From 46aef980c97b9075aa7dfa854c16f3ef19ed2c60 Mon Sep 17 00:00:00 2001 From: Sergey Kolekonov Date: Thu, 24 Dec 2015 14:04:57 +0300 Subject: [PATCH] Use identity_uri and auth_uri by default auth_host, auth_port, auth_protocol and auth_admin_prefix parameters are deprecated and can be removed Change-Id: If7cf7412df7666e0787dfc01abe48fddabdcb5ac Closes-bug: #1528963 --- manifests/server.pp | 144 ++-------------------------- spec/classes/neutron_server_spec.rb | 91 +----------------- 2 files changed, 9 insertions(+), 226 deletions(-) diff --git a/manifests/server.pp b/manifests/server.pp index 7ec1bd820..d66720dd4 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -34,24 +34,6 @@ # (optional) What auth system to use # Defaults to 'keystone'. Can other be 'noauth' # -# [*auth_host*] -# (optional) DEPRECATED. The keystone host -# Defaults to localhost. -# -# [*auth_protocol*] -# (optional) DEPRECATED. The protocol used to access the auth host -# Defaults to http. -# -# [*auth_port*] -# (optional) DEPRECATED. The keystone auth port -# Defaults to 35357. -# -# [*auth_admin_prefix*] -# (optional) The admin_prefix used to admin endpoint of the auth host -# This allow admin auth URIs like http://auth_host:35357/keystone. -# (where '/keystone' is the admin prefix) -# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'. -# # [*auth_region*] # (optional) The authentication region. Note this value is case-sensitive and # must match the endpoint region defined in Keystone. @@ -67,11 +49,11 @@ # # [*auth_uri*] # (optional) Complete public Identity API endpoint. -# Defaults to: false +# Defaults to: 'http://localhost:5000/' # # [*identity_uri*] # (optional) Complete admin Identity API endpoint. -# Defaults to: false +# Defaults to: 'http://localhost:35357/' # # [*database_connection*] # (optional) Connection url for the neutron database. @@ -210,8 +192,8 @@ class neutron::server ( $auth_type = 'keystone', $auth_tenant = 'services', $auth_user = 'neutron', - $auth_uri = false, - $identity_uri = false, + $auth_uri = 'http://localhost:5000/', + $identity_uri = 'http://localhost:35357/', $database_connection = undef, $database_max_retries = undef, $database_idle_timeout = undef, @@ -232,10 +214,6 @@ class neutron::server ( $l3_ha_net_cidr = $::os_service_default, $qos_notification_drivers = $::os_service_default, # DEPRECATED PARAMETERS - $auth_host = 'localhost', - $auth_port = '35357', - $auth_protocol = 'http', - $auth_admin_prefix = false, $log_dir = undef, $log_file = undef, $report_interval = undef, @@ -343,125 +321,19 @@ class neutron::server ( 'filter:authtoken/admin_password': value => $auth_password, secret => true; } - # if both auth_uri and identity_uri are set we skip these deprecated settings entirely - if !$auth_uri or !$identity_uri { - - if $auth_admin_prefix { - warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.') - validate_re($auth_admin_prefix, '^(/.+[^/])?$') - neutron_config { - 'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix; - } - neutron_api_config { - 'filter:authtoken/auth_admin_prefix': value => $auth_admin_prefix; - } - } else { - neutron_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_admin_prefix': ensure => absent; - } - } - - if $auth_host { - warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.') - neutron_config { - 'keystone_authtoken/auth_host': value => $auth_host; - } - neutron_api_config { - 'filter:authtoken/auth_host': value => $auth_host; - } - } else{ - neutron_config { - 'keystone_authtoken/auth_host': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_host': ensure => absent; - } - } - - if $auth_port { - warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.') - neutron_config { - 'keystone_authtoken/auth_port': value => $auth_port; - } - neutron_api_config { - 'filter:authtoken/auth_port': value => $auth_port; - } - } else{ - neutron_config { - 'keystone_authtoken/auth_port': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_port': ensure => absent; - } - } - - if $auth_protocol { - warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.') - neutron_config { - 'keystone_authtoken/auth_protocol': value => $auth_protocol; - } - neutron_api_config { - 'filter:authtoken/auth_protocol': value => $auth_protocol; - } - } else{ - neutron_config { - 'keystone_authtoken/auth_protocol': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_protocol': ensure => absent; - } - } - } else { - neutron_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - 'keystone_authtoken/auth_host': ensure => absent; - 'keystone_authtoken/auth_port': ensure => absent; - 'keystone_authtoken/auth_protocol': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_admin_prefix': ensure => absent; - 'filter:authtoken/auth_host': ensure => absent; - 'filter:authtoken/auth_port': ensure => absent; - 'filter:authtoken/auth_protocol': ensure => absent; - } - } - - if $auth_uri { - $auth_uri_real = $auth_uri - } elsif $auth_host and $auth_protocol and $auth_port { - $auth_uri_real = "${auth_protocol}://${auth_host}:5000/" - } - neutron_config { - 'keystone_authtoken/auth_uri': value => $auth_uri_real; + 'keystone_authtoken/auth_uri': value => $auth_uri; + 'keystone_authtoken/identity_uri': value => $identity_uri; } neutron_api_config { - 'filter:authtoken/auth_uri': value => $auth_uri_real; + 'filter:authtoken/auth_uri': value => $auth_uri; + 'filter:authtoken/identity_uri': value => $identity_uri; } neutron_config { 'keystone_authtoken/auth_region': value => $auth_region; } - if $identity_uri { - neutron_config { - 'keystone_authtoken/identity_uri': value => $identity_uri; - } - neutron_api_config { - 'filter:authtoken/identity_uri': value => $identity_uri; - } - } else { - neutron_config { - 'keystone_authtoken/identity_uri': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/identity_uri': ensure => absent; - } - } - } } diff --git a/spec/classes/neutron_server_spec.rb b/spec/classes/neutron_server_spec.rb index 090193761..20fe3231b 100644 --- a/spec/classes/neutron_server_spec.rb +++ b/spec/classes/neutron_server_spec.rb @@ -15,8 +15,6 @@ describe 'neutron::server' do { :package_ensure => 'present', :enabled => true, :auth_type => 'keystone', - :auth_host => 'localhost', - :auth_port => '35357', :auth_tenant => 'services', :auth_user => 'neutron', :database_connection => 'sqlite:////var/lib/neutron/ovs.sqlite', @@ -50,14 +48,12 @@ describe 'neutron::server' do it { is_expected.to contain_class('neutron::policy') } it 'configures authentication middleware' do - is_expected.to contain_neutron_api_config('filter:authtoken/auth_host').with_value(p[:auth_host]); - is_expected.to contain_neutron_api_config('filter:authtoken/auth_port').with_value(p[:auth_port]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_tenant_name').with_value(p[:auth_tenant]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_user').with_value(p[:auth_user]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_value(p[:auth_password]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_secret( true ) - is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with(:ensure => 'absent') is_expected.to contain_neutron_api_config('filter:authtoken/auth_uri').with_value("http://localhost:5000/"); + is_expected.to contain_neutron_api_config('filter:authtoken/identity_uri').with_value("http://localhost:35357/"); end it 'installs neutron server package' do @@ -84,9 +80,6 @@ describe 'neutron::server' do :tag => ['neutron-service', 'neutron-db-sync-service'], ) is_expected.not_to contain_class('neutron::db::sync') - is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with( - :ensure => 'absent' - ) is_expected.to contain_service('neutron-server').with_name('neutron-server') is_expected.to contain_neutron_config('DEFAULT/api_workers').with_value(facts[:processorcount]) is_expected.to contain_neutron_config('DEFAULT/rpc_workers').with_value(facts[:processorcount]) @@ -190,36 +183,6 @@ describe 'neutron::server' do end end - shared_examples_for 'a neutron server with auth_admin_prefix set' do - [ '/keystone', '/keystone/admin' ].each do |auth_admin_prefix| - describe "with keystone_auth_admin_prefix containing incorrect value #{auth_admin_prefix}" do - before do - params.merge!({ - :auth_admin_prefix => auth_admin_prefix, - }) - end - it do - is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with( - :value => params[:auth_admin_prefix] - ) - end - end - end - end - - shared_examples_for 'a neutron server with some incorrect auth_admin_prefix set' do - [ '/keystone/', 'keystone/', 'keystone' ].each do |auth_admin_prefix| - describe "with keystone_auth_admin_prefix containing incorrect value #{auth_admin_prefix}" do - before do - params.merge!({ - :auth_admin_prefix => auth_admin_prefix, - }) - end - it_raises 'a Puppet::Error', /validate_re\(\): "#{auth_admin_prefix}" does not match/ - end - end - end - shared_examples_for 'a neutron server with broken authentication' do before do params.delete(:auth_password) @@ -238,50 +201,6 @@ describe 'neutron::server' do end end - describe "with custom keystone auth_uri" do - let :facts do - @default_facts.merge(test_facts.merge({ - :osfamily => 'RedHat', - :operatingsystemrelease => '7' - })) - end - before do - params.merge!({ - :auth_uri => 'https://foo.bar:1234/', - }) - end - it 'configures auth_uri' do - is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:1234/"); - # since only auth_uri is set the deprecated auth parameters should - # still get set in case they are still in use - is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with_value('localhost'); - is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with_value('35357'); - is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with_value('http'); - end - end - - describe "with custom keystone identity_uri" do - let :facts do - @default_facts.merge(test_facts.merge({ - :osfamily => 'RedHat', - :operatingsystemrelease => '7' - })) - end - before do - params.merge!({ - :identity_uri => 'https://foo.bar:1234/', - }) - end - it 'configures identity_uri' do - is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/"); - # since only auth_uri is set the deprecated auth parameters should - # still get set in case they are still in use - is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with_value('localhost'); - is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with_value('35357'); - is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with_value('http'); - end - end - describe "with custom keystone identity_uri and auth_uri" do let :facts do @default_facts.merge(test_facts.merge({ @@ -298,10 +217,6 @@ describe 'neutron::server' do it 'configures identity_uri and auth_uri but deprecates old auth settings' do is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/"); is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/"); - is_expected.to contain_neutron_config('keystone_authtoken/auth_admin_prefix').with(:ensure => 'absent') - is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with(:ensure => 'absent') - is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with(:ensure => 'absent') - is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with(:ensure => 'absent') end end @@ -337,8 +252,6 @@ describe 'neutron::server' do it_configures 'a neutron server' it_configures 'a neutron server with broken authentication' - it_configures 'a neutron server with auth_admin_prefix set' - it_configures 'a neutron server with some incorrect auth_admin_prefix set' it_configures 'a neutron server without database synchronization' end @@ -357,8 +270,6 @@ describe 'neutron::server' do it_configures 'a neutron server' it_configures 'a neutron server with broken authentication' - it_configures 'a neutron server with auth_admin_prefix set' - it_configures 'a neutron server with some incorrect auth_admin_prefix set' it_configures 'a neutron server without database synchronization' end end