Add domain parameters to switch, neutron and glance auth modules

These are required to use Identity v3 authentication with them.

Change-Id: I50068d5f29641fb0f01cf1ded3487bb44b324558
Related-Bug: #1661250
This commit is contained in:
Dmitry Tantsur 2017-03-14 16:39:07 +01:00
parent d3589fc525
commit f60b27493a
7 changed files with 105 additions and 41 deletions

View File

@ -32,6 +32,14 @@
# The admin password for ironic to connect to glance.
# Defaults to $::os_service_default
#
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to $::os_service_default
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to $::os_service_default
#
# [*api_servers*]
# (optional) A list of the glance api servers available to ironic.
# Should be an array with [hostname|ip]:port
@ -66,6 +74,8 @@ class ironic::glance (
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$user_domain_name = $::os_service_default,
$project_domain_name = $::os_service_default,
$api_servers = $::os_service_default,
$num_retries = $::os_service_default,
$api_insecure = $::os_service_default,
@ -94,6 +104,8 @@ class ironic::glance (
'glance/password': value => $password, secret => true;
'glance/auth_url': value => $auth_url;
'glance/project_name': value => $project_name;
'glance/user_domain_name': value => $user_domain_name;
'glance/project_domain_name': value => $project_domain_name;
'glance/glance_api_servers': value => $api_servers_converted;
'glance/glance_num_retries': value => $num_retries_real;
'glance/glance_api_insecure': value => $api_insecure_real;

View File

@ -36,23 +36,35 @@
# The admin password for ironic to connect to neutron.
# Defaults to $::os_service_default
#
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to $::os_service_default
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to $::os_service_default
#
class ironic::neutron (
$api_endpoint = $::os_service_default,
$auth_type = 'password',
$auth_url = $::os_service_default,
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$api_endpoint = $::os_service_default,
$auth_type = 'password',
$auth_url = $::os_service_default,
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$user_domain_name = $::os_service_default,
$project_domain_name = $::os_service_default,
) {
$api_endpoint_real = pick($::ironic::api::neutron_url, $api_endpoint)
ironic_config {
'neutron/url': value => $api_endpoint_real;
'neutron/auth_type': value => $auth_type;
'neutron/username': value => $username;
'neutron/password': value => $password, secret => true;
'neutron/auth_url': value => $auth_url;
'neutron/project_name': value => $project_name;
'neutron/url': value => $api_endpoint_real;
'neutron/auth_type': value => $auth_type;
'neutron/username': value => $username;
'neutron/password': value => $password, secret => true;
'neutron/auth_url': value => $auth_url;
'neutron/project_name': value => $project_name;
'neutron/user_domain_name': value => $user_domain_name;
'neutron/project_domain_name': value => $project_domain_name;
}
}

View File

@ -32,19 +32,31 @@
# The admin password for ironic to connect to swift.
# Defaults to $::os_service_default
#
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to $::os_service_default
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to $::os_service_default
#
class ironic::swift (
$auth_type = 'password',
$auth_url = $::os_service_default,
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$auth_type = 'password',
$auth_url = $::os_service_default,
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$user_domain_name = $::os_service_default,
$project_domain_name = $::os_service_default,
) {
ironic_config {
'swift/auth_type': value => $auth_type;
'swift/username': value => $username;
'swift/password': value => $password, secret => true;
'swift/auth_url': value => $auth_url;
'swift/project_name': value => $project_name;
'swift/auth_type': value => $auth_type;
'swift/username': value => $username;
'swift/password': value => $password, secret => true;
'swift/auth_url': value => $auth_url;
'swift/project_name': value => $project_name;
'swift/user_domain_name': value => $user_domain_name;
'swift/project_domain_name': value => $project_domain_name;
}
}

View File

@ -0,0 +1,6 @@
---
features:
- |
Add "user_domain_name" and "project_domain_name" to "ironic::glance",
"ironic::swift" and "ironic::neutron" manifests. These are required to
support Identity v3 authentication.

View File

@ -39,6 +39,8 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value('<SERVICE DEFAULT>')
@ -55,6 +57,8 @@ describe 'ironic::glance' do
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:api_servers => '10.0.0.1:9292',
:api_insecure => true,
:num_retries => 42,
@ -70,6 +74,8 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers])
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
@ -82,14 +88,16 @@ describe 'ironic::glance' do
context 'when overriding parameters with 2 glance servers' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:api_servers => ['10.0.0.1:9292','10.0.0.2:9292'],
:api_insecure => true,
:num_retries => 42
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:api_servers => ['10.0.0.1:9292','10.0.0.2:9292'],
:api_insecure => true,
:num_retries => 42
)
end
@ -99,6 +107,8 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers].join(','))
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])

View File

@ -40,17 +40,21 @@ describe 'ironic::neutron' do
is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('neutron/username').with_value(p[:username])
is_expected.to contain_ironic_config('neutron/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:api_endpoint => 'http://neutron.example.com',
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:api_endpoint => 'http://neutron.example.com',
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
)
end
@ -61,6 +65,8 @@ describe 'ironic::neutron' do
is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('neutron/username').with_value(p[:username])
is_expected.to contain_ironic_config('neutron/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value(p[:project_domain_name])
end
end

View File

@ -39,16 +39,20 @@ describe 'ironic::swift' do
is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('swift/username').with_value(p[:username])
is_expected.to contain_ironic_config('swift/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('swift/user_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/project_domain_name').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
)
end
@ -58,6 +62,8 @@ describe 'ironic::swift' do
is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('swift/username').with_value(p[:username])
is_expected.to contain_ironic_config('swift/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('swift/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('swift/project_domain_name').with_value(p[:project_domain_name])
end
end