Make ironic-inspector password optional

The credential to interact with ironic-inspector is not needed when only in-bound introspection is used. Change-Id: Ife067d97f9a8affbbce398b52a4178f59d5533e3
2024-09-21 23:44:39 +09:00 · 2024-09-21 23:44:39 +09:00 · eb1753ad03
commit eb1753ad03
parent ac6dc711ec
2 changed files with 35 additions and 6 deletions
--- a/manifests/drivers/inspector.pp
+++ b/manifests/drivers/inspector.pp
@ -15,7 +15,7 @@
 # Configure how Ironic talks to Ironic Inspector.
 #
 # [*password*]
-#   (Required) The admin password for ironic to connect to ironic-inspector.
+#   (Optional) The admin password for ironic to connect to ironic-inspector.
 #
 # [*auth_type*]
 #   (Optional) The authentication plugin to use when connecting to
@ -90,8 +90,8 @@
 #   (Optional) Mapping of IP subnet CIDR to physical network.
 #
 class ironic::drivers::inspector (
-  $password,
-  $auth_type                      = 'password',
+  $password                       = undef,
+  $auth_type                      = undef,
  $auth_url                       = 'http://127.0.0.1:5000',
  $project_name                   = 'services',
  $username                       = 'ironic',
@ -112,6 +112,20 @@ class ironic::drivers::inspector (

  include ironic::deps

+  if $auth_type {
+    if $password == undef {
+      fail('The password parameter is required to use ironic-inspector')
+    }
+    $auth_type_real = $auth_type
+    $password_real = $password
+  } elsif $password {
+    $auth_type_real = 'password'
+    $password_real = $password
+  } else {
+    $auth_type_real = $facts['os_service_default']
+    $password_real = $facts['os_service_default']
+  }
+
  if is_service_default($system_scope) {
    $project_name_real = $project_name
    $project_domain_name_real = $project_domain_name
@ -130,9 +144,9 @@ class ironic::drivers::inspector (
  }

  ironic_config {
-    'inspector/auth_type':                  value => $auth_type;
+    'inspector/auth_type':                  value => $auth_type_real;
    'inspector/username':                   value => $username;
-    'inspector/password':                   value => $password, secret => true;
+    'inspector/password':                   value => $password_real, secret => true;
    'inspector/auth_url':                   value => $auth_url;
    'inspector/project_name':               value => $project_name_real;
    'inspector/user_domain_name':           value => $user_domain_name;
--- a/spec/classes/ironic_drivers_inspector_spec.rb
+++ b/spec/classes/ironic_drivers_inspector_spec.rb
@ -40,10 +40,25 @@ describe 'ironic::drivers::inspector' do
      is_expected.to contain_ironic_config('inspector/physical_network_cidr_map').with_value('<SERVICE DEFAULT>')
    end

+    context 'without password' do
+      let :params do
+        {}
+      end
+      it 'configures ironic.conf' do
+        is_expected.to contain_ironic_config('inspector/auth_type').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_ironic_config('inspector/auth_url').with_value('http://127.0.0.1:5000')
+        is_expected.to contain_ironic_config('inspector/project_name').with_value('services')
+        is_expected.to contain_ironic_config('inspector/username').with_value('ironic')
+        is_expected.to contain_ironic_config('inspector/password').with_value('<SERVICE DEFAULT>').with_secret(true)
+        is_expected.to contain_ironic_config('inspector/user_domain_name').with_value('Default')
+        is_expected.to contain_ironic_config('inspector/project_domain_name').with_value('Default')
+      end
+    end
+
    context 'when overriding parameters' do
      before :each do
        params.merge!(
-          :auth_type                   => 'noauth',
+          :auth_type                   => 'v3password',
          :auth_url                    => 'http://example.com',
          :project_name                => 'project1',
          :username                    => 'admin',