Use identity_uri and auth_uri by default
auth_host, auth_port, auth_protocol and auth_admin_prefix parameters are deprecated and can be removed Change-Id: If7cf7412df7666e0787dfc01abe48fddabdcb5ac Closes-bug: #1528963
This commit is contained in:
parent
fd0d670c58
commit
46aef980c9
@ -34,24 +34,6 @@
|
|||||||
# (optional) What auth system to use
|
# (optional) What auth system to use
|
||||||
# Defaults to 'keystone'. Can other be 'noauth'
|
# Defaults to 'keystone'. Can other be 'noauth'
|
||||||
#
|
#
|
||||||
# [*auth_host*]
|
|
||||||
# (optional) DEPRECATED. The keystone host
|
|
||||||
# Defaults to localhost.
|
|
||||||
#
|
|
||||||
# [*auth_protocol*]
|
|
||||||
# (optional) DEPRECATED. The protocol used to access the auth host
|
|
||||||
# Defaults to http.
|
|
||||||
#
|
|
||||||
# [*auth_port*]
|
|
||||||
# (optional) DEPRECATED. The keystone auth port
|
|
||||||
# Defaults to 35357.
|
|
||||||
#
|
|
||||||
# [*auth_admin_prefix*]
|
|
||||||
# (optional) The admin_prefix used to admin endpoint of the auth host
|
|
||||||
# This allow admin auth URIs like http://auth_host:35357/keystone.
|
|
||||||
# (where '/keystone' is the admin prefix)
|
|
||||||
# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
|
|
||||||
#
|
|
||||||
# [*auth_region*]
|
# [*auth_region*]
|
||||||
# (optional) The authentication region. Note this value is case-sensitive and
|
# (optional) The authentication region. Note this value is case-sensitive and
|
||||||
# must match the endpoint region defined in Keystone.
|
# must match the endpoint region defined in Keystone.
|
||||||
@ -67,11 +49,11 @@
|
|||||||
#
|
#
|
||||||
# [*auth_uri*]
|
# [*auth_uri*]
|
||||||
# (optional) Complete public Identity API endpoint.
|
# (optional) Complete public Identity API endpoint.
|
||||||
# Defaults to: false
|
# Defaults to: 'http://localhost:5000/'
|
||||||
#
|
#
|
||||||
# [*identity_uri*]
|
# [*identity_uri*]
|
||||||
# (optional) Complete admin Identity API endpoint.
|
# (optional) Complete admin Identity API endpoint.
|
||||||
# Defaults to: false
|
# Defaults to: 'http://localhost:35357/'
|
||||||
#
|
#
|
||||||
# [*database_connection*]
|
# [*database_connection*]
|
||||||
# (optional) Connection url for the neutron database.
|
# (optional) Connection url for the neutron database.
|
||||||
@ -210,8 +192,8 @@ class neutron::server (
|
|||||||
$auth_type = 'keystone',
|
$auth_type = 'keystone',
|
||||||
$auth_tenant = 'services',
|
$auth_tenant = 'services',
|
||||||
$auth_user = 'neutron',
|
$auth_user = 'neutron',
|
||||||
$auth_uri = false,
|
$auth_uri = 'http://localhost:5000/',
|
||||||
$identity_uri = false,
|
$identity_uri = 'http://localhost:35357/',
|
||||||
$database_connection = undef,
|
$database_connection = undef,
|
||||||
$database_max_retries = undef,
|
$database_max_retries = undef,
|
||||||
$database_idle_timeout = undef,
|
$database_idle_timeout = undef,
|
||||||
@ -232,10 +214,6 @@ class neutron::server (
|
|||||||
$l3_ha_net_cidr = $::os_service_default,
|
$l3_ha_net_cidr = $::os_service_default,
|
||||||
$qos_notification_drivers = $::os_service_default,
|
$qos_notification_drivers = $::os_service_default,
|
||||||
# DEPRECATED PARAMETERS
|
# DEPRECATED PARAMETERS
|
||||||
$auth_host = 'localhost',
|
|
||||||
$auth_port = '35357',
|
|
||||||
$auth_protocol = 'http',
|
|
||||||
$auth_admin_prefix = false,
|
|
||||||
$log_dir = undef,
|
$log_dir = undef,
|
||||||
$log_file = undef,
|
$log_file = undef,
|
||||||
$report_interval = undef,
|
$report_interval = undef,
|
||||||
@ -343,125 +321,19 @@ class neutron::server (
|
|||||||
'filter:authtoken/admin_password': value => $auth_password, secret => true;
|
'filter:authtoken/admin_password': value => $auth_password, secret => true;
|
||||||
}
|
}
|
||||||
|
|
||||||
# if both auth_uri and identity_uri are set we skip these deprecated settings entirely
|
|
||||||
if !$auth_uri or !$identity_uri {
|
|
||||||
|
|
||||||
if $auth_admin_prefix {
|
|
||||||
warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
|
|
||||||
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
|
|
||||||
neutron_config {
|
neutron_config {
|
||||||
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
|
'keystone_authtoken/auth_uri': value => $auth_uri;
|
||||||
|
'keystone_authtoken/identity_uri': value => $identity_uri;
|
||||||
}
|
}
|
||||||
neutron_api_config {
|
neutron_api_config {
|
||||||
'filter:authtoken/auth_admin_prefix': value => $auth_admin_prefix;
|
'filter:authtoken/auth_uri': value => $auth_uri;
|
||||||
}
|
'filter:authtoken/identity_uri': value => $identity_uri;
|
||||||
} else {
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/auth_admin_prefix': ensure => absent;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/auth_admin_prefix': ensure => absent;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if $auth_host {
|
|
||||||
warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/auth_host': value => $auth_host;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/auth_host': value => $auth_host;
|
|
||||||
}
|
|
||||||
} else{
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/auth_host': ensure => absent;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/auth_host': ensure => absent;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if $auth_port {
|
|
||||||
warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/auth_port': value => $auth_port;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/auth_port': value => $auth_port;
|
|
||||||
}
|
|
||||||
} else{
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/auth_port': ensure => absent;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/auth_port': ensure => absent;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if $auth_protocol {
|
|
||||||
warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/auth_protocol': value => $auth_protocol;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/auth_protocol': value => $auth_protocol;
|
|
||||||
}
|
|
||||||
} else{
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/auth_protocol': ensure => absent;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/auth_protocol': ensure => absent;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/auth_admin_prefix': ensure => absent;
|
|
||||||
'keystone_authtoken/auth_host': ensure => absent;
|
|
||||||
'keystone_authtoken/auth_port': ensure => absent;
|
|
||||||
'keystone_authtoken/auth_protocol': ensure => absent;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/auth_admin_prefix': ensure => absent;
|
|
||||||
'filter:authtoken/auth_host': ensure => absent;
|
|
||||||
'filter:authtoken/auth_port': ensure => absent;
|
|
||||||
'filter:authtoken/auth_protocol': ensure => absent;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if $auth_uri {
|
|
||||||
$auth_uri_real = $auth_uri
|
|
||||||
} elsif $auth_host and $auth_protocol and $auth_port {
|
|
||||||
$auth_uri_real = "${auth_protocol}://${auth_host}:5000/"
|
|
||||||
}
|
|
||||||
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/auth_uri': value => $auth_uri_real;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/auth_uri': value => $auth_uri_real;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
neutron_config {
|
neutron_config {
|
||||||
'keystone_authtoken/auth_region': value => $auth_region;
|
'keystone_authtoken/auth_region': value => $auth_region;
|
||||||
}
|
}
|
||||||
|
|
||||||
if $identity_uri {
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/identity_uri': value => $identity_uri;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/identity_uri': value => $identity_uri;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
neutron_config {
|
|
||||||
'keystone_authtoken/identity_uri': ensure => absent;
|
|
||||||
}
|
|
||||||
neutron_api_config {
|
|
||||||
'filter:authtoken/identity_uri': ensure => absent;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -15,8 +15,6 @@ describe 'neutron::server' do
|
|||||||
{ :package_ensure => 'present',
|
{ :package_ensure => 'present',
|
||||||
:enabled => true,
|
:enabled => true,
|
||||||
:auth_type => 'keystone',
|
:auth_type => 'keystone',
|
||||||
:auth_host => 'localhost',
|
|
||||||
:auth_port => '35357',
|
|
||||||
:auth_tenant => 'services',
|
:auth_tenant => 'services',
|
||||||
:auth_user => 'neutron',
|
:auth_user => 'neutron',
|
||||||
:database_connection => 'sqlite:////var/lib/neutron/ovs.sqlite',
|
:database_connection => 'sqlite:////var/lib/neutron/ovs.sqlite',
|
||||||
@ -50,14 +48,12 @@ describe 'neutron::server' do
|
|||||||
it { is_expected.to contain_class('neutron::policy') }
|
it { is_expected.to contain_class('neutron::policy') }
|
||||||
|
|
||||||
it 'configures authentication middleware' do
|
it 'configures authentication middleware' do
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/auth_host').with_value(p[:auth_host]);
|
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/auth_port').with_value(p[:auth_port]);
|
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/admin_tenant_name').with_value(p[:auth_tenant]);
|
is_expected.to contain_neutron_api_config('filter:authtoken/admin_tenant_name').with_value(p[:auth_tenant]);
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/admin_user').with_value(p[:auth_user]);
|
is_expected.to contain_neutron_api_config('filter:authtoken/admin_user').with_value(p[:auth_user]);
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_value(p[:auth_password]);
|
is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_value(p[:auth_password]);
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_secret( true )
|
is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_secret( true )
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with(:ensure => 'absent')
|
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/auth_uri').with_value("http://localhost:5000/");
|
is_expected.to contain_neutron_api_config('filter:authtoken/auth_uri').with_value("http://localhost:5000/");
|
||||||
|
is_expected.to contain_neutron_api_config('filter:authtoken/identity_uri').with_value("http://localhost:35357/");
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'installs neutron server package' do
|
it 'installs neutron server package' do
|
||||||
@ -84,9 +80,6 @@ describe 'neutron::server' do
|
|||||||
:tag => ['neutron-service', 'neutron-db-sync-service'],
|
:tag => ['neutron-service', 'neutron-db-sync-service'],
|
||||||
)
|
)
|
||||||
is_expected.not_to contain_class('neutron::db::sync')
|
is_expected.not_to contain_class('neutron::db::sync')
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with(
|
|
||||||
:ensure => 'absent'
|
|
||||||
)
|
|
||||||
is_expected.to contain_service('neutron-server').with_name('neutron-server')
|
is_expected.to contain_service('neutron-server').with_name('neutron-server')
|
||||||
is_expected.to contain_neutron_config('DEFAULT/api_workers').with_value(facts[:processorcount])
|
is_expected.to contain_neutron_config('DEFAULT/api_workers').with_value(facts[:processorcount])
|
||||||
is_expected.to contain_neutron_config('DEFAULT/rpc_workers').with_value(facts[:processorcount])
|
is_expected.to contain_neutron_config('DEFAULT/rpc_workers').with_value(facts[:processorcount])
|
||||||
@ -190,36 +183,6 @@ describe 'neutron::server' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'a neutron server with auth_admin_prefix set' do
|
|
||||||
[ '/keystone', '/keystone/admin' ].each do |auth_admin_prefix|
|
|
||||||
describe "with keystone_auth_admin_prefix containing incorrect value #{auth_admin_prefix}" do
|
|
||||||
before do
|
|
||||||
params.merge!({
|
|
||||||
:auth_admin_prefix => auth_admin_prefix,
|
|
||||||
})
|
|
||||||
end
|
|
||||||
it do
|
|
||||||
is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with(
|
|
||||||
:value => params[:auth_admin_prefix]
|
|
||||||
)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
shared_examples_for 'a neutron server with some incorrect auth_admin_prefix set' do
|
|
||||||
[ '/keystone/', 'keystone/', 'keystone' ].each do |auth_admin_prefix|
|
|
||||||
describe "with keystone_auth_admin_prefix containing incorrect value #{auth_admin_prefix}" do
|
|
||||||
before do
|
|
||||||
params.merge!({
|
|
||||||
:auth_admin_prefix => auth_admin_prefix,
|
|
||||||
})
|
|
||||||
end
|
|
||||||
it_raises 'a Puppet::Error', /validate_re\(\): "#{auth_admin_prefix}" does not match/
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
shared_examples_for 'a neutron server with broken authentication' do
|
shared_examples_for 'a neutron server with broken authentication' do
|
||||||
before do
|
before do
|
||||||
params.delete(:auth_password)
|
params.delete(:auth_password)
|
||||||
@ -238,50 +201,6 @@ describe 'neutron::server' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "with custom keystone auth_uri" do
|
|
||||||
let :facts do
|
|
||||||
@default_facts.merge(test_facts.merge({
|
|
||||||
:osfamily => 'RedHat',
|
|
||||||
:operatingsystemrelease => '7'
|
|
||||||
}))
|
|
||||||
end
|
|
||||||
before do
|
|
||||||
params.merge!({
|
|
||||||
:auth_uri => 'https://foo.bar:1234/',
|
|
||||||
})
|
|
||||||
end
|
|
||||||
it 'configures auth_uri' do
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:1234/");
|
|
||||||
# since only auth_uri is set the deprecated auth parameters should
|
|
||||||
# still get set in case they are still in use
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with_value('localhost');
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with_value('35357');
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with_value('http');
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe "with custom keystone identity_uri" do
|
|
||||||
let :facts do
|
|
||||||
@default_facts.merge(test_facts.merge({
|
|
||||||
:osfamily => 'RedHat',
|
|
||||||
:operatingsystemrelease => '7'
|
|
||||||
}))
|
|
||||||
end
|
|
||||||
before do
|
|
||||||
params.merge!({
|
|
||||||
:identity_uri => 'https://foo.bar:1234/',
|
|
||||||
})
|
|
||||||
end
|
|
||||||
it 'configures identity_uri' do
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/");
|
|
||||||
# since only auth_uri is set the deprecated auth parameters should
|
|
||||||
# still get set in case they are still in use
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with_value('localhost');
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with_value('35357');
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with_value('http');
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe "with custom keystone identity_uri and auth_uri" do
|
describe "with custom keystone identity_uri and auth_uri" do
|
||||||
let :facts do
|
let :facts do
|
||||||
@default_facts.merge(test_facts.merge({
|
@default_facts.merge(test_facts.merge({
|
||||||
@ -298,10 +217,6 @@ describe 'neutron::server' do
|
|||||||
it 'configures identity_uri and auth_uri but deprecates old auth settings' do
|
it 'configures identity_uri and auth_uri but deprecates old auth settings' do
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
|
is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
|
is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_admin_prefix').with(:ensure => 'absent')
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with(:ensure => 'absent')
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with(:ensure => 'absent')
|
|
||||||
is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with(:ensure => 'absent')
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -337,8 +252,6 @@ describe 'neutron::server' do
|
|||||||
|
|
||||||
it_configures 'a neutron server'
|
it_configures 'a neutron server'
|
||||||
it_configures 'a neutron server with broken authentication'
|
it_configures 'a neutron server with broken authentication'
|
||||||
it_configures 'a neutron server with auth_admin_prefix set'
|
|
||||||
it_configures 'a neutron server with some incorrect auth_admin_prefix set'
|
|
||||||
it_configures 'a neutron server without database synchronization'
|
it_configures 'a neutron server without database synchronization'
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -357,8 +270,6 @@ describe 'neutron::server' do
|
|||||||
|
|
||||||
it_configures 'a neutron server'
|
it_configures 'a neutron server'
|
||||||
it_configures 'a neutron server with broken authentication'
|
it_configures 'a neutron server with broken authentication'
|
||||||
it_configures 'a neutron server with auth_admin_prefix set'
|
|
||||||
it_configures 'a neutron server with some incorrect auth_admin_prefix set'
|
|
||||||
it_configures 'a neutron server without database synchronization'
|
it_configures 'a neutron server without database synchronization'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user