diff --git a/manifests/keystone/keystone_auth.pp b/manifests/keystone/keystone_auth.pp index c0d464f..65ca6a1 100644 --- a/manifests/keystone/keystone_auth.pp +++ b/manifests/keystone/keystone_auth.pp @@ -4,14 +4,13 @@ # # === Parameters # +# [*password*] +# (Required) Password to create for the service user +# # [*username*] # (Optional) The name of the service user # Defaults to 'magnum' # -# [*password*] -# (Required) Password to create for the service user -# Defaults to $::os_service_default -# # [*auth_url*] # (Optional) The URL to use for authentication. # Defaults to 'http://localhost:5000' @@ -55,8 +54,8 @@ # Defaults to $::os_service_default # class magnum::keystone::keystone_auth( + $password, $username = 'magnum', - $password = $::os_service_default, $auth_url = 'http://localhost:5000', $project_name = 'services', $user_domain_name = 'Default', @@ -79,25 +78,18 @@ class magnum::keystone::keystone_auth( $project_domain_name_real = $::os_service_default } - # Only configure keystone_auth if user specifics a password; this keeps - # backwards compatibility - if !is_service_default($password) { - magnum_config { - 'keystone_auth/auth_url' : value => $auth_url; - 'keystone_auth/username' : value => $username; - 'keystone_auth/password' : value => $password, secret => true; - 'keystone_auth/project_name' : value => $project_name_real; - 'keystone_auth/user_domain_name' : value => $user_domain_name; - 'keystone_auth/project_domain_name' : value => $project_domain_name_real; - 'keystone_auth/system_scope' : value => $system_scope; - 'keystone_auth/auth_type' : value => $auth_type; - } - } - magnum_config { - 'keystone_auth/cafile' : value => $cafile; - 'keystone_auth/keyfile' : value => $keyfile; - 'keystone_auth/certfile' : value => $certfile; - 'keystone_auth/insecure' : value => $insecure; + 'keystone_auth/auth_url' : value => $auth_url; + 'keystone_auth/username' : value => $username; + 'keystone_auth/password' : value => $password, secret => true; + 'keystone_auth/project_name' : value => $project_name_real; + 'keystone_auth/user_domain_name' : value => $user_domain_name; + 'keystone_auth/project_domain_name' : value => $project_domain_name_real; + 'keystone_auth/system_scope' : value => $system_scope; + 'keystone_auth/auth_type' : value => $auth_type; + 'keystone_auth/cafile' : value => $cafile; + 'keystone_auth/keyfile' : value => $keyfile; + 'keystone_auth/certfile' : value => $certfile; + 'keystone_auth/insecure' : value => $insecure; } } diff --git a/releasenotes/notes/require-magnum-keystone_auth-3826520ddf45f394.yaml b/releasenotes/notes/require-magnum-keystone_auth-3826520ddf45f394.yaml new file mode 100644 index 0000000..5222788 --- /dev/null +++ b/releasenotes/notes/require-magnum-keystone_auth-3826520ddf45f394.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The ``magnum::keystone::keystone_auth`` class now requires the ``password`` + parameter. Ensure the required auth parameters are set. diff --git a/spec/classes/magnum_keystone_keystone_auth_spec.rb b/spec/classes/magnum_keystone_keystone_auth_spec.rb index 5fed1bb..9f5aac0 100644 --- a/spec/classes/magnum_keystone_keystone_auth_spec.rb +++ b/spec/classes/magnum_keystone_keystone_auth_spec.rb @@ -3,28 +3,12 @@ require 'spec_helper' describe 'magnum::keystone::keystone_auth' do let :params do - { } + { :password => 'magnum_password' } end - shared_examples_for 'magnum keystone_auth' do + shared_examples_for 'magnum::keystone_auth' do context 'with default parameters' do - it 'configure keystone_auth' do - is_expected.not_to contain_magnum_config('keystone_auth/username') - is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('') - is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('') - is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('') - is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('') - end - end - - context 'with password' do - before do - params.merge!({ - :password => 'magnum_password', - }) - end - it 'configure keystone_auth' do is_expected.to contain_magnum_config('keystone_auth/username').with_value('magnum') is_expected.to contain_magnum_config('keystone_auth/password').with_value('magnum_password') @@ -67,17 +51,16 @@ describe 'magnum::keystone::keystone_auth' do is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value(params[:project_domain_name]) is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('') is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value(params[:auth_type]) - is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('/path/to/ca.cert') - is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('/path/to/certfile') - is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('/path/to/key') - is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(false) + is_expected.to contain_magnum_config('keystone_auth/cafile').with_value(params[:cafile]) + is_expected.to contain_magnum_config('keystone_auth/certfile').with_value(params[:certfile]) + is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value(params[:keyfile]) + is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(params[:insecure]) end end context 'when system_scope is set' do before do params.merge!( - :password => 'mypassword', :system_scope => 'all' ) end @@ -96,7 +79,7 @@ describe 'magnum::keystone::keystone_auth' do let (:facts) do facts.merge!(OSDefaults.get_facts()) end - it_configures 'magnum keystone_auth' + it_configures 'magnum::keystone_auth' end end