From f60b27493ae85babc19b35961e57189ba32eb23d Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Tue, 14 Mar 2017 16:39:07 +0100 Subject: [PATCH] Add domain parameters to switch, neutron and glance auth modules These are required to use Identity v3 authentication with them. Change-Id: I50068d5f29641fb0f01cf1ded3487bb44b324558 Related-Bug: #1661250 --- manifests/glance.pp | 12 +++++++ manifests/neutron.pp | 36 ++++++++++++------- manifests/swift.pp | 32 +++++++++++------ ...-glance-neutron-idv3-e235313691da667b.yaml | 6 ++++ spec/classes/ironic_glance_spec.rb | 26 +++++++++----- spec/classes/ironic_neutron_spec.rb | 18 ++++++---- spec/classes/ironic_swift_spec.rb | 16 ++++++--- 7 files changed, 105 insertions(+), 41 deletions(-) create mode 100644 releasenotes/notes/swift-glance-neutron-idv3-e235313691da667b.yaml diff --git a/manifests/glance.pp b/manifests/glance.pp index 9962756c..566372a1 100644 --- a/manifests/glance.pp +++ b/manifests/glance.pp @@ -32,6 +32,14 @@ # The admin password for ironic to connect to glance. # Defaults to $::os_service_default # +# [*user_domain_name*] +# The name of user's domain (required for Identity V3). +# Defaults to $::os_service_default +# +# [*project_domain_name*] +# The name of project's domain (required for Identity V3). +# Defaults to $::os_service_default +# # [*api_servers*] # (optional) A list of the glance api servers available to ironic. # Should be an array with [hostname|ip]:port @@ -66,6 +74,8 @@ class ironic::glance ( $project_name = 'services', $username = 'ironic', $password = $::os_service_default, + $user_domain_name = $::os_service_default, + $project_domain_name = $::os_service_default, $api_servers = $::os_service_default, $num_retries = $::os_service_default, $api_insecure = $::os_service_default, @@ -94,6 +104,8 @@ class ironic::glance ( 'glance/password': value => $password, secret => true; 'glance/auth_url': value => $auth_url; 'glance/project_name': value => $project_name; + 'glance/user_domain_name': value => $user_domain_name; + 'glance/project_domain_name': value => $project_domain_name; 'glance/glance_api_servers': value => $api_servers_converted; 'glance/glance_num_retries': value => $num_retries_real; 'glance/glance_api_insecure': value => $api_insecure_real; diff --git a/manifests/neutron.pp b/manifests/neutron.pp index a5abd39a..f8cbd5d9 100644 --- a/manifests/neutron.pp +++ b/manifests/neutron.pp @@ -36,23 +36,35 @@ # The admin password for ironic to connect to neutron. # Defaults to $::os_service_default # +# [*user_domain_name*] +# The name of user's domain (required for Identity V3). +# Defaults to $::os_service_default +# +# [*project_domain_name*] +# The name of project's domain (required for Identity V3). +# Defaults to $::os_service_default +# class ironic::neutron ( - $api_endpoint = $::os_service_default, - $auth_type = 'password', - $auth_url = $::os_service_default, - $project_name = 'services', - $username = 'ironic', - $password = $::os_service_default, + $api_endpoint = $::os_service_default, + $auth_type = 'password', + $auth_url = $::os_service_default, + $project_name = 'services', + $username = 'ironic', + $password = $::os_service_default, + $user_domain_name = $::os_service_default, + $project_domain_name = $::os_service_default, ) { $api_endpoint_real = pick($::ironic::api::neutron_url, $api_endpoint) ironic_config { - 'neutron/url': value => $api_endpoint_real; - 'neutron/auth_type': value => $auth_type; - 'neutron/username': value => $username; - 'neutron/password': value => $password, secret => true; - 'neutron/auth_url': value => $auth_url; - 'neutron/project_name': value => $project_name; + 'neutron/url': value => $api_endpoint_real; + 'neutron/auth_type': value => $auth_type; + 'neutron/username': value => $username; + 'neutron/password': value => $password, secret => true; + 'neutron/auth_url': value => $auth_url; + 'neutron/project_name': value => $project_name; + 'neutron/user_domain_name': value => $user_domain_name; + 'neutron/project_domain_name': value => $project_domain_name; } } diff --git a/manifests/swift.pp b/manifests/swift.pp index 79a4107a..265a3cce 100644 --- a/manifests/swift.pp +++ b/manifests/swift.pp @@ -32,19 +32,31 @@ # The admin password for ironic to connect to swift. # Defaults to $::os_service_default # +# [*user_domain_name*] +# The name of user's domain (required for Identity V3). +# Defaults to $::os_service_default +# +# [*project_domain_name*] +# The name of project's domain (required for Identity V3). +# Defaults to $::os_service_default +# class ironic::swift ( - $auth_type = 'password', - $auth_url = $::os_service_default, - $project_name = 'services', - $username = 'ironic', - $password = $::os_service_default, + $auth_type = 'password', + $auth_url = $::os_service_default, + $project_name = 'services', + $username = 'ironic', + $password = $::os_service_default, + $user_domain_name = $::os_service_default, + $project_domain_name = $::os_service_default, ) { ironic_config { - 'swift/auth_type': value => $auth_type; - 'swift/username': value => $username; - 'swift/password': value => $password, secret => true; - 'swift/auth_url': value => $auth_url; - 'swift/project_name': value => $project_name; + 'swift/auth_type': value => $auth_type; + 'swift/username': value => $username; + 'swift/password': value => $password, secret => true; + 'swift/auth_url': value => $auth_url; + 'swift/project_name': value => $project_name; + 'swift/user_domain_name': value => $user_domain_name; + 'swift/project_domain_name': value => $project_domain_name; } } diff --git a/releasenotes/notes/swift-glance-neutron-idv3-e235313691da667b.yaml b/releasenotes/notes/swift-glance-neutron-idv3-e235313691da667b.yaml new file mode 100644 index 00000000..96768f1c --- /dev/null +++ b/releasenotes/notes/swift-glance-neutron-idv3-e235313691da667b.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add "user_domain_name" and "project_domain_name" to "ironic::glance", + "ironic::swift" and "ironic::neutron" manifests. These are required to + support Identity v3 authentication. diff --git a/spec/classes/ironic_glance_spec.rb b/spec/classes/ironic_glance_spec.rb index 9bc5e4ca..6700d842 100644 --- a/spec/classes/ironic_glance_spec.rb +++ b/spec/classes/ironic_glance_spec.rb @@ -39,6 +39,8 @@ describe 'ironic::glance' do is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('glance/username').with_value(p[:username]) is_expected.to contain_ironic_config('glance/password').with_value('').with_secret(true) + is_expected.to contain_ironic_config('glance/user_domain_name').with_value('') + is_expected.to contain_ironic_config('glance/project_domain_name').with_value('') is_expected.to contain_ironic_config('glance/glance_api_servers').with_value('') is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value('') is_expected.to contain_ironic_config('glance/glance_num_retries').with_value('') @@ -55,6 +57,8 @@ describe 'ironic::glance' do :project_name => 'project1', :username => 'admin', :password => 'pa$$w0rd', + :user_domain_name => 'NonDefault', + :project_domain_name => 'NonDefault', :api_servers => '10.0.0.1:9292', :api_insecure => true, :num_retries => 42, @@ -70,6 +74,8 @@ describe 'ironic::glance' do is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('glance/username').with_value(p[:username]) is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name]) + is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers]) is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure]) is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries]) @@ -82,14 +88,16 @@ describe 'ironic::glance' do context 'when overriding parameters with 2 glance servers' do before :each do params.merge!( - :auth_type => 'noauth', - :auth_url => 'http://example.com', - :project_name => 'project1', - :username => 'admin', - :password => 'pa$$w0rd', - :api_servers => ['10.0.0.1:9292','10.0.0.2:9292'], - :api_insecure => true, - :num_retries => 42 + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :user_domain_name => 'NonDefault', + :project_domain_name => 'NonDefault', + :api_servers => ['10.0.0.1:9292','10.0.0.2:9292'], + :api_insecure => true, + :num_retries => 42 ) end @@ -99,6 +107,8 @@ describe 'ironic::glance' do is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('glance/username').with_value(p[:username]) is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name]) + is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers].join(',')) is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure]) is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries]) diff --git a/spec/classes/ironic_neutron_spec.rb b/spec/classes/ironic_neutron_spec.rb index 88c4ddee..476b61d3 100644 --- a/spec/classes/ironic_neutron_spec.rb +++ b/spec/classes/ironic_neutron_spec.rb @@ -40,17 +40,21 @@ describe 'ironic::neutron' do is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('neutron/username').with_value(p[:username]) is_expected.to contain_ironic_config('neutron/password').with_value('').with_secret(true) + is_expected.to contain_ironic_config('neutron/user_domain_name').with_value('') + is_expected.to contain_ironic_config('neutron/project_domain_name').with_value('') end context 'when overriding parameters' do before :each do params.merge!( - :api_endpoint => 'http://neutron.example.com', - :auth_type => 'noauth', - :auth_url => 'http://example.com', - :project_name => 'project1', - :username => 'admin', - :password => 'pa$$w0rd', + :api_endpoint => 'http://neutron.example.com', + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :user_domain_name => 'NonDefault', + :project_domain_name => 'NonDefault', ) end @@ -61,6 +65,8 @@ describe 'ironic::neutron' do is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('neutron/username').with_value(p[:username]) is_expected.to contain_ironic_config('neutron/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_config('neutron/user_domain_name').with_value(p[:user_domain_name]) + is_expected.to contain_ironic_config('neutron/project_domain_name').with_value(p[:project_domain_name]) end end diff --git a/spec/classes/ironic_swift_spec.rb b/spec/classes/ironic_swift_spec.rb index 0ed0773b..5738fba3 100644 --- a/spec/classes/ironic_swift_spec.rb +++ b/spec/classes/ironic_swift_spec.rb @@ -39,16 +39,20 @@ describe 'ironic::swift' do is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('swift/username').with_value(p[:username]) is_expected.to contain_ironic_config('swift/password').with_value('').with_secret(true) + is_expected.to contain_ironic_config('swift/user_domain_name').with_value('') + is_expected.to contain_ironic_config('swift/project_domain_name').with_value('') end context 'when overriding parameters' do before :each do params.merge!( - :auth_type => 'noauth', - :auth_url => 'http://example.com', - :project_name => 'project1', - :username => 'admin', - :password => 'pa$$w0rd', + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :user_domain_name => 'NonDefault', + :project_domain_name => 'NonDefault', ) end @@ -58,6 +62,8 @@ describe 'ironic::swift' do is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('swift/username').with_value(p[:username]) is_expected.to contain_ironic_config('swift/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_config('swift/user_domain_name').with_value(p[:user_domain_name]) + is_expected.to contain_ironic_config('swift/project_domain_name').with_value(p[:project_domain_name]) end end