diff --git a/manifests/volume/cinder.pp b/manifests/volume/cinder.pp index ff460223..24e43135 100644 --- a/manifests/volume/cinder.pp +++ b/manifests/volume/cinder.pp @@ -4,11 +4,69 @@ # # === Parameters # +# [*insecure*] +# (optional) Verify HTTPS connections +# Defaults to $::os_service_default +# +# [*auth_url*] +# (optional) Authentication URL +# Defaults to $::os_service_default +# +# [*auth_type*] +# (optional) Authentication type to load +# Defaults to $::os_service_default +# +# [*cafile*] +# (optional) PEM encoded Certificate Authority to use when verifying HTTPS +# connections. +# Defaults to $::os_service_default +# +# [*user_domain_name*] +# (optional) User's domain name +# Defaults to 'Default' +# +# [*project_domain_name*] +# (optional) Domain name containing project +# Defaults to 'Default' +# +# [*project_name*] +# (optional) Project name to scope to +# Defaults to 'services' +# +# [*region_name*] +# (optional) Region name for connecting to cinder +# Defaults to $::os_service_default +# +# [*endpoint_type*] +# (optional) The type of cinder endpoint to use when +# looking up in the keystone catalog. +# Defaults to $::os_service_default +# +# [*username*] +# (optional) Username +# Defaults to 'cinder' +# +# [*password*] +# (optional) User's password +# Only required if auth_type has been set to "password" +# Defaults to undef +# +# [*http_retries*] +# (optional) Number of cinderclient retries on failed http calls. +# Defaults to $::os_service_default +# +# [*cross_az_attach*] +# (optional) Allow attach between instance and volume in different +# availability zones. +# Defaults to $::os_service_default +# +# === DEPRECATED PARAMETERS +# # [*cinder_catalog_info*] # (optional) Info to match when looking for cinder in the service # catalog. Format is : separated values of the form: # :: -# Defaults to 'volume:cinder:publicURL' +# Defaults to undef # # [*cinder_ca_certificates_file*] # (optional) Location of ca certificates file to use for cinder @@ -17,20 +75,20 @@ # # [*cinder_http_retries*] # (optional) Number of cinderclient retries on failed http calls. -# Defaults to 3 +# Defaults to undef # # [*cinder_api_insecure*] # (optional) Allow to perform insecure SSL requests to cinder -# Defaults to false +# Defaults to undef # # [*cinder_cross_az_attach*] # (optional) Allow attach between instance and volume in different # availability zones. -# Defaults to true +# Defaults to undef # # [*cinder_admin_username*] # (optional) Cinder admin username. -# Defaults to 'cinder' +# Defaults to undef # # [*cinder_admin_password*] # (optional) Cinder admin password. @@ -38,35 +96,103 @@ # # [*cinder_admin_tenant_name*] # (optional) Cinder admin tenant name -# Defaults to 'services' +# Defaults to undef # # [*cinder_admin_auth_url*] # (optional) Identity service url -# Defaults to 'http://localhost:5000/v3' +# Defaults to undef # class manila::volume::cinder ( - $cinder_catalog_info = 'volume:cinder:publicURL', + $insecure = $::os_service_default, + $auth_url = $::os_service_default, + $auth_type = $::os_service_default, + $cafile = $::os_service_default, + $user_domain_name = 'Default', + $project_domain_name = 'Default', + $project_name = 'services', + $region_name = $::os_service_default, + $endpoint_type = $::os_service_default, + $username = 'cinder', + $password = undef, + $http_retries = $::os_service_default, + $cross_az_attach = $::os_service_default, + # DEPRECATED PARAMETERS + $cinder_catalog_info = undef, $cinder_ca_certificates_file = undef, - $cinder_http_retries = 3, - $cinder_api_insecure = false, - $cinder_cross_az_attach = true, - $cinder_admin_username = 'cinder', + $cinder_http_retries = undef, + $cinder_api_insecure = undef, + $cinder_cross_az_attach = undef, + $cinder_admin_username = undef, $cinder_admin_password = undef, - $cinder_admin_tenant_name = 'services', - $cinder_admin_auth_url = 'http://localhost:5000/v3', + $cinder_admin_tenant_name = undef, + $cinder_admin_auth_url = undef, ) { include manila::deps + if $cinder_catalog_info { + warning('The cinder_catalog_info parameter is deprecated, has no effect and will be removed in a future release.') + } + + if $cinder_api_insecure { + warning('The cinder_api_insecure parameter is deprecated, use insecure instead.') + } + + if $cinder_ca_certificates_file { + warning('The cinder_ca_certificates_file parameter is deprecated, use cafile instead.') + } + + if $cinder_admin_username { + warning('The cinder_admin_username parameter is deprecated, use username instead.') + } + + if $cinder_admin_password { + warning('The cinder_admin_password parameter is deprecated, use password instead.') + } + + if $cinder_admin_tenant_name { + warning('The cinder_admin_tenant_name parameter is deprecated, use project_name instead.') + } + + if $cinder_admin_auth_url { + warning('The cinder_admin_auth_url parameter is deprecated, use auth_url instead.') + } + + if $cinder_http_retries { + warning('The cinder_http_retries parameter is deprecated, use http_retries instead') + } + + if $cinder_cross_az_attach { + warning('The cinder_cross_az_attach parameter is deprecated, use cross_az_attach instead') + } + + $insecure_real = pick($cinder_api_insecure, $insecure) + $cafile_real = pick($cinder_ca_certificates_file, $cafile) + $username_real = pick($cinder_admin_username, $username) + $password_real = pick_default($cinder_admin_password, $password) + $project_name_real = pick($cinder_admin_tenant_name, $project_name) + $auth_url_real = pick($cinder_admin_auth_url, $auth_url) + $http_retries_real = pick($cinder_http_retries, $http_retries) + $cross_az_attach_real = pick($cinder_cross_az_attach, $cross_az_attach) + manila_config { - 'DEFAULT/cinder_catalog_info': value => $cinder_catalog_info; - 'DEFAULT/cinder_ca_certificates_file': value => $cinder_ca_certificates_file; - 'DEFAULT/cinder_http_retries': value => $cinder_http_retries; - 'DEFAULT/cinder_api_insecure': value => $cinder_api_insecure; - 'DEFAULT/cinder_cross_az_attach': value => $cinder_cross_az_attach; - 'DEFAULT/cinder_admin_username': value => $cinder_admin_username; - 'DEFAULT/cinder_admin_password': value => $cinder_admin_password, secret => true; - 'DEFAULT/cinder_admin_tenant_name': value => $cinder_admin_tenant_name; - 'DEFAULT/cinder_admin_auth_url': value => $cinder_admin_auth_url; + 'cinder/insecure': value => $insecure_real; + 'cinder/auth_url': value => $auth_url_real; + 'cinder/auth_type': value => $auth_type; + 'cinder/cafile': value => $cafile_real; + 'cinder/region_name': value => $region_name; + 'cinder/endpoint_type': value => $endpoint_type; + 'cinder/http_retries': value => $http_retries_real; + 'cinder/cross_az_attach': value => $cross_az_attach_real; } + + if $auth_type == 'password' { + manila_config { + 'cinder/username': value => $username_real; + 'cinder/user_domain_name': value => $user_domain_name; + 'cinder/password': value => $password_real, secret => true; + 'cinder/project_name': value => $project_name_real; + 'cinder/project_domain_name': value => $project_domain_name; + } + } } diff --git a/releasenotes/notes/update-cinder-auth-params-987a691d2e17ac92.yaml b/releasenotes/notes/update-cinder-auth-params-987a691d2e17ac92.yaml new file mode 100644 index 00000000..4e41418d --- /dev/null +++ b/releasenotes/notes/update-cinder-auth-params-987a691d2e17ac92.yaml @@ -0,0 +1,18 @@ +--- +features: + - | + Now ``manila::volume::cinder`` can configure required parameters for + Keystone v3 auth. +deprecations: + - | + The following parameters in ``manila::volume::cinder`` class has been + deprecated and will be removed in a future release. + + - ``cinder_catalog_info`` + - ``cinder_ca_certificates_file`` + - ``cinder_http_retries`` + - ``cinder_cross_az_attach`` + - ``cinder_admin_username`` + - ``cinder_admin_password`` + - ``cinder_admin_tenant_name`` + - ``cinder_admin_auth_url`` diff --git a/spec/classes/manila_volume_cinder.rb b/spec/classes/manila_volume_cinder.rb new file mode 100644 index 00000000..1437f8c7 --- /dev/null +++ b/spec/classes/manila_volume_cinder.rb @@ -0,0 +1,96 @@ +require 'spec_helper' + +describe 'manila::volume::cinder' do + shared_examples 'manila::cinder' do + context 'with default parameters' do + it 'configures manila volume cinder' do + is_expected.to contain_manila_config('cinder/insecure').with_value('') + is_expected.to contain_manila_config('cinder/auth_url').with_value('') + is_expected.to contain_manila_config('cinder/auth_type').with_value('') + is_expected.to contain_manila_config('cinder/cafile').with_value('') + is_expected.to contain_manila_config('cinder/region_name').with_value('') + is_expected.to contain_manila_config('cinder/endpoint_type').with_value('') + is_expected.to contain_manila_config('cinder/http_retries').with_value('') + is_expected.to contain_manila_config('cinder/cross_az_attach').with_value('') + + # These should be added only when auth_type is 'password' + is_expected.not_to contain_manila_config('cinder/user_domain_name') + is_expected.not_to contain_manila_config('cinder/project_domain_name') + is_expected.not_to contain_manila_config('cinder/project_name') + is_expected.not_to contain_manila_config('cinder/username') + is_expected.not_to contain_manila_config('cinder/password') + end + end + + context 'with overridden parameters' do + let :params do + { + :insecure => true, + :auth_url => 'http://127.0.0.2:5000/', + :auth_type => 'password', + :cafile => '/etc/ssl/certs/ca.crt', + :region_name => 'RegionOne', + :endpoint_type => 'publicURL', + :username => 'cinderv1', + :password => '123123', + :http_retries => 3, + :cross_az_attach => true, + } + end + + it 'configures manila cinder with overridden parameters' do + is_expected.to contain_manila_config('cinder/insecure').with_value(true) + is_expected.to contain_manila_config('cinder/auth_url').with_value('http://127.0.0.2:5000/') + is_expected.to contain_manila_config('cinder/auth_type').with_value('password') + is_expected.to contain_manila_config('cinder/cafile').with_value('/etc/ssl/certs/ca.crt') + is_expected.to contain_manila_config('cinder/user_domain_name').with_value('Default') + is_expected.to contain_manila_config('cinder/project_domain_name').with_value('Default') + is_expected.to contain_manila_config('cinder/project_name').with_value('services') + is_expected.to contain_manila_config('cinder/region_name').with_value('RegionOne') + is_expected.to contain_manila_config('cinder/endpoint_type').with_value('publicURL') + is_expected.to contain_manila_config('cinder/username').with_value('cinderv1') + is_expected.to contain_manila_config('cinder/password').with_value('123123').with_secret(true) + is_expected.to contain_manila_config('cinder/http_retries').with_value(3) + is_expected.to contain_manila_config('cinder/cross_az_attach').with_value('true') + end + end + + context 'with deprecated parameters' do + let :params do + { + :cinder_api_insecure => true, + :cinder_ca_certificates_file => '/foo/ssl/certs/ca.crt', + :auth_type => 'password', + :cinder_admin_tenant_name => 'service2', + :cinder_admin_username => 'cinderv2', + :cinder_admin_password => '321321', + :cinder_http_retries => 3, + :cinder_cross_az_attach => true, + } + end + + it 'configures manila volume cinder with deprecated parameters' do + is_expected.to contain_manila_config('cinder/auth_type').with_value('password') + is_expected.to contain_manila_config('cinder/insecure').with_value(true) + is_expected.to contain_manila_config('cinder/cafile').with_value('/foo/ssl/certs/ca.crt') + is_expected.to contain_manila_config('cinder/project_name').with_value('service2') + is_expected.to contain_manila_config('cinder/username').with_value('cinderv2') + is_expected.to contain_manila_config('cinder/password').with_value('321321') + is_expected.to contain_manila_config('cinder/http_retries').with_value(3) + is_expected.to contain_manila_config('cinder/cross_az_attach').with_value('true') + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'manila::cinder' + end + end +end