => true;
+    'inspector/auth_url':            value => $auth_url;
+    'inspector/project_name':        value => $project_name;
+    'inspector/user_domain_name':    value => $user_domain_name;
+    'inspector/project_domain_name': value => $project_domain_name;
+  }
+}
--- a/releasenotes/notes/inspector-manifest-77e1cb21ba93b55c.yaml
+++ b/releasenotes/notes/inspector-manifest-77e1cb21ba93b55c.yaml
@ -0,0 +1,10 @@
+---
+features:
+  - |
+    New manifest "ironic::drivers::inspector" to set parameters for connecting
+    from ironic to to ironic-inspector.
+    Please set credentials for ironic to access ironic-inspector using this
+    manifest, otherwise ironic falls back to using "keystone_authtoken"
+    credentials, which are deprecated for this purpose.
+
+    Also allows configuring "enabled" and "service_url" parameters.
--- a/spec/classes/ironic_drivers_inspector_spec.rb
+++ b/spec/classes/ironic_drivers_inspector_spec.rb
@ -0,0 +1,90 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Unit tests for ironic::drivers::inspector
+#
+
+require 'spec_helper'
+
+describe 'ironic::drivers::inspector' do
+
+  let :default_params do
+    { :auth_type    => 'password',
+      :project_name => 'services',
+      :username     => 'ironic',
+    }
+  end
+
+  let :params do
+    {}
+  end
+
+  shared_examples_for 'ironic ironic-inspector access configuration' do
+    let :p do
+      default_params.merge(params)
+    end
+
+    it 'configures ironic.conf' do
+      is_expected.to contain_ironic_config('inspector/enabled').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_ironic_config('inspector/service_url').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_ironic_config('inspector/auth_type').with_value(p[:auth_type])
+      is_expected.to contain_ironic_config('inspector/auth_url').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_ironic_config('inspector/project_name').with_value(p[:project_name])
+      is_expected.to contain_ironic_config('inspector/username').with_value(p[:username])
+      is_expected.to contain_ironic_config('inspector/password').with_value('<SERVICE DEFAULT>').with_secret(true)
+      is_expected.to contain_ironic_config('inspector/user_domain_name').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_ironic_config('inspector/project_domain_name').with_value('<SERVICE DEFAULT>')
+    end
+
+    context 'when overriding parameters' do
+      before :each do
+        params.merge!(
+            :enabled             => true,
+            :service_url         => 'http://example.com/inspector',
+            :auth_type           => 'noauth',
+            :auth_url            => 'http://example.com',
+            :project_name        => 'project1',
+            :username            => 'admin',
+            :password            => 'pa$$w0rd',
+            :user_domain_name    => 'NonDefault',
+            :project_domain_name => 'NonDefault',
+        )
+      end
+
+      it 'should replace default parameter with new value' do
+        is_expected.to contain_ironic_config('inspector/enabled').with_value(p[:enabled])
+        is_expected.to contain_ironic_config('inspector/service_url').with_value(p[:service_url])
+        is_expected.to contain_ironic_config('inspector/auth_type').with_value(p[:auth_type])
+        is_expected.to contain_ironic_config('inspector/auth_url').with_value(p[:auth_url])
+        is_expected.to contain_ironic_config('inspector/project_name').with_value(p[:project_name])
+        is_expected.to contain_ironic_config('inspector/username').with_value(p[:username])
+        is_expected.to contain_ironic_config('inspector/password').with_value(p[:password]).with_secret(true)
+        is_expected.to contain_ironic_config('inspector/user_domain_name').with_value(p[:user_domain_name])
+        is_expected.to contain_ironic_config('inspector/project_domain_name').with_value(p[:project_domain_name])
+      end
+    end
+
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_behaves_like 'ironic ironic-inspector access configuration'
+    end
+  end
+
+end