Allow for keypair auth in ansible driver

Using some providers we may want to use keypair auth over username/password. Change-Id: Ib4c8789e8bf1033a5b4521423130fcaa87296500
2018-09-04 15:38:36 +01:00 · 2018-09-04 15:38:36 +01:00 · 849d562d8a
parent e425504234
commit 849d562d8a
3 changed files with 27 additions and 9 deletions
--- a/manifests/plugins/ml2/networking_ansible.pp
+++ b/manifests/plugins/ml2/networking_ansible.pp
@ -16,7 +16,7 @@
 #     <host2> => {"ansible_network_os" => "junos",
 #                 "ansible_host" => "10.0.0.2",
 #                 "ansible_user" => 'ansible',
-#                 "ansible_ssh_pass" => "***"},
+#                 "ansible_ssh_private_key_file" => "/private/key"},
 #  }
 #
 # [*package_ensure*]
--- a/manifests/plugins/ml2/networking_ansible_host.pp
+++ b/manifests/plugins/ml2/networking_ansible_host.pp
@ -14,7 +14,12 @@
 #   (required) Username to connect to the network device
 #
 # [*ansible_ssh_pass*]
-#   (required) SSH password to connect to the network device
+#   SSH password to connect to the network device
+#   This or ansible_ssh_private_key_file should be provided
+#
+# [*ansible_ssh_private_key_file*]
+#   SSH private key to connect to the network device
+#   This or ansible_ssh_pass should be provided
 #
 # [*hostname*]
 # (required) The hostname of a host connected to the switch.
@ -23,17 +28,24 @@ define neutron::plugins::ml2::networking_ansible_host(
  $ansible_network_os,
  $ansible_host,
  $ansible_user,
-  $ansible_ssh_pass,
-  $hostname = $title,
+  $ansible_ssh_pass             = undef,
+  $ansible_ssh_private_key_file = undef,
+  $hostname                     = $title,
  ) {
  include ::neutron::deps
  require ::neutron::plugins::ml2

+  if (($ansible_ssh_pass == undef and $ansible_ssh_private_key_file == undef) or
+      ($ansible_ssh_pass != undef and $ansible_ssh_private_key_file != undef)) {
+    fail('One of ansible_ssh_pass OR ansible_ssh_private_key_file should be set')
+  }
+
  $section = "ansible:${hostname}"
  neutron_plugin_ml2 {
-    "${section}/ansible_network_os":   value => $ansible_network_os;
-    "${section}/ansible_host":         value => $ansible_host;
-    "${section}/ansible_user":         value => $ansible_user;
-    "${section}/ansible_ssh_pass":     value => $ansible_ssh_pass, secret => true;
+    "${section}/ansible_network_os":           value => $ansible_network_os;
+    "${section}/ansible_host":                 value => $ansible_host;
+    "${section}/ansible_user":                 value => $ansible_user;
+    "${section}/ansible_ssh_pass":             value => $ansible_ssh_pass, secret => true;
+    "${section}/ansible_ssh_private_key_file": value => $ansible_ssh_private_key_file;
  }
 }
--- a/spec/classes/neutron_plugins_ml2_networking_ansible_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_networking_ansible_spec.rb
@ -21,7 +21,7 @@ describe 'neutron::plugins::ml2::networking_ansible' do
        'host2' => { 'ansible_network_os' => 'junos',
                     'ansible_host' => '10.0.0.1',
                     'ansible_user' => 'ansible',
-                     'ansible_ssh_pass' => 'password2'},}
+                     'ansible_ssh_private_key_file' => '/path/to/key'},}
    }
  end

@ -44,6 +44,12 @@ describe 'neutron::plugins::ml2::networking_ansible' do
    it {
     params[:host_configs].each do |host_config|
       is_expected.to contain_neutron__plugins__ml2__networking_ansible_host(host_config.first)
+
+       is_expected.to contain_neutron_plugin_ml2('ansible:host1/ansible_ssh_pass').with_value('password1')
+       is_expected.to contain_neutron_plugin_ml2('ansible:host1/ansible_ssh_private_key_file').with_value(nil)
+
+       is_expected.to contain_neutron_plugin_ml2('ansible:host2/ansible_ssh_private_key_file').with_value('/path/to/key')
+       is_expected.to contain_neutron_plugin_ml2('ansible:host2/ansible_ssh_pass').with_value(nil)
     end
    }
  end