From 8ce1ea3d936856354beff4a8df18d05fd5e2c6c7 Mon Sep 17 00:00:00 2001
From: waleedm <waleedm@nvidia.com>
Date: Tue, 19 Oct 2021 11:02:14 +0000
Subject: [PATCH] Change authentication method for Mellanox sdn controller

Change sdn authentication from basic(username, password) to token
authentication, deprecate username and password and add a new
parameter token

Depends-on: https://review.opendev.org/814557
Change-Id: Ie8b347a4705045dfa0363284ec41e9e519ec19f9
---
 .../plugins/ml2/mellanox/mlnx_sdn_assist.pp   | 47 ++++++++++++++-----
 .../add_token_auth-daa888e87da725da.yaml      | 13 +++++
 ...eutron_plugins_ml2_mlnx_sdn_assist_spec.rb |  6 +--
 3 files changed, 49 insertions(+), 17 deletions(-)
 create mode 100644 releasenotes/notes/add_token_auth-daa888e87da725da.yaml

diff --git a/manifests/plugins/ml2/mellanox/mlnx_sdn_assist.pp b/manifests/plugins/ml2/mellanox/mlnx_sdn_assist.pp
index 1d2a5ad8a..6b42fd949 100644
--- a/manifests/plugins/ml2/mellanox/mlnx_sdn_assist.pp
+++ b/manifests/plugins/ml2/mellanox/mlnx_sdn_assist.pp
@@ -4,20 +4,15 @@
 #
 # === Parameters
 #
-# [*sdn_username*]
-# (optional) The Mellanox controller username
+# [*sdn_token*]
+# (optional) The Mellanox controller token
 # Defaults to $::os_service_default
-# Example: 'admin'
-#
-# [*sdn_password*]
-# (optional) The Mellanox controller password
-# Defaults to $::os_service_default
-# Example: 'admin'
+# Example: 'abcdef'
 #
 # [*sdn_url*]
 # (optional) The Mellanox controller neutron URL
 # Defaults to $::os_service_default
-# Example: 'http://127.0.0.1/neo'
+# Example: 'http://127.0.0.1/ufmRestV3/'
 #
 # [*sdn_domain*]
 # (optional) The Mellanox controller domain
@@ -41,22 +36,48 @@
 # The list must be a subset of physical_networks
 # Defaults to []
 #
+# DEPRECATED PARAMETERS
+#
+# [*sdn_username*]
+# (optional) The Mellanox controller username
+# Defaults to undef.
+#
+# [*sdn_password*]
+# (optional) The Mellanox controller password
+# Defaults to undef.
+#
 class neutron::plugins::ml2::mellanox::mlnx_sdn_assist (
-  $sdn_username = $::os_service_default,
-  $sdn_password = $::os_service_default,
+  $sdn_token    = $::os_service_default,
   $sdn_url      = $::os_service_default,
   $sdn_domain   = $::os_service_default,
   $sync_enabled                 = true,
   $bind_normal_ports            = false,
   $bind_normal_ports_physnets   = [],
+  # DEPRECATED PARAMETERS
+  $sdn_username = undef,
+  $sdn_password = undef,
 ) {
 
   include neutron::deps
   require neutron::plugins::ml2
 
+  if $sdn_username != undef {
+    warning('neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sdn_username is now deprecated \
+and has no effect.')
+  }
+
+  if $sdn_password != undef {
+    warning('neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sdn_password is now deprecated \
+and has no effect.')
+  }
+
   neutron_plugin_ml2 {
-    'sdn/username': value => $sdn_username;
-    'sdn/password': value => $sdn_password, secret => true;
+    'sdn/username':  ensure => absent;
+    'sdn/password ': ensure => absent;
+  }
+
+  neutron_plugin_ml2 {
+    'sdn/token':    value => $sdn_token, secret => true;
     'sdn/url':      value => $sdn_url;
     'sdn/domain':   value => $sdn_domain;
     'sdn/sync_enabled':                 value => $sync_enabled;
diff --git a/releasenotes/notes/add_token_auth-daa888e87da725da.yaml b/releasenotes/notes/add_token_auth-daa888e87da725da.yaml
new file mode 100644
index 000000000..dc8ffc874
--- /dev/null
+++ b/releasenotes/notes/add_token_auth-daa888e87da725da.yaml
@@ -0,0 +1,13 @@
+---
+features:
+  - The new ``sdn_token`` parameter to authenticate sdn has been added to
+    the ``neutron::plugins::ml2::mellanox::mlnx_sdn_assist`` class.
+
+deprecations:
+  - |
+    The following two parameters of
+    the ``neutron::plugins::ml2::mellanox::mlnx_sdn_assist`` class have been
+    deprecated and have no effect now.
+
+    - ``sdn_username``
+    - ``sdn_password``
diff --git a/spec/classes/neutron_plugins_ml2_mlnx_sdn_assist_spec.rb b/spec/classes/neutron_plugins_ml2_mlnx_sdn_assist_spec.rb
index 121f18172..729597079 100644
--- a/spec/classes/neutron_plugins_ml2_mlnx_sdn_assist_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_mlnx_sdn_assist_spec.rb
@@ -19,8 +19,7 @@ describe 'neutron::plugins::ml2::mellanox::mlnx_sdn_assist' do
 
   let :params do
     {
-      :sdn_username => 'user',
-      :sdn_password => 'password',
+      :sdn_token => 'token',
     }
   end
 
@@ -30,8 +29,7 @@ describe 'neutron::plugins::ml2::mellanox::mlnx_sdn_assist' do
     end
 
     it 'configures sdn settings' do
-      should contain_neutron_plugin_ml2('sdn/password').with_value(params[:sdn_password]).with_secret(true)
-      should contain_neutron_plugin_ml2('sdn/username').with_value(params[:sdn_username])
+      should contain_neutron_plugin_ml2('sdn/token').with_value(params[:sdn_token]).with_secret(true)
       should contain_neutron_plugin_ml2('sdn/url').with_value(params[:sdn_url])
       should contain_neutron_plugin_ml2('sdn/sync_enabled').with_value('true')
       should contain_neutron_plugin_ml2('sdn/bind_normal_ports').with_value('false')