Stop reading keystone_authtoken options

Using credentials in keystone_authtoken options for neutron_* resources was deprecated some cycles ago[1]. [1] 46d6900522 Change-Id: Ifbec239a21dfd84991164877594f110fc01b0688
2023-11-16 15:02:36 +09:00 · 2023-11-16 15:02:36 +09:00 · e1ef491c24
commit e1ef491c24
parent c69ceb7faf
3 changed files with 12 additions and 157 deletions
--- a/lib/puppet/provider/neutron.rb
+++ b/lib/puppet/provider/neutron.rb
@ -1,8 +1,3 @@
 # Add openstacklib code to $LOAD_PATH so that we can load this during
 # standalone compiles without error.
 File.expand_path('../../../../openstacklib/lib', File.dirname(__FILE__)).tap { |dir| $LOAD_PATH.unshift(dir) unless $LOAD_PATH.include?(dir) }
 require 'puppet/util/inifile'
 require 'puppet/provider/openstack'
 require 'puppet/provider/openstack/auth'
 require 'puppet/provider/openstack/credentials'
@ -13,97 +8,6 @@ class Puppet::Provider::Neutron < Puppet::Provider::Openstack
  initvars
  def self.request(service, action, properties=nil)
    begin
      super
    rescue Puppet::Error::OpenstackAuthInputError => error
      neutron_request(service, action, error, properties)
    end
  end
  def self.neutron_request(service, action, error, properties=nil)
    warning('Usage of keystone_authtoken parameters is deprecated.')
    properties ||= []
    @credentials.username = neutron_credentials['username']
    @credentials.password = neutron_credentials['password']
    @credentials.project_name = neutron_credentials['project_name']
    @credentials.auth_url = auth_endpoint
    @credentials.user_domain_name = neutron_credentials['user_domain_name']
    @credentials.project_domain_name = neutron_credentials['project_domain_name']
    if neutron_credentials['region_name']
      @credentials.region_name = neutron_credentials['region_name']
    end
    raise error unless @credentials.set?
    Puppet::Provider::Openstack.request(service, action, properties, @credentials)
  end
  def self.conf_filename
    '/etc/neutron/neutron.conf'
  end
  def self.neutron_conf
    return @neutron_conf if @neutron_conf
    @neutron_conf = Puppet::Util::IniConfig::File.new
    @neutron_conf.read(conf_filename)
    @neutron_conf
  end
  def self.neutron_credentials
    @neutron_credentials ||= get_neutron_credentials
  end
  def neutron_credentials
    self.class.neutron_credentials
  end
  def self.get_neutron_credentials
    #needed keys for authentication
    auth_keys = ['auth_url', 'project_name', 'username', 'password']
    conf = neutron_conf
    if conf and conf['keystone_authtoken'] and
        auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?}
      creds = Hash[ auth_keys.map \
                   { |k| [k, conf['keystone_authtoken'][k].strip] } ]
      if !conf['keystone_authtoken']['region_name'].nil?
        creds['region_name'] = conf['keystone_authtoken']['region_name'].strip
      end
      if !conf['keystone_authtoken']['project_domain_name'].nil?
        creds['project_domain_name'] = conf['keystone_authtoken']['project_domain_name'].strip
      else
        creds['project_domain_name'] = 'Default'
      end
      if !conf['keystone_authtoken']['user_domain_name'].nil?
        creds['user_domain_name'] = conf['keystone_authtoken']['user_domain_name'].strip
      else
        creds['user_domain_name'] = 'Default'
      end
      return creds
    else
      raise(Puppet::Error, "File: #{conf_filename} does not contain all " +
            "required sections.  Neutron types will not work if neutron is not " +
            "correctly configured.")
    end
  end
  def self.get_auth_endpoint
    q = neutron_credentials
    "#{q['auth_url']}"
  end
  def self.auth_endpoint
    @auth_endpoint ||= get_auth_endpoint
  end
  def self.reset
    @neutron_conf        = nil
    @neutron_credentials = nil
    @auth_endpoint       = nil
  end
  def self.get_network_name(id)
    network = self.request('network', 'show', [id])
    return network[:name]
--- a/releasenotes/notes/stop-reading-authtoken-opts-0d90c7414c95017f.yaml
+++ b/releasenotes/notes/stop-reading-authtoken-opts-0d90c7414c95017f.yaml
@ -0,0 +1,12 @@
 ---
 upgrade:
  - |
    The following resource types no longer attempts to load user credentials
    from the ``[keystone_authtoken]`` section in ``neutron.conf``.
    - ``neutron_network``
    - ``neutron_subnet``
    - ``neutron_port``
    - ``neutron_router``
    - ``neutron_router_interface``
    - ``neutron_security_group``
--- a/spec/unit/provider/neutron_spec.rb
+++ b/spec/unit/provider/neutron_spec.rb
@ -1,61 +0,0 @@
 require 'puppet'
 require 'spec_helper'
 require 'puppet/provider/neutron'
 require 'tempfile'
 describe Puppet::Provider::Neutron do
  def klass
    described_class
  end
  let :credential_hash do
    {
      'project_name'        => 'admin_tenant',
      'username'            => 'admin',
      'password'            => 'password',
      'auth_url'            => 'https://192.168.56.210:5000/v3/',
      'project_domain_name' => 'Default',
      'user_domain_name'    => 'Default',
    }
  end
  let :credential_error do
    /Neutron types will not work/
  end
  let :exec_error do
    /Neutron or Keystone API is not available/
  end
  after :each do
    klass.reset
  end
  describe 'when determining credentials' do
    it 'should fail if config is empty' do
      conf = {}
      expect(klass).to receive(:neutron_conf).and_return(conf)
      expect do
        klass.neutron_credentials
      end.to raise_error(Puppet::Error, credential_error)
    end
    it 'should fail if config does not have keystone_authtoken section.' do
      conf = {'foo' => 'bar'}
      expect(klass).to receive(:neutron_conf).and_return(conf)
      expect do
        klass.neutron_credentials
      end.to raise_error(Puppet::Error, credential_error)
    end
    it 'should fail if config does not contain all auth params' do
      conf = {'keystone_authtoken' => {'invalid_value' => 'foo'}}
      expect(klass).to receive(:neutron_conf).and_return(conf)
      expect do
       klass.neutron_credentials
      end.to raise_error(Puppet::Error, credential_error)
    end
  end
 end