Add separate manifest for configuring access from ironic to inspector
Without these parameters ironic uses keystone_authtoken credentials.
This is deprecated since Newton and can be removed at any moment.
Also introduce "enabled" and "service_url" options for completeness.
Change-Id: I652db2b74924789d1431a89af8e07a68699de697
Partial-Bug: #1661250
(cherry picked from commit 09cb07a7c9
)
This commit is contained in:
parent
2c376db42c
commit
d729cacd77
80
manifests/drivers/inspector.pp
Normal file
80
manifests/drivers/inspector.pp
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
# == Class: ironic::drivers::inspector
|
||||||
|
#
|
||||||
|
# Configure how Ironic talks to Ironic Inspector.
|
||||||
|
#
|
||||||
|
# [*enabled*]
|
||||||
|
# Whether or not to enable ironic-inspector support for inspection.
|
||||||
|
# This option does not affect new-style dynamic drivers and fake_inspector.
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*service_url*]
|
||||||
|
# Ironic Inspector API endpoint. If not provided, the service catalog
|
||||||
|
# is used instead.
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*auth_type*]
|
||||||
|
# The authentication plugin to use when connecting to ironic-inspector.
|
||||||
|
# Defaults to 'password'
|
||||||
|
#
|
||||||
|
# [*auth_url*]
|
||||||
|
# The address of the keystone api endpoint.
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*project_name*]
|
||||||
|
# The Keystone project name.
|
||||||
|
# Defaults to 'services'
|
||||||
|
#
|
||||||
|
# [*username*]
|
||||||
|
# The admin username for ironic to connect to ironic-inspector.
|
||||||
|
# Defaults to 'ironic'.
|
||||||
|
#
|
||||||
|
# [*password*]
|
||||||
|
# The admin password for ironic to connect to ironic-inspector.
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*user_domain_name*]
|
||||||
|
# The name of user's domain (required for Identity V3).
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*project_domain_name*]
|
||||||
|
# The name of project's domain (required for Identity V3).
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
class ironic::drivers::inspector (
|
||||||
|
$enabled = $::os_service_default,
|
||||||
|
$service_url = $::os_service_default,
|
||||||
|
$auth_type = 'password',
|
||||||
|
$auth_url = $::os_service_default,
|
||||||
|
$project_name = 'services',
|
||||||
|
$username = 'ironic',
|
||||||
|
$password = $::os_service_default,
|
||||||
|
$user_domain_name = $::os_service_default,
|
||||||
|
$project_domain_name = $::os_service_default,
|
||||||
|
) {
|
||||||
|
|
||||||
|
include ::ironic::deps
|
||||||
|
|
||||||
|
ironic_config {
|
||||||
|
'inspector/enabled': value => $enabled;
|
||||||
|
'inspector/service_url': value => $service_url;
|
||||||
|
'inspector/auth_type': value => $auth_type;
|
||||||
|
'inspector/username': value => $username;
|
||||||
|
'inspector/password': value => $password, secret => true;
|
||||||
|
'inspector/auth_url': value => $auth_url;
|
||||||
|
'inspector/project_name': value => $project_name;
|
||||||
|
'inspector/user_domain_name': value => $user_domain_name;
|
||||||
|
'inspector/project_domain_name': value => $project_domain_name;
|
||||||
|
}
|
||||||
|
}
|
10
releasenotes/notes/inspector-manifest-77e1cb21ba93b55c.yaml
Normal file
10
releasenotes/notes/inspector-manifest-77e1cb21ba93b55c.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
New manifest "ironic::drivers::inspector" to set parameters for connecting
|
||||||
|
from ironic to to ironic-inspector.
|
||||||
|
Please set credentials for ironic to access ironic-inspector using this
|
||||||
|
manifest, otherwise ironic falls back to using "keystone_authtoken"
|
||||||
|
credentials, which are deprecated for this purpose.
|
||||||
|
|
||||||
|
Also allows configuring "enabled" and "service_url" parameters.
|
90
spec/classes/ironic_drivers_inspector_spec.rb
Normal file
90
spec/classes/ironic_drivers_inspector_spec.rb
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
# Unit tests for ironic::drivers::inspector
|
||||||
|
#
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'ironic::drivers::inspector' do
|
||||||
|
|
||||||
|
let :default_params do
|
||||||
|
{ :auth_type => 'password',
|
||||||
|
:project_name => 'services',
|
||||||
|
:username => 'ironic',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{}
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples_for 'ironic ironic-inspector access configuration' do
|
||||||
|
let :p do
|
||||||
|
default_params.merge(params)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configures ironic.conf' do
|
||||||
|
is_expected.to contain_ironic_config('inspector/enabled').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('inspector/service_url').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('inspector/auth_type').with_value(p[:auth_type])
|
||||||
|
is_expected.to contain_ironic_config('inspector/auth_url').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('inspector/project_name').with_value(p[:project_name])
|
||||||
|
is_expected.to contain_ironic_config('inspector/username').with_value(p[:username])
|
||||||
|
is_expected.to contain_ironic_config('inspector/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
||||||
|
is_expected.to contain_ironic_config('inspector/user_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('inspector/project_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when overriding parameters' do
|
||||||
|
before :each do
|
||||||
|
params.merge!(
|
||||||
|
:enabled => true,
|
||||||
|
:service_url => 'http://example.com/inspector',
|
||||||
|
:auth_type => 'noauth',
|
||||||
|
:auth_url => 'http://example.com',
|
||||||
|
:project_name => 'project1',
|
||||||
|
:username => 'admin',
|
||||||
|
:password => 'pa$$w0rd',
|
||||||
|
:user_domain_name => 'NonDefault',
|
||||||
|
:project_domain_name => 'NonDefault',
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should replace default parameter with new value' do
|
||||||
|
is_expected.to contain_ironic_config('inspector/enabled').with_value(p[:enabled])
|
||||||
|
is_expected.to contain_ironic_config('inspector/service_url').with_value(p[:service_url])
|
||||||
|
is_expected.to contain_ironic_config('inspector/auth_type').with_value(p[:auth_type])
|
||||||
|
is_expected.to contain_ironic_config('inspector/auth_url').with_value(p[:auth_url])
|
||||||
|
is_expected.to contain_ironic_config('inspector/project_name').with_value(p[:project_name])
|
||||||
|
is_expected.to contain_ironic_config('inspector/username').with_value(p[:username])
|
||||||
|
is_expected.to contain_ironic_config('inspector/password').with_value(p[:password]).with_secret(true)
|
||||||
|
is_expected.to contain_ironic_config('inspector/user_domain_name').with_value(p[:user_domain_name])
|
||||||
|
is_expected.to contain_ironic_config('inspector/project_domain_name').with_value(p[:project_domain_name])
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts())
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'ironic ironic-inspector access configuration'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
Loading…
Reference in New Issue
Block a user