From 1cd6c98b05f52df6f060778500f737f079e063e6 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 18 Dec 2023 01:59:34 +0900 Subject: [PATCH] inspector: Make password parameters required ... because these parameters are actually required for authentication. Also, fix the inconsistent default values of auth_url parameter. Change-Id: Ic2c0e5d51825b7baa5c11be5c8bbf842f60b2f22 --- manifests/inspector/ironic.pp | 33 +++++++------ manifests/inspector/service_catalog.pp | 32 +++++++------ manifests/inspector/swift.pp | 38 +++++++-------- spec/classes/ironic_inspector_ironic_spec.rb | 46 +++++++------------ .../ironic_inspector_service_catalog_spec.rb | 41 ++++++----------- spec/classes/ironic_inspector_swift_spec.rb | 43 ++++++----------- 6 files changed, 97 insertions(+), 136 deletions(-) diff --git a/manifests/inspector/ironic.pp b/manifests/inspector/ironic.pp index 1b050a81..6c7badfc 100644 --- a/manifests/inspector/ironic.pp +++ b/manifests/inspector/ironic.pp @@ -12,32 +12,31 @@ # # == Class: ironic::inspector::ironic # +# [*password*] +# (Required) The admin password for ironic-inspector to connect to ironic. +# # [*auth_type*] -# The authentication plugin to use when connecting to ironic. +# (Optional) The authentication plugin to use when connecting to ironic. # Defaults to 'password' # # [*auth_url*] -# The address of the keystone api endpoint. -# Defaults to 'http://127.0.0.1:5000/v3' +# (Optional) The address of the keystone api endpoint. +# Defaults to 'http://127.0.0.1:5000' # # [*project_name*] -# The Keystone project name. +# (Optional) The Keystone project name. # Defaults to 'services' # # [*username*] -# The admin username for ironic-inspector to connect to ironic. +# (Optional) The admin username for ironic-inspector to connect to ironic. # Defaults to 'ironic'. # -# [*password*] -# The admin password for ironic-inspector to connect to ironic. -# Defaults to $facts['os_service_default'] -# # [*user_domain_name*] -# The name of user's domain (required for Identity V3). +# (Optional) The name of user's domain. # Defaults to 'Default' # # [*project_domain_name*] -# The name of project's domain (required for Identity V3). +# (Optional) The name of project's domain. # Defaults to 'Default' # # [*system_scope*] @@ -45,28 +44,28 @@ # Defaults to $facts['os_service_default'] # # [*region_name*] -# (optional) Region name for connecting to ironic in admin context +# (Optional) Region name for connecting to ironic in admin context # through the OpenStack Identity service. # Defaults to $facts['os_service_default'] # # [*endpoint_override*] -# The endpoint URL for requests for this client +# (Optional) The endpoint URL for requests for this client # Defaults to $facts['os_service_default'] # # [*max_retries*] -# (optional) Maximum number of retries in case of conflict error +# (Optional) Maximum number of retries in case of conflict error # Defaults to $facts['os_service_default'] # # [*retry_interval*] -# (optional) Interval between retries in case of conflict error +# (Optional) Interval between retries in case of conflict error # Defaults to $facts['os_service_default'] # class ironic::inspector::ironic ( + $password, $auth_type = 'password', - $auth_url = 'http://127.0.0.1:5000/v3', + $auth_url = 'http://127.0.0.1:5000', $project_name = 'services', $username = 'ironic', - $password = $facts['os_service_default'], $user_domain_name = 'Default', $project_domain_name = 'Default', $system_scope = $facts['os_service_default'], diff --git a/manifests/inspector/service_catalog.pp b/manifests/inspector/service_catalog.pp index 7c94e8a1..433ba1fd 100644 --- a/manifests/inspector/service_catalog.pp +++ b/manifests/inspector/service_catalog.pp @@ -12,32 +12,34 @@ # # == Class: ironic::inspector::service_catalog # +# [*password*] +# (Required) The admin password for ironic-inspector to connect to the +# service catalog. +# # [*auth_type*] -# The authentication plugin to use when connecting to the service catalog. +# (Optional) The authentication plugin to use when connecting to the service +# catalog. # Defaults to 'password' # # [*auth_url*] -# The address of the keystone api endpoint. -# Defaults to $facts['os_service_default'] +# (Optional) The address of the keystone api endpoint. +# Defaults to 'http://127.0.0.1:5000' # # [*project_name*] -# The Keystone project name. +# (Optional) The Keystone project name. # Defaults to 'services' # # [*username*] -# The admin username for ironic-inspector to connect to the service catalog. +# (Optional) The admin username for ironic-inspector to connect to +# the service catalog. # Defaults to 'ironic'. # -# [*password*] -# The admin password for ironic-inspector to connect to the service catalog. -# Defaults to $facts['os_service_default'] -# # [*user_domain_name*] -# The name of user's domain (required for Identity V3). +# (Optional) The name of user's domain. # Defaults to 'Default' # # [*project_domain_name*] -# The name of project's domain (required for Identity V3). +# (Optional) The name of project's domain. # Defaults to 'Default' # # [*system_scope*] @@ -45,20 +47,20 @@ # Defaults to $facts['os_service_default'] # # [*region_name*] -# (optional) Region name for accessing Keystone catalog +# (Optional) Region name for accessing Keystone catalog # through the OpenStack Identity service. # Defaults to $facts['os_service_default'] # # [*endpoint_override*] -# The endpoint URL for requests for this client +# (Optional) The endpoint URL for requests for this client # Defaults to $facts['os_service_default'] # class ironic::inspector::service_catalog ( + $password, $auth_type = 'password', - $auth_url = $facts['os_service_default'], + $auth_url = 'http://127.0.0.1:5000', $project_name = 'services', $username = 'ironic', - $password = $facts['os_service_default'], $user_domain_name = 'Default', $project_domain_name = 'Default', $system_scope = $facts['os_service_default'], diff --git a/manifests/inspector/swift.pp b/manifests/inspector/swift.pp index 36a05caf..4d4ed839 100644 --- a/manifests/inspector/swift.pp +++ b/manifests/inspector/swift.pp @@ -12,32 +12,32 @@ # # == Class: ironic::inspector::swift # +# [*password*] +# (Required) The admin password for ironic-inspector to connect to swift. +# Defaults to $facts['os_service_default'] +# # [*auth_type*] -# The authentication plugin to use when connecting to swift. +# (Optional) The authentication plugin to use when connecting to swift. # Defaults to 'password' # # [*auth_url*] -# The address of the keystone api endpoint. -# Defaults to $facts['os_service_default'] +# (Optional) The address of the keystone api endpoint. +# Defaults to 'http://127.0.0.1:5000' # # [*project_name*] -# The Keystone project name. +# (Optional) The Keystone project name. # Defaults to 'services' # # [*username*] -# The admin username for ironic-inspector to connect to swift. +# (Optional) The admin username for ironic-inspector to connect to swift. # Defaults to 'ironic'. # -# [*password*] -# The admin password for ironic-inspector to connect to swift. -# Defaults to $facts['os_service_default'] -# # [*user_domain_name*] -# The name of user's domain (required for Identity V3). +# (Optional) The name of user's domain. # Defaults to 'Default' # # [*project_domain_name*] -# The name of project's domain (required for Identity V3). +# (Optional) The name of project's domain. # Defaults to 'Default' # # [*system_scope*] @@ -45,30 +45,30 @@ # Defaults to $facts['os_service_default'] # # [*region_name*] -# (optional) Region name for connecting to swift in admin context +# (Optional) Region name for connecting to swift in admin context # through the OpenStack Identity service. # Defaults to $facts['os_service_default'] # # [*endpoint_override*] -# The endpoint URL for requests for this client +# (Optional) The endpoint URL for requests for this client # Defaults to $facts['os_service_default'] # # [*container*] -# (optional) Default Swift container name to use when creating objects. -# String value -# Defaults to $facts['os_service_default'] +# (Optional) Default Swift container name to use when creating objects. +# String value +# Defaults to $facts['os_service_default'] # # [*delete_after*] -# (optional) Number of seconds that the Swift object will last before being +# (Optional) Number of seconds that the Swift object will last before being # deleted. # Defaults to $facts['os_service_default'] # class ironic::inspector::swift ( + $password, $auth_type = 'password', - $auth_url = $facts['os_service_default'], + $auth_url = 'http://127.0.0.1:5000', $project_name = 'services', $username = 'ironic', - $password = $facts['os_service_default'], $user_domain_name = 'Default', $project_domain_name = 'Default', $system_scope = $facts['os_service_default'], diff --git a/spec/classes/ironic_inspector_ironic_spec.rb b/spec/classes/ironic_inspector_ironic_spec.rb index 0e4f5ded..b3df1739 100644 --- a/spec/classes/ironic_inspector_ironic_spec.rb +++ b/spec/classes/ironic_inspector_ironic_spec.rb @@ -17,29 +17,17 @@ require 'spec_helper' describe 'ironic::inspector::ironic' do - let :default_params do - { :auth_type => 'password', - :auth_url => 'http://127.0.0.1:5000/v3', - :project_name => 'services', - :username => 'ironic', - } - end - let :params do - {} + { :password => 'secret' } end shared_examples_for 'ironic-inspector ironic configuration' do - let :p do - default_params.merge(params) - end - it 'configures ironic.conf' do - is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(p[:auth_type]) - is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:auth_url]) - is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(p[:project_name]) - is_expected.to contain_ironic_inspector_config('ironic/username').with_value(p[:username]) - is_expected.to contain_ironic_inspector_config('ironic/password').with_value('').with_secret(true) + is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value('password') + is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value('http://127.0.0.1:5000') + is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value('services') + is_expected.to contain_ironic_inspector_config('ironic/username').with_value('ironic') + is_expected.to contain_ironic_inspector_config('ironic/password').with_value('secret').with_secret(true) is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('') @@ -56,7 +44,6 @@ describe 'ironic::inspector::ironic' do :auth_url => 'http://example.com', :project_name => 'project1', :username => 'admin', - :password => 'pa$$w0rd', :user_domain_name => 'NonDefault', :project_domain_name => 'NonDefault', :region_name => 'regionTwo', @@ -67,18 +54,17 @@ describe 'ironic::inspector::ironic' do end it 'should replace default parameter with new value' do - is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(p[:auth_type]) - is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:auth_url]) - is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(p[:project_name]) - is_expected.to contain_ironic_inspector_config('ironic/username').with_value(p[:username]) - is_expected.to contain_ironic_inspector_config('ironic/password').with_value(p[:password]).with_secret(true) - is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value(p[:user_domain_name]) - is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value(p[:project_domain_name]) + is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(params[:auth_type]) + is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(params[:auth_url]) + is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(params[:project_name]) + is_expected.to contain_ironic_inspector_config('ironic/username').with_value(params[:username]) + is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value(params[:user_domain_name]) + is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value(params[:project_domain_name]) is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('') - is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value(p[:region_name]) - is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value(p[:endpoint_override]) - is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:max_retries]) - is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value(p[:retry_interval]) + is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value(params[:region_name]) + is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value(params[:endpoint_override]) + is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(params[:max_retries]) + is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value(params[:retry_interval]) end end diff --git a/spec/classes/ironic_inspector_service_catalog_spec.rb b/spec/classes/ironic_inspector_service_catalog_spec.rb index da236cca..a10a5ab4 100644 --- a/spec/classes/ironic_inspector_service_catalog_spec.rb +++ b/spec/classes/ironic_inspector_service_catalog_spec.rb @@ -17,28 +17,17 @@ require 'spec_helper' describe 'ironic::inspector::service_catalog' do - let :default_params do - { :auth_type => 'password', - :project_name => 'services', - :username => 'ironic', - } - end - let :params do - {} + { :password => 'secret' } end shared_examples_for 'ironic-inspector service catalog access configuration' do - let :p do - default_params.merge(params) - end - it 'configures ironic-inspector.conf' do - is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value(p[:auth_type]) - is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value('') - is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value(p[:project_name]) - is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value(p[:username]) - is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value('').with_secret(true) + is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value('password') + is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value('http://127.0.0.1:5000') + is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value('services') + is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value('ironic') + is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value('secret').with_secret(true) is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('') @@ -53,7 +42,6 @@ describe 'ironic::inspector::service_catalog' do :auth_url => 'http://example.com', :project_name => 'project1', :username => 'admin', - :password => 'pa$$w0rd', :user_domain_name => 'NonDefault', :project_domain_name => 'NonDefault', :region_name => 'regionTwo', @@ -62,16 +50,15 @@ describe 'ironic::inspector::service_catalog' do end it 'should replace default parameter with new value' do - is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value(p[:auth_type]) - is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value(p[:auth_url]) - is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value(p[:project_name]) - is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value(p[:username]) - is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value(p[:password]).with_secret(true) - is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value(p[:user_domain_name]) - is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value(p[:project_domain_name]) + is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value(params[:auth_type]) + is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value(params[:auth_url]) + is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value(params[:project_name]) + is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value(params[:username]) + is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value(params[:user_domain_name]) + is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value(params[:project_domain_name]) is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('') - is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value(p[:region_name]) - is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value(p[:endpoint_override]) + is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value(params[:region_name]) + is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value(params[:endpoint_override]) end end diff --git a/spec/classes/ironic_inspector_swift_spec.rb b/spec/classes/ironic_inspector_swift_spec.rb index 3f848ae7..292a7481 100644 --- a/spec/classes/ironic_inspector_swift_spec.rb +++ b/spec/classes/ironic_inspector_swift_spec.rb @@ -17,28 +17,17 @@ require 'spec_helper' describe 'ironic::inspector::swift' do - let :default_params do - { :auth_type => 'password', - :project_name => 'services', - :username => 'ironic', - } - end - let :params do - {} + { :password => 'secret' } end shared_examples_for 'ironic-inspector swift configuration' do - let :p do - default_params.merge(params) - end - it 'configures ironic-inspector.conf' do - is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(p[:auth_type]) - is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value('') - is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(p[:project_name]) - is_expected.to contain_ironic_inspector_config('swift/username').with_value(p[:username]) - is_expected.to contain_ironic_inspector_config('swift/password').with_value('').with_secret(true) + is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value('password') + is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value('http://127.0.0.1:5000') + is_expected.to contain_ironic_inspector_config('swift/project_name').with_value('services') + is_expected.to contain_ironic_inspector_config('swift/username').with_value('ironic') + is_expected.to contain_ironic_inspector_config('swift/password').with_value('secret').with_secret(true) is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('swift/region_name').with_value('') @@ -55,7 +44,6 @@ describe 'ironic::inspector::swift' do :auth_url => 'http://example.com', :project_name => 'project1', :username => 'admin', - :password => 'pa$$w0rd', :user_domain_name => 'NonDefault', :project_domain_name => 'NonDefault', :region_name => 'regionTwo', @@ -66,17 +54,16 @@ describe 'ironic::inspector::swift' do end it 'should replace default parameter with new value' do - is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(p[:auth_type]) - is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value(p[:auth_url]) - is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(p[:project_name]) - is_expected.to contain_ironic_inspector_config('swift/username').with_value(p[:username]) - is_expected.to contain_ironic_inspector_config('swift/password').with_value(p[:password]).with_secret(true) - is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value(p[:user_domain_name]) - is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value(p[:project_domain_name]) - is_expected.to contain_ironic_inspector_config('swift/region_name').with_value(p[:region_name]) + is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(params[:auth_type]) + is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value(params[:auth_url]) + is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(params[:project_name]) + is_expected.to contain_ironic_inspector_config('swift/username').with_value(params[:username]) + is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value(params[:user_domain_name]) + is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value(params[:project_domain_name]) + is_expected.to contain_ironic_inspector_config('swift/region_name').with_value(params[:region_name]) is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('') - is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value(p[:endpoint_override]) - is_expected.to contain_ironic_inspector_config('swift/container').with_value(p[:container]) + is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value(params[:endpoint_override]) + is_expected.to contain_ironic_inspector_config('swift/container').with_value(params[:container]) is_expected.to contain_ironic_inspector_config('swift/delete_after').with_value(0) end end