Make ironic-inspector password optional

The credential to interact with ironic-inspector is not needed when
only in-bound introspection is used.

Change-Id: Ife067d97f9a8affbbce398b52a4178f59d5533e3
This commit is contained in:
Takashi Kajinami 2024-09-21 23:44:39 +09:00
parent ac6dc711ec
commit eb1753ad03
2 changed files with 35 additions and 6 deletions

View File

@ -15,7 +15,7 @@
# Configure how Ironic talks to Ironic Inspector. # Configure how Ironic talks to Ironic Inspector.
# #
# [*password*] # [*password*]
# (Required) The admin password for ironic to connect to ironic-inspector. # (Optional) The admin password for ironic to connect to ironic-inspector.
# #
# [*auth_type*] # [*auth_type*]
# (Optional) The authentication plugin to use when connecting to # (Optional) The authentication plugin to use when connecting to
@ -90,8 +90,8 @@
# (Optional) Mapping of IP subnet CIDR to physical network. # (Optional) Mapping of IP subnet CIDR to physical network.
# #
class ironic::drivers::inspector ( class ironic::drivers::inspector (
$password, $password = undef,
$auth_type = 'password', $auth_type = undef,
$auth_url = 'http://127.0.0.1:5000', $auth_url = 'http://127.0.0.1:5000',
$project_name = 'services', $project_name = 'services',
$username = 'ironic', $username = 'ironic',
@ -112,6 +112,20 @@ class ironic::drivers::inspector (
include ironic::deps include ironic::deps
if $auth_type {
if $password == undef {
fail('The password parameter is required to use ironic-inspector')
}
$auth_type_real = $auth_type
$password_real = $password
} elsif $password {
$auth_type_real = 'password'
$password_real = $password
} else {
$auth_type_real = $facts['os_service_default']
$password_real = $facts['os_service_default']
}
if is_service_default($system_scope) { if is_service_default($system_scope) {
$project_name_real = $project_name $project_name_real = $project_name
$project_domain_name_real = $project_domain_name $project_domain_name_real = $project_domain_name
@ -130,9 +144,9 @@ class ironic::drivers::inspector (
} }
ironic_config { ironic_config {
'inspector/auth_type': value => $auth_type; 'inspector/auth_type': value => $auth_type_real;
'inspector/username': value => $username; 'inspector/username': value => $username;
'inspector/password': value => $password, secret => true; 'inspector/password': value => $password_real, secret => true;
'inspector/auth_url': value => $auth_url; 'inspector/auth_url': value => $auth_url;
'inspector/project_name': value => $project_name_real; 'inspector/project_name': value => $project_name_real;
'inspector/user_domain_name': value => $user_domain_name; 'inspector/user_domain_name': value => $user_domain_name;

View File

@ -40,10 +40,25 @@ describe 'ironic::drivers::inspector' do
is_expected.to contain_ironic_config('inspector/physical_network_cidr_map').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('inspector/physical_network_cidr_map').with_value('<SERVICE DEFAULT>')
end end
context 'without password' do
let :params do
{}
end
it 'configures ironic.conf' do
is_expected.to contain_ironic_config('inspector/auth_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('inspector/auth_url').with_value('http://127.0.0.1:5000')
is_expected.to contain_ironic_config('inspector/project_name').with_value('services')
is_expected.to contain_ironic_config('inspector/username').with_value('ironic')
is_expected.to contain_ironic_config('inspector/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('inspector/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('inspector/project_domain_name').with_value('Default')
end
end
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'v3password',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',