nova: Omit auth options when notification is disabled

If send_power_notifications is false and the notification is disabled,
ironic does not need to send requests to Nova. Thus password and
the other auth options are not needed.

Change-Id: I3f5071b85df029f5db535b2b0cf97edd317bc006
This commit is contained in:
Takashi Kajinami 2024-05-05 00:02:26 +09:00
parent 1a3c11c6b5
commit 09cb1e7cb5
2 changed files with 101 additions and 54 deletions

View File

@ -13,7 +13,9 @@
# == Class: ironic::nova # == Class: ironic::nova
# #
# [*password*] # [*password*]
# (Required) The admin password for ironic to connect to nova. # (Optional) The admin password for ironic to connect to nova.
# This is required when send_power_notifications is true.
# Defaults to undef
# #
# [*auth_type*] # [*auth_type*]
# (Optional) The authentication plugin to use when connecting to nova. # (Optional) The authentication plugin to use when connecting to nova.
@ -54,43 +56,65 @@
# #
# [*send_power_notifications*] # [*send_power_notifications*]
# (Optional) Enable the support for power state change callbacks to nova. # (Optional) Enable the support for power state change callbacks to nova.
# Defaults to $facts['os_service_default'] # Defaults to true
# #
class ironic::nova ( class ironic::nova (
$password, $password = undef,
$auth_type = 'password', $auth_type = 'password',
$auth_url = 'http://127.0.0.1:5000', $auth_url = 'http://127.0.0.1:5000',
$project_name = 'services', $project_name = 'services',
$username = 'ironic', $username = 'ironic',
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $facts['os_service_default'], $system_scope = $facts['os_service_default'],
$region_name = $facts['os_service_default'], $region_name = $facts['os_service_default'],
$endpoint_override = $facts['os_service_default'], $endpoint_override = $facts['os_service_default'],
$send_power_notifications = $facts['os_service_default'], Boolean $send_power_notifications = true,
) { ) {
include ironic::deps include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $facts['os_service_default']
$project_domain_name_real = $facts['os_service_default']
}
ironic_config { ironic_config {
'nova/auth_type': value => $auth_type;
'nova/username': value => $username;
'nova/password': value => $password, secret => true;
'nova/auth_url': value => $auth_url;
'nova/project_name': value => $project_name_real;
'nova/user_domain_name': value => $user_domain_name;
'nova/project_domain_name': value => $project_domain_name_real;
'nova/system_scope': value => $system_scope;
'nova/region_name': value => $region_name;
'nova/endpoint_override': value => $endpoint_override;
'nova/send_power_notifications': value => $send_power_notifications; 'nova/send_power_notifications': value => $send_power_notifications;
} }
if $send_power_notifications {
if password == undef {
fail('The password parameter is required when send_power_notifications is true')
}
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $facts['os_service_default']
$project_domain_name_real = $facts['os_service_default']
}
ironic_config {
'nova/auth_type': value => $auth_type;
'nova/username': value => $username;
'nova/password': value => $password, secret => true;
'nova/auth_url': value => $auth_url;
'nova/project_name': value => $project_name_real;
'nova/user_domain_name': value => $user_domain_name;
'nova/project_domain_name': value => $project_domain_name_real;
'nova/system_scope': value => $system_scope;
'nova/region_name': value => $region_name;
'nova/endpoint_override': value => $endpoint_override;
}
} else {
ironic_config {
'nova/auth_type': ensure => absent;
'nova/username': ensure => absent;
'nova/password': ensure => absent;
'nova/auth_url': ensure => absent;
'nova/project_name': ensure => absent;
'nova/user_domain_name': ensure => absent;
'nova/project_domain_name': ensure => absent;
'nova/system_scope': ensure => absent;
'nova/region_name': ensure => absent;
'nova/endpoint_override': ensure => absent;
}
}
} }

View File

@ -17,28 +17,31 @@ require 'spec_helper'
describe 'ironic::nova' do describe 'ironic::nova' do
let :params do
{ :password => 'secret' }
end
shared_examples_for 'ironic nova configuration' do shared_examples_for 'ironic nova configuration' do
it 'configures ironic.conf' do context 'with defaults' do
is_expected.to contain_ironic_config('nova/auth_type').with_value('password') let :params do
is_expected.to contain_ironic_config('nova/auth_url').with_value('http://127.0.0.1:5000') { :password => 'secret' }
is_expected.to contain_ironic_config('nova/project_name').with_value('services') end
is_expected.to contain_ironic_config('nova/username').with_value('ironic')
is_expected.to contain_ironic_config('nova/password').with_value('secret').with_secret(true) it 'configures ironic.conf' do
is_expected.to contain_ironic_config('nova/user_domain_name').with_value('Default') is_expected.to contain_ironic_config('nova/auth_type').with_value('password')
is_expected.to contain_ironic_config('nova/project_domain_name').with_value('Default') is_expected.to contain_ironic_config('nova/auth_url').with_value('http://127.0.0.1:5000')
is_expected.to contain_ironic_config('nova/system_scope').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('nova/project_name').with_value('services')
is_expected.to contain_ironic_config('nova/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('nova/username').with_value('ironic')
is_expected.to contain_ironic_config('nova/endpoint_override').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('nova/password').with_value('secret').with_secret(true)
is_expected.to contain_ironic_config('nova/send_power_notifications').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('nova/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('nova/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('nova/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('nova/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('nova/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('nova/send_power_notifications').with_value(true)
end
end end
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do let :params do
params.merge!( {
:password => 'secret',
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
@ -47,8 +50,8 @@ describe 'ironic::nova' do
:project_domain_name => 'NonDefault', :project_domain_name => 'NonDefault',
:region_name => 'regionTwo', :region_name => 'regionTwo',
:endpoint_override => 'http://example2.com', :endpoint_override => 'http://example2.com',
:send_power_notifications => false, :send_power_notifications => true,
) }
end end
it 'should replace default parameter with new value' do it 'should replace default parameter with new value' do
@ -66,10 +69,11 @@ describe 'ironic::nova' do
end end
context 'when system_scope is set' do context 'when system_scope is set' do
before :each do let :params do
params.merge!( {
:password => 'secret',
:system_scope => 'all', :system_scope => 'all',
) }
end end
it 'configures system-scoped credential' do it 'configures system-scoped credential' do
@ -78,6 +82,25 @@ describe 'ironic::nova' do
is_expected.to contain_ironic_config('nova/system_scope').with_value('all') is_expected.to contain_ironic_config('nova/system_scope').with_value('all')
end end
end end
context 'when send_power_notifications is false' do
let :params do
{ :send_power_notifications => false }
end
it 'configures only send_power_notifications' do
is_expected.to contain_ironic_config('nova/auth_type').with_ensure('absent')
is_expected.to contain_ironic_config('nova/auth_url').with_ensure('absent')
is_expected.to contain_ironic_config('nova/project_name').with_ensure('absent')
is_expected.to contain_ironic_config('nova/username').with_ensure('absent')
is_expected.to contain_ironic_config('nova/user_domain_name').with_ensure('absent')
is_expected.to contain_ironic_config('nova/project_domain_name').with_ensure('absent')
is_expected.to contain_ironic_config('nova/region_name').with_ensure('absent')
is_expected.to contain_ironic_config('nova/system_scope').with_ensure('absent')
is_expected.to contain_ironic_config('nova/endpoint_override').with_ensure('absent')
is_expected.to contain_ironic_config('nova/send_power_notifications').with_value(false)
end
end
end end
on_supported_os({ on_supported_os({