From 09cb07a7c918c8120e42d4af1ea278058a8e71f0 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Tue, 14 Mar 2017 16:16:28 +0100 Subject: [PATCH] Add separate manifest for configuring access from ironic to inspector Without these parameters ironic uses keystone_authtoken credentials. This is deprecated since Newton and can be removed at any moment. Also introduce "enabled" and "service_url" options for completeness. Change-Id: I652db2b74924789d1431a89af8e07a68699de697 Partial-Bug: #1661250 --- manifests/drivers/inspector.pp | 80 +++++++++++++++++ .../inspector-manifest-77e1cb21ba93b55c.yaml | 10 +++ spec/classes/ironic_drivers_inspector_spec.rb | 90 +++++++++++++++++++ 3 files changed, 180 insertions(+) create mode 100644 manifests/drivers/inspector.pp create mode 100644 releasenotes/notes/inspector-manifest-77e1cb21ba93b55c.yaml create mode 100644 spec/classes/ironic_drivers_inspector_spec.rb diff --git a/manifests/drivers/inspector.pp b/manifests/drivers/inspector.pp new file mode 100644 index 00000000..a017b29c --- /dev/null +++ b/manifests/drivers/inspector.pp @@ -0,0 +1,80 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: ironic::drivers::inspector +# +# Configure how Ironic talks to Ironic Inspector. +# +# [*enabled*] +# Whether or not to enable ironic-inspector support for inspection. +# This option does not affect new-style dynamic drivers and fake_inspector. +# Defaults to $::os_service_default +# +# [*service_url*] +# Ironic Inspector API endpoint. If not provided, the service catalog +# is used instead. +# Defaults to $::os_service_default +# +# [*auth_type*] +# The authentication plugin to use when connecting to ironic-inspector. +# Defaults to 'password' +# +# [*auth_url*] +# The address of the keystone api endpoint. +# Defaults to $::os_service_default +# +# [*project_name*] +# The Keystone project name. +# Defaults to 'services' +# +# [*username*] +# The admin username for ironic to connect to ironic-inspector. +# Defaults to 'ironic'. +# +# [*password*] +# The admin password for ironic to connect to ironic-inspector. +# Defaults to $::os_service_default +# +# [*user_domain_name*] +# The name of user's domain (required for Identity V3). +# Defaults to $::os_service_default +# +# [*project_domain_name*] +# The name of project's domain (required for Identity V3). +# Defaults to $::os_service_default +# +class ironic::drivers::inspector ( + $enabled = $::os_service_default, + $service_url = $::os_service_default, + $auth_type = 'password', + $auth_url = $::os_service_default, + $project_name = 'services', + $username = 'ironic', + $password = $::os_service_default, + $user_domain_name = $::os_service_default, + $project_domain_name = $::os_service_default, +) { + + include ::ironic::deps + + ironic_config { + 'inspector/enabled': value => $enabled; + 'inspector/service_url': value => $service_url; + 'inspector/auth_type': value => $auth_type; + 'inspector/username': value => $username; + 'inspector/password': value => $password, secret => true; + 'inspector/auth_url': value => $auth_url; + 'inspector/project_name': value => $project_name; + 'inspector/user_domain_name': value => $user_domain_name; + 'inspector/project_domain_name': value => $project_domain_name; + } +} diff --git a/releasenotes/notes/inspector-manifest-77e1cb21ba93b55c.yaml b/releasenotes/notes/inspector-manifest-77e1cb21ba93b55c.yaml new file mode 100644 index 00000000..bb6023d9 --- /dev/null +++ b/releasenotes/notes/inspector-manifest-77e1cb21ba93b55c.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + New manifest "ironic::drivers::inspector" to set parameters for connecting + from ironic to to ironic-inspector. + Please set credentials for ironic to access ironic-inspector using this + manifest, otherwise ironic falls back to using "keystone_authtoken" + credentials, which are deprecated for this purpose. + + Also allows configuring "enabled" and "service_url" parameters. diff --git a/spec/classes/ironic_drivers_inspector_spec.rb b/spec/classes/ironic_drivers_inspector_spec.rb new file mode 100644 index 00000000..45388b53 --- /dev/null +++ b/spec/classes/ironic_drivers_inspector_spec.rb @@ -0,0 +1,90 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for ironic::drivers::inspector +# + +require 'spec_helper' + +describe 'ironic::drivers::inspector' do + + let :default_params do + { :auth_type => 'password', + :project_name => 'services', + :username => 'ironic', + } + end + + let :params do + {} + end + + shared_examples_for 'ironic ironic-inspector access configuration' do + let :p do + default_params.merge(params) + end + + it 'configures ironic.conf' do + is_expected.to contain_ironic_config('inspector/enabled').with_value('') + is_expected.to contain_ironic_config('inspector/service_url').with_value('') + is_expected.to contain_ironic_config('inspector/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_config('inspector/auth_url').with_value('') + is_expected.to contain_ironic_config('inspector/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_config('inspector/username').with_value(p[:username]) + is_expected.to contain_ironic_config('inspector/password').with_value('').with_secret(true) + is_expected.to contain_ironic_config('inspector/user_domain_name').with_value('') + is_expected.to contain_ironic_config('inspector/project_domain_name').with_value('') + end + + context 'when overriding parameters' do + before :each do + params.merge!( + :enabled => true, + :service_url => 'http://example.com/inspector', + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :user_domain_name => 'NonDefault', + :project_domain_name => 'NonDefault', + ) + end + + it 'should replace default parameter with new value' do + is_expected.to contain_ironic_config('inspector/enabled').with_value(p[:enabled]) + is_expected.to contain_ironic_config('inspector/service_url').with_value(p[:service_url]) + is_expected.to contain_ironic_config('inspector/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_config('inspector/auth_url').with_value(p[:auth_url]) + is_expected.to contain_ironic_config('inspector/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_config('inspector/username').with_value(p[:username]) + is_expected.to contain_ironic_config('inspector/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_config('inspector/user_domain_name').with_value(p[:user_domain_name]) + is_expected.to contain_ironic_config('inspector/project_domain_name').with_value(p[:project_domain_name]) + end + end + + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'ironic ironic-inspector access configuration' + end + end + +end