Merge "keystone_auth: Require the password parameter"

2022-05-11 10:06:53 +00:00 · 2022-05-11 10:06:53 +00:00 · 939dacfc2e
commit 939dacfc2e
parent 4138ad9c27 14a901dee0
3 changed files with 28 additions and 48 deletions
--- a/manifests/keystone/keystone_auth.pp
+++ b/manifests/keystone/keystone_auth.pp
@ -4,14 +4,13 @@
 #
 # === Parameters
 #
+# [*password*]
+#   (Required) Password to create for the service user
+#
 # [*username*]
 #   (Optional) The name of the service user
 #   Defaults to 'magnum'
 #
-# [*password*]
-#   (Required) Password to create for the service user
-#   Defaults to $::os_service_default
-#
 # [*auth_url*]
 #   (Optional) The URL to use for authentication.
 #   Defaults to 'http://localhost:5000'
@ -55,8 +54,8 @@
 #   Defaults to $::os_service_default
 #
 class magnum::keystone::keystone_auth(
+  $password,
  $username            = 'magnum',
-  $password            = $::os_service_default,
  $auth_url            = 'http://localhost:5000',
  $project_name        = 'services',
  $user_domain_name    = 'Default',
@ -79,9 +78,6 @@ class magnum::keystone::keystone_auth(
    $project_domain_name_real = $::os_service_default
  }

-  # Only configure keystone_auth if user specifics a password; this keeps
-  # backwards compatibility
-  if !is_service_default($password) {
  magnum_config {
    'keystone_auth/auth_url'            : value => $auth_url;
    'keystone_auth/username'            : value => $username;
@ -91,10 +87,6 @@ class magnum::keystone::keystone_auth(
    'keystone_auth/project_domain_name' : value => $project_domain_name_real;
    'keystone_auth/system_scope'        : value => $system_scope;
    'keystone_auth/auth_type'           : value => $auth_type;
-    }
-  }
-
-  magnum_config {
    'keystone_auth/cafile'              : value => $cafile;
    'keystone_auth/keyfile'             : value => $keyfile;
    'keystone_auth/certfile'            : value => $certfile;
--- a/releasenotes/notes/require-magnum-keystone_auth-3826520ddf45f394.yaml
+++ b/releasenotes/notes/require-magnum-keystone_auth-3826520ddf45f394.yaml
@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The ``magnum::keystone::keystone_auth`` class now requires the ``password``
+    parameter. Ensure the required auth parameters are set.
--- a/spec/classes/magnum_keystone_keystone_auth_spec.rb
+++ b/spec/classes/magnum_keystone_keystone_auth_spec.rb
@ -3,28 +3,12 @@ require 'spec_helper'
 describe 'magnum::keystone::keystone_auth' do

  let :params do
-    { }
+    { :password => 'magnum_password' }
  end

-  shared_examples_for 'magnum keystone_auth' do
+  shared_examples_for 'magnum::keystone_auth' do

    context 'with default parameters' do
-      it 'configure keystone_auth' do
-        is_expected.not_to contain_magnum_config('keystone_auth/username')
-        is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
-      end
-    end
-
-    context 'with password' do
-      before do
-        params.merge!({
-          :password => 'magnum_password',
-        })
-      end
-
      it 'configure keystone_auth' do
        is_expected.to contain_magnum_config('keystone_auth/username').with_value('magnum')
        is_expected.to contain_magnum_config('keystone_auth/password').with_value('magnum_password')
@ -67,17 +51,16 @@ describe 'magnum::keystone::keystone_auth' do
        is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value(params[:project_domain_name])
        is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value(params[:auth_type])
-        is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('/path/to/ca.cert')
-        is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('/path/to/certfile')
-        is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('/path/to/key')
-        is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(false)
+        is_expected.to contain_magnum_config('keystone_auth/cafile').with_value(params[:cafile])
+        is_expected.to contain_magnum_config('keystone_auth/certfile').with_value(params[:certfile])
+        is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value(params[:keyfile])
+        is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(params[:insecure])
      end
    end

    context 'when system_scope is set' do
      before do
        params.merge!(
-          :password     => 'mypassword',
          :system_scope => 'all'
        )
      end
@ -96,7 +79,7 @@ describe 'magnum::keystone::keystone_auth' do
      let (:facts) do
        facts.merge!(OSDefaults.get_facts())
      end
-      it_configures 'magnum keystone_auth'
+      it_configures 'magnum::keystone_auth'
    end
  end