Allow for keypair auth in ansible driver

Using some providers we may want to use keypair
auth over username/password.

Change-Id: Ib4c8789e8bf1033a5b4521423130fcaa87296500

manifests/plugins/ml2/networking_ansible.pp

@@ -16,7 +16,7 @@
 #     <host2> => {"ansible_network_os" => "junos",
 #                 "ansible_host" => "10.0.0.2",
 #                 "ansible_user" => 'ansible',
-#                 "ansible_ssh_pass" => "***"},
+#                 "ansible_ssh_private_key_file" => "/private/key"},
 #  }
 #
 # [*package_ensure*]

manifests/plugins/ml2/networking_ansible_host.pp

@@ -14,7 +14,12 @@
 #   (required) Username to connect to the network device
 #
 # [*ansible_ssh_pass*]
-#   (required) SSH password to connect to the network device
+#   SSH password to connect to the network device
+#   This or ansible_ssh_private_key_file should be provided
+#
+# [*ansible_ssh_private_key_file*]
+#   SSH private key to connect to the network device
+#   This or ansible_ssh_pass should be provided
 #
 # [*hostname*]
 # (required) The hostname of a host connected to the switch.
@@ -23,17 +28,24 @@ define neutron::plugins::ml2::networking_ansible_host(
   $ansible_network_os,
   $ansible_host,
   $ansible_user,
-  $ansible_ssh_pass,
+  $ansible_ssh_pass             = undef,
+  $ansible_ssh_private_key_file = undef,
   $hostname                     = $title,
   ) {
   include ::neutron::deps
   require ::neutron::plugins::ml2
 
+  if (($ansible_ssh_pass == undef and $ansible_ssh_private_key_file == undef) or
+      ($ansible_ssh_pass != undef and $ansible_ssh_private_key_file != undef)) {
+    fail('One of ansible_ssh_pass OR ansible_ssh_private_key_file should be set')
+  }
+
   $section = "ansible:${hostname}"
   neutron_plugin_ml2 {
     "${section}/ansible_network_os":           value => $ansible_network_os;
     "${section}/ansible_host":                 value => $ansible_host;
     "${section}/ansible_user":                 value => $ansible_user;
     "${section}/ansible_ssh_pass":             value => $ansible_ssh_pass, secret => true;
+    "${section}/ansible_ssh_private_key_file": value => $ansible_ssh_private_key_file;
   }
 }

spec/classes/neutron_plugins_ml2_networking_ansible_spec.rb

@@ -21,7 +21,7 @@ describe 'neutron::plugins::ml2::networking_ansible' do
         'host2' => { 'ansible_network_os' => 'junos',
                      'ansible_host' => '10.0.0.1',
                      'ansible_user' => 'ansible',
-                     'ansible_ssh_pass' => 'password2'},}
+                     'ansible_ssh_private_key_file' => '/path/to/key'},}
     }
   end
 
@@ -44,6 +44,12 @@ describe 'neutron::plugins::ml2::networking_ansible' do
     it {
      params[:host_configs].each do |host_config|
        is_expected.to contain_neutron__plugins__ml2__networking_ansible_host(host_config.first)
+
+       is_expected.to contain_neutron_plugin_ml2('ansible:host1/ansible_ssh_pass').with_value('password1')
+       is_expected.to contain_neutron_plugin_ml2('ansible:host1/ansible_ssh_private_key_file').with_value(nil)
+
+       is_expected.to contain_neutron_plugin_ml2('ansible:host2/ansible_ssh_private_key_file').with_value('/path/to/key')
+       is_expected.to contain_neutron_plugin_ml2('ansible:host2/ansible_ssh_pass').with_value(nil)
      end
     }
   end