Use identity_uri and auth_uri by default

auth_host, auth_port, auth_protocol and auth_admin_prefix parameters are
deprecated and can be removed

Change-Id: If7cf7412df7666e0787dfc01abe48fddabdcb5ac
Closes-bug: #1528963
This commit is contained in:
Sergey Kolekonov 2015-12-24 14:04:57 +03:00
parent fd0d670c58
commit 46aef980c9
2 changed files with 9 additions and 226 deletions

View File

@ -34,24 +34,6 @@
# (optional) What auth system to use # (optional) What auth system to use
# Defaults to 'keystone'. Can other be 'noauth' # Defaults to 'keystone'. Can other be 'noauth'
# #
# [*auth_host*]
# (optional) DEPRECATED. The keystone host
# Defaults to localhost.
#
# [*auth_protocol*]
# (optional) DEPRECATED. The protocol used to access the auth host
# Defaults to http.
#
# [*auth_port*]
# (optional) DEPRECATED. The keystone auth port
# Defaults to 35357.
#
# [*auth_admin_prefix*]
# (optional) The admin_prefix used to admin endpoint of the auth host
# This allow admin auth URIs like http://auth_host:35357/keystone.
# (where '/keystone' is the admin prefix)
# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
#
# [*auth_region*] # [*auth_region*]
# (optional) The authentication region. Note this value is case-sensitive and # (optional) The authentication region. Note this value is case-sensitive and
# must match the endpoint region defined in Keystone. # must match the endpoint region defined in Keystone.
@ -67,11 +49,11 @@
# #
# [*auth_uri*] # [*auth_uri*]
# (optional) Complete public Identity API endpoint. # (optional) Complete public Identity API endpoint.
# Defaults to: false # Defaults to: 'http://localhost:5000/'
# #
# [*identity_uri*] # [*identity_uri*]
# (optional) Complete admin Identity API endpoint. # (optional) Complete admin Identity API endpoint.
# Defaults to: false # Defaults to: 'http://localhost:35357/'
# #
# [*database_connection*] # [*database_connection*]
# (optional) Connection url for the neutron database. # (optional) Connection url for the neutron database.
@ -210,8 +192,8 @@ class neutron::server (
$auth_type = 'keystone', $auth_type = 'keystone',
$auth_tenant = 'services', $auth_tenant = 'services',
$auth_user = 'neutron', $auth_user = 'neutron',
$auth_uri = false, $auth_uri = 'http://localhost:5000/',
$identity_uri = false, $identity_uri = 'http://localhost:35357/',
$database_connection = undef, $database_connection = undef,
$database_max_retries = undef, $database_max_retries = undef,
$database_idle_timeout = undef, $database_idle_timeout = undef,
@ -232,10 +214,6 @@ class neutron::server (
$l3_ha_net_cidr = $::os_service_default, $l3_ha_net_cidr = $::os_service_default,
$qos_notification_drivers = $::os_service_default, $qos_notification_drivers = $::os_service_default,
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
$auth_host = 'localhost',
$auth_port = '35357',
$auth_protocol = 'http',
$auth_admin_prefix = false,
$log_dir = undef, $log_dir = undef,
$log_file = undef, $log_file = undef,
$report_interval = undef, $report_interval = undef,
@ -343,125 +321,19 @@ class neutron::server (
'filter:authtoken/admin_password': value => $auth_password, secret => true; 'filter:authtoken/admin_password': value => $auth_password, secret => true;
} }
# if both auth_uri and identity_uri are set we skip these deprecated settings entirely
if !$auth_uri or !$identity_uri {
if $auth_admin_prefix {
warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
neutron_config { neutron_config {
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix; 'keystone_authtoken/auth_uri': value => $auth_uri;
'keystone_authtoken/identity_uri': value => $identity_uri;
} }
neutron_api_config { neutron_api_config {
'filter:authtoken/auth_admin_prefix': value => $auth_admin_prefix; 'filter:authtoken/auth_uri': value => $auth_uri;
} 'filter:authtoken/identity_uri': value => $identity_uri;
} else {
neutron_config {
'keystone_authtoken/auth_admin_prefix': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_admin_prefix': ensure => absent;
}
}
if $auth_host {
warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
neutron_config {
'keystone_authtoken/auth_host': value => $auth_host;
}
neutron_api_config {
'filter:authtoken/auth_host': value => $auth_host;
}
} else{
neutron_config {
'keystone_authtoken/auth_host': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_host': ensure => absent;
}
}
if $auth_port {
warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
neutron_config {
'keystone_authtoken/auth_port': value => $auth_port;
}
neutron_api_config {
'filter:authtoken/auth_port': value => $auth_port;
}
} else{
neutron_config {
'keystone_authtoken/auth_port': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_port': ensure => absent;
}
}
if $auth_protocol {
warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
neutron_config {
'keystone_authtoken/auth_protocol': value => $auth_protocol;
}
neutron_api_config {
'filter:authtoken/auth_protocol': value => $auth_protocol;
}
} else{
neutron_config {
'keystone_authtoken/auth_protocol': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_protocol': ensure => absent;
}
}
} else {
neutron_config {
'keystone_authtoken/auth_admin_prefix': ensure => absent;
'keystone_authtoken/auth_host': ensure => absent;
'keystone_authtoken/auth_port': ensure => absent;
'keystone_authtoken/auth_protocol': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_admin_prefix': ensure => absent;
'filter:authtoken/auth_host': ensure => absent;
'filter:authtoken/auth_port': ensure => absent;
'filter:authtoken/auth_protocol': ensure => absent;
}
}
if $auth_uri {
$auth_uri_real = $auth_uri
} elsif $auth_host and $auth_protocol and $auth_port {
$auth_uri_real = "${auth_protocol}://${auth_host}:5000/"
}
neutron_config {
'keystone_authtoken/auth_uri': value => $auth_uri_real;
}
neutron_api_config {
'filter:authtoken/auth_uri': value => $auth_uri_real;
} }
neutron_config { neutron_config {
'keystone_authtoken/auth_region': value => $auth_region; 'keystone_authtoken/auth_region': value => $auth_region;
} }
if $identity_uri {
neutron_config {
'keystone_authtoken/identity_uri': value => $identity_uri;
}
neutron_api_config {
'filter:authtoken/identity_uri': value => $identity_uri;
}
} else {
neutron_config {
'keystone_authtoken/identity_uri': ensure => absent;
}
neutron_api_config {
'filter:authtoken/identity_uri': ensure => absent;
}
}
} }
} }

View File

@ -15,8 +15,6 @@ describe 'neutron::server' do
{ :package_ensure => 'present', { :package_ensure => 'present',
:enabled => true, :enabled => true,
:auth_type => 'keystone', :auth_type => 'keystone',
:auth_host => 'localhost',
:auth_port => '35357',
:auth_tenant => 'services', :auth_tenant => 'services',
:auth_user => 'neutron', :auth_user => 'neutron',
:database_connection => 'sqlite:////var/lib/neutron/ovs.sqlite', :database_connection => 'sqlite:////var/lib/neutron/ovs.sqlite',
@ -50,14 +48,12 @@ describe 'neutron::server' do
it { is_expected.to contain_class('neutron::policy') } it { is_expected.to contain_class('neutron::policy') }
it 'configures authentication middleware' do it 'configures authentication middleware' do
is_expected.to contain_neutron_api_config('filter:authtoken/auth_host').with_value(p[:auth_host]);
is_expected.to contain_neutron_api_config('filter:authtoken/auth_port').with_value(p[:auth_port]);
is_expected.to contain_neutron_api_config('filter:authtoken/admin_tenant_name').with_value(p[:auth_tenant]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_tenant_name').with_value(p[:auth_tenant]);
is_expected.to contain_neutron_api_config('filter:authtoken/admin_user').with_value(p[:auth_user]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_user').with_value(p[:auth_user]);
is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_value(p[:auth_password]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_value(p[:auth_password]);
is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_secret( true ) is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_secret( true )
is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with(:ensure => 'absent')
is_expected.to contain_neutron_api_config('filter:authtoken/auth_uri').with_value("http://localhost:5000/"); is_expected.to contain_neutron_api_config('filter:authtoken/auth_uri').with_value("http://localhost:5000/");
is_expected.to contain_neutron_api_config('filter:authtoken/identity_uri').with_value("http://localhost:35357/");
end end
it 'installs neutron server package' do it 'installs neutron server package' do
@ -84,9 +80,6 @@ describe 'neutron::server' do
:tag => ['neutron-service', 'neutron-db-sync-service'], :tag => ['neutron-service', 'neutron-db-sync-service'],
) )
is_expected.not_to contain_class('neutron::db::sync') is_expected.not_to contain_class('neutron::db::sync')
is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with(
:ensure => 'absent'
)
is_expected.to contain_service('neutron-server').with_name('neutron-server') is_expected.to contain_service('neutron-server').with_name('neutron-server')
is_expected.to contain_neutron_config('DEFAULT/api_workers').with_value(facts[:processorcount]) is_expected.to contain_neutron_config('DEFAULT/api_workers').with_value(facts[:processorcount])
is_expected.to contain_neutron_config('DEFAULT/rpc_workers').with_value(facts[:processorcount]) is_expected.to contain_neutron_config('DEFAULT/rpc_workers').with_value(facts[:processorcount])
@ -190,36 +183,6 @@ describe 'neutron::server' do
end end
end end
shared_examples_for 'a neutron server with auth_admin_prefix set' do
[ '/keystone', '/keystone/admin' ].each do |auth_admin_prefix|
describe "with keystone_auth_admin_prefix containing incorrect value #{auth_admin_prefix}" do
before do
params.merge!({
:auth_admin_prefix => auth_admin_prefix,
})
end
it do
is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with(
:value => params[:auth_admin_prefix]
)
end
end
end
end
shared_examples_for 'a neutron server with some incorrect auth_admin_prefix set' do
[ '/keystone/', 'keystone/', 'keystone' ].each do |auth_admin_prefix|
describe "with keystone_auth_admin_prefix containing incorrect value #{auth_admin_prefix}" do
before do
params.merge!({
:auth_admin_prefix => auth_admin_prefix,
})
end
it_raises 'a Puppet::Error', /validate_re\(\): "#{auth_admin_prefix}" does not match/
end
end
end
shared_examples_for 'a neutron server with broken authentication' do shared_examples_for 'a neutron server with broken authentication' do
before do before do
params.delete(:auth_password) params.delete(:auth_password)
@ -238,50 +201,6 @@ describe 'neutron::server' do
end end
end end
describe "with custom keystone auth_uri" do
let :facts do
@default_facts.merge(test_facts.merge({
:osfamily => 'RedHat',
:operatingsystemrelease => '7'
}))
end
before do
params.merge!({
:auth_uri => 'https://foo.bar:1234/',
})
end
it 'configures auth_uri' do
is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:1234/");
# since only auth_uri is set the deprecated auth parameters should
# still get set in case they are still in use
is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with_value('localhost');
is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with_value('35357');
is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with_value('http');
end
end
describe "with custom keystone identity_uri" do
let :facts do
@default_facts.merge(test_facts.merge({
:osfamily => 'RedHat',
:operatingsystemrelease => '7'
}))
end
before do
params.merge!({
:identity_uri => 'https://foo.bar:1234/',
})
end
it 'configures identity_uri' do
is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/");
# since only auth_uri is set the deprecated auth parameters should
# still get set in case they are still in use
is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with_value('localhost');
is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with_value('35357');
is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with_value('http');
end
end
describe "with custom keystone identity_uri and auth_uri" do describe "with custom keystone identity_uri and auth_uri" do
let :facts do let :facts do
@default_facts.merge(test_facts.merge({ @default_facts.merge(test_facts.merge({
@ -298,10 +217,6 @@ describe 'neutron::server' do
it 'configures identity_uri and auth_uri but deprecates old auth settings' do it 'configures identity_uri and auth_uri but deprecates old auth settings' do
is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/"); is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/"); is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
is_expected.to contain_neutron_config('keystone_authtoken/auth_admin_prefix').with(:ensure => 'absent')
is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with(:ensure => 'absent')
is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with(:ensure => 'absent')
is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with(:ensure => 'absent')
end end
end end
@ -337,8 +252,6 @@ describe 'neutron::server' do
it_configures 'a neutron server' it_configures 'a neutron server'
it_configures 'a neutron server with broken authentication' it_configures 'a neutron server with broken authentication'
it_configures 'a neutron server with auth_admin_prefix set'
it_configures 'a neutron server with some incorrect auth_admin_prefix set'
it_configures 'a neutron server without database synchronization' it_configures 'a neutron server without database synchronization'
end end
@ -357,8 +270,6 @@ describe 'neutron::server' do
it_configures 'a neutron server' it_configures 'a neutron server'
it_configures 'a neutron server with broken authentication' it_configures 'a neutron server with broken authentication'
it_configures 'a neutron server with auth_admin_prefix set'
it_configures 'a neutron server with some incorrect auth_admin_prefix set'
it_configures 'a neutron server without database synchronization' it_configures 'a neutron server without database synchronization'
end end
end end