openstack/puppet-ironic
Code Issues Proposed changes

Add separate manifest for configuring access to the service catalog

Browse Source 
Without these parameters ironic uses keystone_authtoken credentials.
This is deprecated since Newton and can be removed at any moment.

Change-Id: I5e4caf484636069dd0cb80abe1f29a6613b4874f
Partial-Bug: #1661250
This commit is contained in:
Dmitry Tantsur 2017-03-14 15:43:02 +01:00
parent d3589fc525
commit a3ca538547
3 changed files with 156 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
manifests/service_catalog.pp Normal file
View File

@ -0,0 +1,64 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: ironic::service_catalog
#
# [*auth_type*]
# The authentication plugin to use when connecting to the service catalog.
# Defaults to 'password'
#
# [*auth_url*]
# The address of the keystone api endpoint.
# Defaults to $::os_service_default
#
# [*project_name*]
# The Keystone project name.
# Defaults to 'services'
#
# [*username*]
# The admin username for ironic to connect to the service catalog.
# Defaults to 'ironic'.
#
# [*password*]
# The admin password for ironic to connect to the service catalog.
# Defaults to $::os_service_default
#
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to $::os_service_default
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to $::os_service_default
#
class ironic::service_catalog (
$auth_type = 'password',
$auth_url = $::os_service_default,
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$user_domain_name = $::os_service_default,
$project_domain_name = $::os_service_default,
) {
include ::ironic::deps
ironic_config {
'service_catalog/auth_type': value => $auth_type;
'service_catalog/username': value => $username;
'service_catalog/password': value => $password, secret => true;
'service_catalog/auth_url': value => $auth_url;
'service_catalog/project_name': value => $project_name;
'service_catalog/user_domain_name': value => $user_domain_name;
'service_catalog/project_domain_name': value => $project_domain_name;
}
}

8
releasenotes/notes/service_catalog-manifest-49d5dd0784109d93.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
New manifest "ironic::service_catalog" to set parameters for connecting to
the service catalog (used to fetch the ironic internal API URL)
Please set credentials for ironic to access the service catalog using this
manifest, otherwise ironic falls back to using "keystone_authtoken"
credentials, which are deprecated for this purpose.

84
spec/classes/ironic_service_catalog_spec.rb Normal file
View File

@ -0,0 +1,84 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::service_catalog
#
require 'spec_helper'
describe 'ironic::service_catalog' do
let :default_params do
{ :auth_type => 'password',
:project_name => 'services',
:username => 'ironic',
}
end
let :params do
{}
end
shared_examples_for 'ironic service catalog access configuration' do
let :p do
default_params.merge(params)
end
it 'configures ironic.conf' do
is_expected.to contain_ironic_config('service_catalog/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_config('service_catalog/auth_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('service_catalog/username').with_value(p[:username])
is_expected.to contain_ironic_config('service_catalog/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_config('service_catalog/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_config('service_catalog/auth_url').with_value(p[:auth_url])
is_expected.to contain_ironic_config('service_catalog/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('service_catalog/username').with_value(p[:username])
is_expected.to contain_ironic_config('service_catalog/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value(p[:project_domain_name])
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic service catalog access configuration'
end
end
end