openstack/puppet-magnum
Code Issues Proposed changes

keystone_auth: Require the password parameter

Browse Source 
The keystone_auth parameters are required so that magnum can interact
with the other OpenStack services. This change ensures the parameter
is configured.

Change-Id: I745298661d6fc2b6d3f92da0edc8c6430b29a7ee
This commit is contained in:
Takashi Kajinami 2022-05-08 17:43:35 +09:00
parent 41ade67ec3
commit 14a901dee0
3 changed files with 28 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
manifests/keystone/keystone_auth.pp
View File

@ -4,14 +4,13 @@
#
# === Parameters
#
# [*password*]
# (Required) Password to create for the service user
#
# [*username*]
# (Optional) The name of the service user
# Defaults to 'magnum'
#
# [*password*]
# (Required) Password to create for the service user
# Defaults to $::os_service_default
#
# [*auth_url*]
# (Optional) The URL to use for authentication.
# Defaults to 'http://localhost:5000'
@ -55,8 +54,8 @@
# Defaults to $::os_service_default
#
class magnum::keystone::keystone_auth(
$password,
$username = 'magnum',
$password = $::os_service_default,
$auth_url = 'http://localhost:5000',
$project_name = 'services',
$user_domain_name = 'Default',
@ -79,25 +78,18 @@ class magnum::keystone::keystone_auth(
$project_domain_name_real = $::os_service_default
}
# Only configure keystone_auth if user specifics a password; this keeps
# backwards compatibility
if !is_service_default($password) {
magnum_config {
'keystone_auth/auth_url' : value => $auth_url;
'keystone_auth/username' : value => $username;
'keystone_auth/password' : value => $password, secret => true;
'keystone_auth/project_name' : value => $project_name_real;
'keystone_auth/user_domain_name' : value => $user_domain_name;
'keystone_auth/project_domain_name' : value => $project_domain_name_real;
'keystone_auth/system_scope' : value => $system_scope;
'keystone_auth/auth_type' : value => $auth_type;
}
}
magnum_config {
'keystone_auth/cafile' : value => $cafile;
'keystone_auth/keyfile' : value => $keyfile;
'keystone_auth/certfile' : value => $certfile;
'keystone_auth/insecure' : value => $insecure;
'keystone_auth/auth_url' : value => $auth_url;
'keystone_auth/username' : value => $username;
'keystone_auth/password' : value => $password, secret => true;
'keystone_auth/project_name' : value => $project_name_real;
'keystone_auth/user_domain_name' : value => $user_domain_name;
'keystone_auth/project_domain_name' : value => $project_domain_name_real;
'keystone_auth/system_scope' : value => $system_scope;
'keystone_auth/auth_type' : value => $auth_type;
'keystone_auth/cafile' : value => $cafile;
'keystone_auth/keyfile' : value => $keyfile;
'keystone_auth/certfile' : value => $certfile;
'keystone_auth/insecure' : value => $insecure;
}
}

5
releasenotes/notes/require-magnum-keystone_auth-3826520ddf45f394.yaml Normal file
View File

@ -0,0 +1,5 @@
---
upgrade:
- |
The ``magnum::keystone::keystone_auth`` class now requires the ``password``
parameter. Ensure the required auth parameters are set.

31
spec/classes/magnum_keystone_keystone_auth_spec.rb
View File

@ -3,28 +3,12 @@ require 'spec_helper'
describe 'magnum::keystone::keystone_auth' do
let :params do
{ }
{ :password => 'magnum_password' }
end
shared_examples_for 'magnum keystone_auth' do
shared_examples_for 'magnum::keystone_auth' do
context 'with default parameters' do
it 'configure keystone_auth' do
is_expected.not_to contain_magnum_config('keystone_auth/username')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
end
end
context 'with password' do
before do
params.merge!({
:password => 'magnum_password',
})
end
it 'configure keystone_auth' do
is_expected.to contain_magnum_config('keystone_auth/username').with_value('magnum')
is_expected.to contain_magnum_config('keystone_auth/password').with_value('magnum_password')
@ -67,17 +51,16 @@ describe 'magnum::keystone::keystone_auth' do
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value(params[:project_domain_name])
is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value(params[:auth_type])
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('/path/to/ca.cert')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('/path/to/certfile')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('/path/to/key')
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(false)
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value(params[:cafile])
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value(params[:certfile])
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value(params[:keyfile])
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(params[:insecure])
end
end
context 'when system_scope is set' do
before do
params.merge!(
:password => 'mypassword',
:system_scope => 'all'
)
end
@ -96,7 +79,7 @@ describe 'magnum::keystone::keystone_auth' do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_configures 'magnum keystone_auth'
it_configures 'magnum::keystone_auth'
end
end