Add support for modern auth to neutron providers

Neutron providers must have an ability to authenticate in Keystone using modern auth scheme (with auth plugins) Change-Id: I05a2714b8429d641387e2d9debf6b1c32e0d8e93 Closes-bug: #1546349
2016-02-17 15:18:11 +03:00 · 2016-02-17 15:18:11 +03:00 · 164a6a4f36
commit 164a6a4f36
parent 906e8dd2f5
2 changed files with 63 additions and 52 deletions
--- a/lib/puppet/provider/neutron.rb
+++ b/lib/puppet/provider/neutron.rb
@ -26,21 +26,23 @@ class Puppet::Provider::Neutron < Puppet::Provider
  end

  def self.get_neutron_credentials
-    auth_keys = ['admin_tenant_name', 'admin_user', 'admin_password']
-    deprecated_auth_url = ['auth_host', 'auth_port', 'auth_protocol']
+    deprecated_auth_keys = ['admin_tenant_name', 'admin_user', 'admin_password', 'identity_uri']
+    auth_keys = ['tenant_name', 'username', 'password', 'auth_url']
    conf = neutron_conf
    if conf and conf['keystone_authtoken'] and
-        auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?} and
-        ( deprecated_auth_url.all?{|k| !conf['keystone_authtoken'][k].nil?} or
-        !conf['keystone_authtoken']['auth_uri'].nil? )
+        !conf['keystone_authtoken']['password'].nil? and
+        auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?}
      creds = Hash[ auth_keys.map \
                   { |k| [k, conf['keystone_authtoken'][k].strip] } ]
-      if !conf['keystone_authtoken']['auth_uri'].nil?
-        creds['auth_uri'] = conf['keystone_authtoken']['auth_uri']
-      else
-        q = conf['keystone_authtoken']
-        creds['auth_uri'] = "#{q['auth_protocol']}://#{q['auth_host']}:#{q['auth_port']}/v2.0/"
+      if !conf['keystone_authtoken']['region_name'].nil?
+        creds['region_name'] = conf['keystone_authtoken']['region_name'].strip
      end
+      return creds
+    elsif conf and conf['keystone_authtoken'] and
+        !conf['keystone_authtoken']['admin_password'].nil? and
+        deprecated_auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?}
+      creds = Hash[ deprecated_auth_keys.map \
+                   { |k| [k, conf['keystone_authtoken'][k].strip] } ]
      if conf['DEFAULT'] and !conf['DEFAULT']['nova_region_name'].nil?
        creds['nova_region_name'] = conf['DEFAULT']['nova_region_name'].strip
      end
@ -56,19 +58,6 @@ correctly configured.")
    self.class.neutron_credentials
  end

-  def self.auth_endpoint
-    @auth_endpoint ||= get_auth_endpoint
-  end
-
-  def self.get_auth_endpoint
-    q = neutron_credentials
-    if q['auth_uri'].nil?
-      return "#{q['auth_protocol']}://#{q['auth_host']}:#{q['auth_port']}/v2.0/"
-    else
-      return "#{q['auth_uri']}".strip
-    end
-  end
-
  def self.neutron_conf
    return @neutron_conf if @neutron_conf
    @neutron_conf = Puppet::Util::IniConfig::File.new
@ -78,14 +67,25 @@ correctly configured.")

  def self.auth_neutron(*args)
    q = neutron_credentials
-    authenv = {
-      :OS_AUTH_URL    => self.auth_endpoint,
-      :OS_USERNAME    => q['admin_user'],
-      :OS_TENANT_NAME => q['admin_tenant_name'],
-      :OS_PASSWORD    => q['admin_password']
-    }
+    if q.key?('admin_password')
+      authenv = {
+        :OS_AUTH_URL    => q['identity_uri'],
+        :OS_USERNAME    => q['admin_user'],
+        :OS_TENANT_NAME => q['admin_tenant_name'],
+        :OS_PASSWORD    => q['admin_password']
+      }
+    else
+      authenv = {
+        :OS_AUTH_URL    => q['auth_url'],
+        :OS_USERNAME    => q['username'],
+        :OS_TENANT_NAME => q['tenant_name'],
+        :OS_PASSWORD    => q['password']
+      }
+    end
    if q.key?('nova_region_name')
      authenv[:OS_REGION_NAME] = q['nova_region_name']
+    elsif q.key?('region_name')
+      authenv[:OS_REGION_NAME] = q['region_name']
    end
    rv = nil
    timeout = 10
--- a/spec/unit/provider/neutron_spec.rb
+++ b/spec/unit/provider/neutron_spec.rb
@ -11,17 +11,21 @@ describe Puppet::Provider::Neutron do

  let :credential_hash do
    {
-      'auth_host'         => '192.168.56.210',
-      'auth_port'         => '35357',
-      'auth_protocol'     => 'https',
-      'admin_tenant_name' => 'admin_tenant',
-      'admin_user'        => 'admin',
-      'admin_password'    => 'password',
+      'tenant_name' => 'admin_tenant',
+      'username'    => 'admin',
+      'password'    => 'password',
+      'auth_url'    => 'https://192.168.56.210:35357'
    }
  end

-  let :auth_endpoint do
-    'https://192.168.56.210:35357/v2.0/'
+  let :deprecated_credential_hash do
+    {
+      'admin_tenant_name' => 'new_tenant',
+      'admin_user'        => 'new_user',
+      'admin_password'    => 'new_password',
+      'identity_uri'      => 'https://192.168.56.210:35357/v2.0',
+      'nova_region_name'  => 'NEW_REGION',
+    }
  end

  let :credential_error do
@ -62,12 +66,6 @@ describe Puppet::Provider::Neutron do
      end.to raise_error(Puppet::Error, credential_error)
    end

-    it 'should use specified host/port/protocol in the auth endpoint' do
-      conf = {'keystone_authtoken' => credential_hash}
-      klass.expects(:neutron_conf).returns(conf)
-      expect(klass.get_auth_endpoint).to eq(auth_endpoint)
-    end
-
    it 'should find region_name if specified' do
      conf = {
        'keystone_authtoken' => credential_hash,
@ -83,26 +81,39 @@ describe Puppet::Provider::Neutron do

    it 'should set auth credentials in the environment' do
      authenv = {
-        :OS_AUTH_URL    => auth_endpoint,
-        :OS_USERNAME    => credential_hash['admin_user'],
-        :OS_TENANT_NAME => credential_hash['admin_tenant_name'],
-        :OS_PASSWORD    => credential_hash['admin_password'],
+        :OS_AUTH_URL    => credential_hash['auth_url'],
+        :OS_USERNAME    => credential_hash['username'],
+        :OS_TENANT_NAME => credential_hash['tenant_name'],
+        :OS_PASSWORD    => credential_hash['password'],
      }
      klass.expects(:get_neutron_credentials).with().returns(credential_hash)
      klass.expects(:withenv).with(authenv)
      klass.auth_neutron('test_retries')
    end

+    it 'should set deprecated auth credentials in the environment' do
+      authenv = {
+        :OS_AUTH_URL    => deprecated_credential_hash['identity_uri'],
+        :OS_USERNAME    => deprecated_credential_hash['admin_user'],
+        :OS_TENANT_NAME => deprecated_credential_hash['admin_tenant_name'],
+        :OS_PASSWORD    => deprecated_credential_hash['admin_password'],
+        :OS_REGION_NAME => 'NEW_REGION',
+      }
+      klass.expects(:get_neutron_credentials).with().returns(deprecated_credential_hash)
+      klass.expects(:withenv).with(authenv)
+      klass.auth_neutron('test_retries')
+    end
+
    it 'should set region in the environment if needed' do
      authenv = {
-        :OS_AUTH_URL    => auth_endpoint,
-        :OS_USERNAME    => credential_hash['admin_user'],
-        :OS_TENANT_NAME => credential_hash['admin_tenant_name'],
-        :OS_PASSWORD    => credential_hash['admin_password'],
+        :OS_AUTH_URL    => credential_hash['auth_url'],
+        :OS_USERNAME    => credential_hash['username'],
+        :OS_TENANT_NAME => credential_hash['tenant_name'],
+        :OS_PASSWORD    => credential_hash['password'],
        :OS_REGION_NAME => 'REGION_NAME',
      }

-      cred_hash = credential_hash.merge({'nova_region_name' => 'REGION_NAME'})
+      cred_hash = credential_hash.merge({'region_name' => 'REGION_NAME'})
      klass.expects(:get_neutron_credentials).with().returns(cred_hash)
      klass.expects(:withenv).with(authenv)
      klass.auth_neutron('test_retries')