diff --git a/examples/ldap_backend.pp b/examples/ldap_backend.pp index 0fb7f417e..5c5b7f1bc 100644 --- a/examples/ldap_backend.pp +++ b/examples/ldap_backend.pp @@ -65,8 +65,7 @@ keystone::ldap_backend { 'domain_1': role_allow_create => 'True', role_allow_update => 'True', role_allow_delete => 'True', - identity_driver => 'keystone.identity.backends.ldap.Identity', - assignment_driver => 'keystone.assignment.backends.ldap.Assignment', + identity_driver => 'ldap', use_tls => 'True', tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', tls_req_cert => 'demand', @@ -121,8 +120,7 @@ keystone::ldap_backend { 'domain_2': role_allow_create => 'True', role_allow_update => 'True', role_allow_delete => 'True', - identity_driver => 'keystone.identity.backends.ldap.Identity', - assignment_driver => 'keystone.assignment.backends.ldap.Assignment', + identity_driver => 'ldap', use_tls => 'True', tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', tls_req_cert => 'demand', diff --git a/examples/ldap_full.pp b/examples/ldap_full.pp index 09ce7c8ef..4f61b7fe4 100644 --- a/examples/ldap_full.pp +++ b/examples/ldap_full.pp @@ -58,8 +58,7 @@ class { '::keystone:ldap': role_allow_create => 'True', role_allow_update => 'True', role_allow_delete => 'True', - identity_driver => 'keystone.identity.backends.ldap.Identity', - assignment_driver => 'keystone.assignment.backends.ldap.Assignment', + identity_driver => 'ldap', use_tls => 'True', tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', tls_req_cert => 'demand', diff --git a/examples/ldap_identity.pp b/examples/ldap_identity.pp index f3a578cae..506ef3b24 100644 --- a/examples/ldap_identity.pp +++ b/examples/ldap_identity.pp @@ -12,7 +12,7 @@ class { '::keystone::roles::admin': # This was tested against a FreeIPA box, you will likely need to change the # attributes to match your configuration. class { '::keystone:ldap': - identity_driver => 'keystone.identity.backends.ldap.Identity', + identity_driver => 'ldap', url => 'ldap://ldap.example.com:389', user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com', password => 'SecretPass', diff --git a/manifests/init.pp b/manifests/init.pp index 38dcd5225..77ab7db9d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -60,12 +60,12 @@ # # [*token_provider*] # (optional) Format keystone uses for tokens. -# Defaults to 'keystone.token.providers.uuid.Provider' +# Defaults to 'uuid' # Supports PKI, PKIZ, Fernet, and UUID. # # [*token_driver*] # (optional) Driver to use for managing tokens. -# Defaults to 'keystone.token.persistence.backends.sql.Token' +# Defaults to 'sql' # # [*token_expiration*] # (optional) Amount of time a token should remain valid (seconds). @@ -92,7 +92,7 @@ # (optional) List of memcache servers as a comma separated string of # 'server:port,server:port' or an array of servers ['server:port', # 'server:port']. -# Used with token_driver 'keystone.token.backends.memcache.Token'. +# Used with token_driver 'memcache'. # This configures the memcache/servers for keystone and is used as a default # for $cache_memcache_servers if it is not specified. # Defaults to $::os_service_default @@ -525,8 +525,8 @@ class keystone( $catalog_type = 'sql', $catalog_driver = false, $catalog_template_file = '/etc/keystone/default_catalog.templates', - $token_provider = 'keystone.token.providers.uuid.Provider', - $token_driver = 'keystone.token.persistence.backends.sql.Token', + $token_provider = 'uuid', + $token_driver = 'sql', $token_expiration = 3600, $revoke_driver = $::os_service_default, $revoke_by_id = true, @@ -695,10 +695,6 @@ class keystone( 'revoke/driver': value => $revoke_driver; } - if ($policy_driver =~ /^keystone\.policy\.backends\..*Policy$/) { - warning('policy driver form \'keystone.policy.backends.*Policy\' is deprecated') - } - keystone_config { 'policy/driver': value => $policy_driver; } @@ -762,10 +758,10 @@ class keystone( $catalog_driver_real = $catalog_driver } elsif ($catalog_type == 'template') { - $catalog_driver_real = 'keystone.catalog.backends.templated.Catalog' + $catalog_driver_real = 'templated' } elsif ($catalog_type == 'sql') { - $catalog_driver_real = 'keystone.catalog.backends.sql.Catalog' + $catalog_driver_real = 'sql' } keystone_config { diff --git a/manifests/ldap.pp b/manifests/ldap.pp index 3574ab258..cf7dd55e6 100644 --- a/manifests/ldap.pp +++ b/manifests/ldap.pp @@ -669,25 +669,6 @@ class keystone::ldap( ensure => present, } - # check for some common driver name mistakes - if ($assignment_driver != undef) { - if ! ($assignment_driver =~ /^keystone.assignment.backends.*Assignment$/) { - fail('assignment driver should be of the form \'keystone.assignment.backends.*Assignment\'') - } - } - - if ($identity_driver != undef) { - if ! ($identity_driver =~ /^keystone.identity.backends.*Identity$/) { - fail('identity driver should be of the form \'keystone.identity.backends.*Identity\'') - } - } - - if ($credential_driver != undef) { - if ! ($credential_driver =~ /^keystone.credential.backends.*Credential$/) { - fail('credential driver should be of the form \'keystone.credential.backends.*Credential\'') - } - } - if ($tls_cacertdir != undef) { file { $tls_cacertdir: ensure => directory diff --git a/manifests/ldap_backend.pp b/manifests/ldap_backend.pp index 27731dda0..6b4ca30ab 100644 --- a/manifests/ldap_backend.pp +++ b/manifests/ldap_backend.pp @@ -685,25 +685,6 @@ define keystone::ldap_backend( require => Package['keystone'], }) - # check for some common driver name mistakes - if ($assignment_driver != undef) { - if ! ($assignment_driver =~ /^keystone.assignment.backends.*Assignment$/) { - fail('assigment driver should be of the form \'keystone.assignment.backends.*Assignment\'') - } - } - - if ($identity_driver != undef) { - if ! ($identity_driver =~ /^keystone.identity.backends.*Identity$/) { - fail('identity driver should be of the form \'keystone.identity.backends.*Identity\'') - } - } - - if ($credential_driver != undef) { - if ! ($credential_driver =~ /^keystone.credential.backends.*Credential$/) { - fail('credential driver should be of the form \'keystone.credential.backends.*Credential\'') - } - } - if ($tls_cacertdir != undef) { ensure_resource('file', $tls_cacertdir, { ensure => directory }) } diff --git a/spec/acceptance/keystone_wsgi_apache_spec.rb b/spec/acceptance/keystone_wsgi_apache_spec.rb index 619db8758..effdbb49d 100644 --- a/spec/acceptance/keystone_wsgi_apache_spec.rb +++ b/spec/acceptance/keystone_wsgi_apache_spec.rb @@ -397,16 +397,12 @@ EOC keystone::ldap_backend { 'domain_1_ldap_backend': url => 'ldap://foo', user => 'cn=foo,dc=example,dc=com', - identity_driver => 'keystone.identity.backends.ldap.Identity', - credential_driver => 'keystone.credential.backends.ldap.Credential', - assignment_driver => 'keystone.assignment.backends.ldap.Assignment' + identity_driver => 'ldap', } keystone::ldap_backend { 'domain_2_ldap_backend': url => 'ldap://bar', user => 'cn=bar,dc=test,dc=com', - identity_driver => 'keystone.identity.backends.ldap.Identity', - credential_driver => 'keystone.credential.backends.ldap.Credential', - assignment_driver => 'keystone.assignment.backends.ldap.Assignment' + identity_driver => 'ldap', } EOM end diff --git a/spec/classes/keystone_ldap_spec.rb b/spec/classes/keystone_ldap_spec.rb index 0d36624c4..bebcf4b91 100644 --- a/spec/classes/keystone_ldap_spec.rb +++ b/spec/classes/keystone_ldap_spec.rb @@ -72,9 +72,7 @@ describe 'keystone::ldap' do :tls_cacertdir => '/etc/ssl/certs/', :tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', :tls_req_cert => 'demand', - :identity_driver => 'keystone.identity.backends.ldap.Identity', - :credential_driver => 'keystone.credential.backends.ldap.Credential', - :assignment_driver => 'keystone.assignment.backends.ldap.Assignment', + :identity_driver => 'ldap', :use_pool => 'True', :pool_size => 20, :pool_retry_max => 2, @@ -182,9 +180,7 @@ describe 'keystone::ldap' do is_expected.to contain_keystone_config('ldap/auth_pool_connection_lifetime').with_value('200') # drivers - is_expected.to contain_keystone_config('identity/driver').with_value('keystone.identity.backends.ldap.Identity') - is_expected.to contain_keystone_config('credential/driver').with_value('keystone.credential.backends.ldap.Credential') - is_expected.to contain_keystone_config('assignment/driver').with_value('keystone.assignment.backends.ldap.Assignment') + is_expected.to contain_keystone_config('identity/driver').with_value('ldap') end end diff --git a/spec/classes/keystone_spec.rb b/spec/classes/keystone_spec.rb index e4314e673..91c872dea 100644 --- a/spec/classes/keystone_spec.rb +++ b/spec/classes/keystone_spec.rb @@ -338,7 +338,7 @@ describe 'keystone' do { 'enable_pki_setup' => true, 'admin_token' => 'service_token', - 'token_provider' => 'keystone.token.providers.pki.Provider' + 'token_provider' => 'pki' } end @@ -368,7 +368,7 @@ describe 'keystone' do let :params do { 'admin_token' => 'service_token', - 'token_provider' => 'keystone.token.providers.uuid.Provider', + 'token_provider' => 'uuid', 'enable_pki_setup' => false, 'signing_certfile' => 'signing_certfile', 'signing_keyfile' => 'signing_keyfile', @@ -410,7 +410,7 @@ describe 'keystone' do let :params do { 'admin_token' => 'service_token', - 'token_provider' => 'keystone.token.providers.pki.Provider', + 'token_provider' => 'pki', 'enable_pki_setup' => false, 'signing_certfile' => 'signing_certfile', 'signing_keyfile' => 'signing_keyfile', @@ -460,7 +460,7 @@ describe 'keystone' do describe 'when configuring catalog driver' do let :params do { :admin_token => 'service_token', - :catalog_driver => 'keystone.catalog.backends.alien.AlienCatalog' } + :catalog_driver => 'alien' } end it { is_expected.to contain_keystone_config('catalog/driver').with_value(params[:catalog_driver]) } @@ -504,7 +504,7 @@ describe 'keystone' do { 'admin_token' => 'service_token', 'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ], - 'token_driver' => 'keystone.token.backends.memcache.Token', + 'token_driver' => 'memcache', 'cache_backend' => 'dogpile.cache.memcached', 'cache_backend_argument' => ['url:SERVER1:12211'], 'memcache_dead_retry' => '60', @@ -539,7 +539,7 @@ describe 'keystone' do { 'admin_token' => 'service_token', 'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ], - 'token_driver' => 'keystone.token.backends.memcache.Token', + 'token_driver' => 'memcache', 'cache_backend' => 'dogpile.cache.memcached', 'cache_backend_argument' => ['url:SERVER3:12211'], 'cache_memcache_servers' => [ 'SERVER3:11211', 'SERVER4:11211' ], @@ -575,7 +575,7 @@ describe 'keystone' do { 'admin_token' => 'service_token', 'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ], - 'token_driver' => 'keystone.token.backends.memcache.Token', + 'token_driver' => 'memcache', 'cache_backend' => 'dogpile.cache.memcached', 'cache_backend_argument' => ['url:SERVER3:12211'], 'cache_enabled' => false, @@ -758,7 +758,7 @@ describe 'keystone' do default_params end - it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.sql.Catalog') } + it { is_expected.to contain_keystone_config('catalog/driver').with_value('sql') } end describe 'setting default template catalog' do @@ -769,7 +769,7 @@ describe 'keystone' do } end - it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') } + it { is_expected.to contain_keystone_config('catalog/driver').with_value('templated') } it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/etc/keystone/default_catalog.templates') } end @@ -814,7 +814,7 @@ describe 'keystone' do } end - it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') } + it { is_expected.to contain_keystone_config('catalog/driver').with_value('templated') } it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/some/template_file') } end diff --git a/spec/defines/keystone_ldap_backend_spec.rb b/spec/defines/keystone_ldap_backend_spec.rb index 9107cfb8e..23c1e16a5 100644 --- a/spec/defines/keystone_ldap_backend_spec.rb +++ b/spec/defines/keystone_ldap_backend_spec.rb @@ -81,9 +81,7 @@ describe 'keystone::ldap_backend' do :tls_cacertdir => '/etc/ssl/certs/', :tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', :tls_req_cert => 'demand', - :identity_driver => 'keystone.identity.backends.ldap.Identity', - :credential_driver => 'keystone.credential.backends.ldap.Credential', - :assignment_driver => 'keystone.assignment.backends.ldap.Assignment', + :identity_driver => 'ldap', :use_pool => 'True', :pool_size => 20, :pool_retry_max => 2, @@ -191,9 +189,7 @@ describe 'keystone::ldap_backend' do is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_connection_lifetime').with_value('200') # drivers - is_expected.to contain_keystone_config('identity/driver').with_value('keystone.identity.backends.ldap.Identity') - is_expected.to contain_keystone_config('credential/driver').with_value('keystone.credential.backends.ldap.Credential') - is_expected.to contain_keystone_config('assignment/driver').with_value('keystone.assignment.backends.ldap.Assignment') + is_expected.to contain_keystone_config('identity/driver').with_value('ldap') end end