From 09cb1e7cb5e5b4bccd127ce786c45a1bd10b0aeb Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 5 May 2024 00:02:26 +0900 Subject: [PATCH] nova: Omit auth options when notification is disabled If send_power_notifications is false and the notification is disabled, ironic does not need to send requests to Nova. Thus password and the other auth options are not needed. Change-Id: I3f5071b85df029f5db535b2b0cf97edd317bc006 --- manifests/nova.pp | 86 ++++++++++++++++++++------------ spec/classes/ironic_nova_spec.rb | 69 ++++++++++++++++--------- 2 files changed, 101 insertions(+), 54 deletions(-) diff --git a/manifests/nova.pp b/manifests/nova.pp index c6fa545e..2c0925f6 100644 --- a/manifests/nova.pp +++ b/manifests/nova.pp @@ -13,7 +13,9 @@ # == Class: ironic::nova # # [*password*] -# (Required) The admin password for ironic to connect to nova. +# (Optional) The admin password for ironic to connect to nova. +# This is required when send_power_notifications is true. +# Defaults to undef # # [*auth_type*] # (Optional) The authentication plugin to use when connecting to nova. @@ -54,43 +56,65 @@ # # [*send_power_notifications*] # (Optional) Enable the support for power state change callbacks to nova. -# Defaults to $facts['os_service_default'] +# Defaults to true # class ironic::nova ( - $password, - $auth_type = 'password', - $auth_url = 'http://127.0.0.1:5000', - $project_name = 'services', - $username = 'ironic', - $user_domain_name = 'Default', - $project_domain_name = 'Default', - $system_scope = $facts['os_service_default'], - $region_name = $facts['os_service_default'], - $endpoint_override = $facts['os_service_default'], - $send_power_notifications = $facts['os_service_default'], + $password = undef, + $auth_type = 'password', + $auth_url = 'http://127.0.0.1:5000', + $project_name = 'services', + $username = 'ironic', + $user_domain_name = 'Default', + $project_domain_name = 'Default', + $system_scope = $facts['os_service_default'], + $region_name = $facts['os_service_default'], + $endpoint_override = $facts['os_service_default'], + Boolean $send_power_notifications = true, ) { include ironic::deps - if is_service_default($system_scope) { - $project_name_real = $project_name - $project_domain_name_real = $project_domain_name - } else { - $project_name_real = $facts['os_service_default'] - $project_domain_name_real = $facts['os_service_default'] - } - ironic_config { - 'nova/auth_type': value => $auth_type; - 'nova/username': value => $username; - 'nova/password': value => $password, secret => true; - 'nova/auth_url': value => $auth_url; - 'nova/project_name': value => $project_name_real; - 'nova/user_domain_name': value => $user_domain_name; - 'nova/project_domain_name': value => $project_domain_name_real; - 'nova/system_scope': value => $system_scope; - 'nova/region_name': value => $region_name; - 'nova/endpoint_override': value => $endpoint_override; 'nova/send_power_notifications': value => $send_power_notifications; } + + if $send_power_notifications { + if password == undef { + fail('The password parameter is required when send_power_notifications is true') + } + + if is_service_default($system_scope) { + $project_name_real = $project_name + $project_domain_name_real = $project_domain_name + } else { + $project_name_real = $facts['os_service_default'] + $project_domain_name_real = $facts['os_service_default'] + } + + ironic_config { + 'nova/auth_type': value => $auth_type; + 'nova/username': value => $username; + 'nova/password': value => $password, secret => true; + 'nova/auth_url': value => $auth_url; + 'nova/project_name': value => $project_name_real; + 'nova/user_domain_name': value => $user_domain_name; + 'nova/project_domain_name': value => $project_domain_name_real; + 'nova/system_scope': value => $system_scope; + 'nova/region_name': value => $region_name; + 'nova/endpoint_override': value => $endpoint_override; + } + } else { + ironic_config { + 'nova/auth_type': ensure => absent; + 'nova/username': ensure => absent; + 'nova/password': ensure => absent; + 'nova/auth_url': ensure => absent; + 'nova/project_name': ensure => absent; + 'nova/user_domain_name': ensure => absent; + 'nova/project_domain_name': ensure => absent; + 'nova/system_scope': ensure => absent; + 'nova/region_name': ensure => absent; + 'nova/endpoint_override': ensure => absent; + } + } } diff --git a/spec/classes/ironic_nova_spec.rb b/spec/classes/ironic_nova_spec.rb index 0f687d3f..c2031ed6 100644 --- a/spec/classes/ironic_nova_spec.rb +++ b/spec/classes/ironic_nova_spec.rb @@ -17,28 +17,31 @@ require 'spec_helper' describe 'ironic::nova' do - let :params do - { :password => 'secret' } - end - shared_examples_for 'ironic nova configuration' do - it 'configures ironic.conf' do - is_expected.to contain_ironic_config('nova/auth_type').with_value('password') - is_expected.to contain_ironic_config('nova/auth_url').with_value('http://127.0.0.1:5000') - is_expected.to contain_ironic_config('nova/project_name').with_value('services') - is_expected.to contain_ironic_config('nova/username').with_value('ironic') - is_expected.to contain_ironic_config('nova/password').with_value('secret').with_secret(true) - is_expected.to contain_ironic_config('nova/user_domain_name').with_value('Default') - is_expected.to contain_ironic_config('nova/project_domain_name').with_value('Default') - is_expected.to contain_ironic_config('nova/system_scope').with_value('') - is_expected.to contain_ironic_config('nova/region_name').with_value('') - is_expected.to contain_ironic_config('nova/endpoint_override').with_value('') - is_expected.to contain_ironic_config('nova/send_power_notifications').with_value('') + context 'with defaults' do + let :params do + { :password => 'secret' } + end + + it 'configures ironic.conf' do + is_expected.to contain_ironic_config('nova/auth_type').with_value('password') + is_expected.to contain_ironic_config('nova/auth_url').with_value('http://127.0.0.1:5000') + is_expected.to contain_ironic_config('nova/project_name').with_value('services') + is_expected.to contain_ironic_config('nova/username').with_value('ironic') + is_expected.to contain_ironic_config('nova/password').with_value('secret').with_secret(true) + is_expected.to contain_ironic_config('nova/user_domain_name').with_value('Default') + is_expected.to contain_ironic_config('nova/project_domain_name').with_value('Default') + is_expected.to contain_ironic_config('nova/system_scope').with_value('') + is_expected.to contain_ironic_config('nova/region_name').with_value('') + is_expected.to contain_ironic_config('nova/endpoint_override').with_value('') + is_expected.to contain_ironic_config('nova/send_power_notifications').with_value(true) + end end context 'when overriding parameters' do - before :each do - params.merge!( + let :params do + { + :password => 'secret', :auth_type => 'noauth', :auth_url => 'http://example.com', :project_name => 'project1', @@ -47,8 +50,8 @@ describe 'ironic::nova' do :project_domain_name => 'NonDefault', :region_name => 'regionTwo', :endpoint_override => 'http://example2.com', - :send_power_notifications => false, - ) + :send_power_notifications => true, + } end it 'should replace default parameter with new value' do @@ -66,10 +69,11 @@ describe 'ironic::nova' do end context 'when system_scope is set' do - before :each do - params.merge!( + let :params do + { + :password => 'secret', :system_scope => 'all', - ) + } end it 'configures system-scoped credential' do @@ -78,6 +82,25 @@ describe 'ironic::nova' do is_expected.to contain_ironic_config('nova/system_scope').with_value('all') end end + + context 'when send_power_notifications is false' do + let :params do + { :send_power_notifications => false } + end + + it 'configures only send_power_notifications' do + is_expected.to contain_ironic_config('nova/auth_type').with_ensure('absent') + is_expected.to contain_ironic_config('nova/auth_url').with_ensure('absent') + is_expected.to contain_ironic_config('nova/project_name').with_ensure('absent') + is_expected.to contain_ironic_config('nova/username').with_ensure('absent') + is_expected.to contain_ironic_config('nova/user_domain_name').with_ensure('absent') + is_expected.to contain_ironic_config('nova/project_domain_name').with_ensure('absent') + is_expected.to contain_ironic_config('nova/region_name').with_ensure('absent') + is_expected.to contain_ironic_config('nova/system_scope').with_ensure('absent') + is_expected.to contain_ironic_config('nova/endpoint_override').with_ensure('absent') + is_expected.to contain_ironic_config('nova/send_power_notifications').with_value(false) + end + end end on_supported_os({