Stop reading keystone_authtoken options
Using credentials in keystone_authtoken options for neutron_* resources was deprecated some cycles ago[1]. [1] 46d690052234a3e6a47116f924cb74bc72e0a8ea Change-Id: Ifbec239a21dfd84991164877594f110fc01b0688
This commit is contained in:
parent
c69ceb7faf
commit
e1ef491c24
@ -1,8 +1,3 @@
|
|||||||
# Add openstacklib code to $LOAD_PATH so that we can load this during
|
|
||||||
# standalone compiles without error.
|
|
||||||
File.expand_path('../../../../openstacklib/lib', File.dirname(__FILE__)).tap { |dir| $LOAD_PATH.unshift(dir) unless $LOAD_PATH.include?(dir) }
|
|
||||||
|
|
||||||
require 'puppet/util/inifile'
|
|
||||||
require 'puppet/provider/openstack'
|
require 'puppet/provider/openstack'
|
||||||
require 'puppet/provider/openstack/auth'
|
require 'puppet/provider/openstack/auth'
|
||||||
require 'puppet/provider/openstack/credentials'
|
require 'puppet/provider/openstack/credentials'
|
||||||
@ -13,97 +8,6 @@ class Puppet::Provider::Neutron < Puppet::Provider::Openstack
|
|||||||
|
|
||||||
initvars
|
initvars
|
||||||
|
|
||||||
def self.request(service, action, properties=nil)
|
|
||||||
begin
|
|
||||||
super
|
|
||||||
rescue Puppet::Error::OpenstackAuthInputError => error
|
|
||||||
neutron_request(service, action, error, properties)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.neutron_request(service, action, error, properties=nil)
|
|
||||||
warning('Usage of keystone_authtoken parameters is deprecated.')
|
|
||||||
properties ||= []
|
|
||||||
@credentials.username = neutron_credentials['username']
|
|
||||||
@credentials.password = neutron_credentials['password']
|
|
||||||
@credentials.project_name = neutron_credentials['project_name']
|
|
||||||
@credentials.auth_url = auth_endpoint
|
|
||||||
@credentials.user_domain_name = neutron_credentials['user_domain_name']
|
|
||||||
@credentials.project_domain_name = neutron_credentials['project_domain_name']
|
|
||||||
if neutron_credentials['region_name']
|
|
||||||
@credentials.region_name = neutron_credentials['region_name']
|
|
||||||
end
|
|
||||||
raise error unless @credentials.set?
|
|
||||||
Puppet::Provider::Openstack.request(service, action, properties, @credentials)
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.conf_filename
|
|
||||||
'/etc/neutron/neutron.conf'
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.neutron_conf
|
|
||||||
return @neutron_conf if @neutron_conf
|
|
||||||
@neutron_conf = Puppet::Util::IniConfig::File.new
|
|
||||||
@neutron_conf.read(conf_filename)
|
|
||||||
@neutron_conf
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.neutron_credentials
|
|
||||||
@neutron_credentials ||= get_neutron_credentials
|
|
||||||
end
|
|
||||||
|
|
||||||
def neutron_credentials
|
|
||||||
self.class.neutron_credentials
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.get_neutron_credentials
|
|
||||||
#needed keys for authentication
|
|
||||||
auth_keys = ['auth_url', 'project_name', 'username', 'password']
|
|
||||||
conf = neutron_conf
|
|
||||||
if conf and conf['keystone_authtoken'] and
|
|
||||||
auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?}
|
|
||||||
creds = Hash[ auth_keys.map \
|
|
||||||
{ |k| [k, conf['keystone_authtoken'][k].strip] } ]
|
|
||||||
|
|
||||||
if !conf['keystone_authtoken']['region_name'].nil?
|
|
||||||
creds['region_name'] = conf['keystone_authtoken']['region_name'].strip
|
|
||||||
end
|
|
||||||
|
|
||||||
if !conf['keystone_authtoken']['project_domain_name'].nil?
|
|
||||||
creds['project_domain_name'] = conf['keystone_authtoken']['project_domain_name'].strip
|
|
||||||
else
|
|
||||||
creds['project_domain_name'] = 'Default'
|
|
||||||
end
|
|
||||||
|
|
||||||
if !conf['keystone_authtoken']['user_domain_name'].nil?
|
|
||||||
creds['user_domain_name'] = conf['keystone_authtoken']['user_domain_name'].strip
|
|
||||||
else
|
|
||||||
creds['user_domain_name'] = 'Default'
|
|
||||||
end
|
|
||||||
|
|
||||||
return creds
|
|
||||||
else
|
|
||||||
raise(Puppet::Error, "File: #{conf_filename} does not contain all " +
|
|
||||||
"required sections. Neutron types will not work if neutron is not " +
|
|
||||||
"correctly configured.")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.get_auth_endpoint
|
|
||||||
q = neutron_credentials
|
|
||||||
"#{q['auth_url']}"
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.auth_endpoint
|
|
||||||
@auth_endpoint ||= get_auth_endpoint
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.reset
|
|
||||||
@neutron_conf = nil
|
|
||||||
@neutron_credentials = nil
|
|
||||||
@auth_endpoint = nil
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.get_network_name(id)
|
def self.get_network_name(id)
|
||||||
network = self.request('network', 'show', [id])
|
network = self.request('network', 'show', [id])
|
||||||
return network[:name]
|
return network[:name]
|
||||||
|
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The following resource types no longer attempts to load user credentials
|
||||||
|
from the ``[keystone_authtoken]`` section in ``neutron.conf``.
|
||||||
|
|
||||||
|
- ``neutron_network``
|
||||||
|
- ``neutron_subnet``
|
||||||
|
- ``neutron_port``
|
||||||
|
- ``neutron_router``
|
||||||
|
- ``neutron_router_interface``
|
||||||
|
- ``neutron_security_group``
|
@ -1,61 +0,0 @@
|
|||||||
require 'puppet'
|
|
||||||
require 'spec_helper'
|
|
||||||
require 'puppet/provider/neutron'
|
|
||||||
require 'tempfile'
|
|
||||||
|
|
||||||
describe Puppet::Provider::Neutron do
|
|
||||||
|
|
||||||
def klass
|
|
||||||
described_class
|
|
||||||
end
|
|
||||||
|
|
||||||
let :credential_hash do
|
|
||||||
{
|
|
||||||
'project_name' => 'admin_tenant',
|
|
||||||
'username' => 'admin',
|
|
||||||
'password' => 'password',
|
|
||||||
'auth_url' => 'https://192.168.56.210:5000/v3/',
|
|
||||||
'project_domain_name' => 'Default',
|
|
||||||
'user_domain_name' => 'Default',
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
let :credential_error do
|
|
||||||
/Neutron types will not work/
|
|
||||||
end
|
|
||||||
|
|
||||||
let :exec_error do
|
|
||||||
/Neutron or Keystone API is not available/
|
|
||||||
end
|
|
||||||
|
|
||||||
after :each do
|
|
||||||
klass.reset
|
|
||||||
end
|
|
||||||
|
|
||||||
describe 'when determining credentials' do
|
|
||||||
|
|
||||||
it 'should fail if config is empty' do
|
|
||||||
conf = {}
|
|
||||||
expect(klass).to receive(:neutron_conf).and_return(conf)
|
|
||||||
expect do
|
|
||||||
klass.neutron_credentials
|
|
||||||
end.to raise_error(Puppet::Error, credential_error)
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should fail if config does not have keystone_authtoken section.' do
|
|
||||||
conf = {'foo' => 'bar'}
|
|
||||||
expect(klass).to receive(:neutron_conf).and_return(conf)
|
|
||||||
expect do
|
|
||||||
klass.neutron_credentials
|
|
||||||
end.to raise_error(Puppet::Error, credential_error)
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should fail if config does not contain all auth params' do
|
|
||||||
conf = {'keystone_authtoken' => {'invalid_value' => 'foo'}}
|
|
||||||
expect(klass).to receive(:neutron_conf).and_return(conf)
|
|
||||||
expect do
|
|
||||||
klass.neutron_credentials
|
|
||||||
end.to raise_error(Puppet::Error, credential_error)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
Loading…
x
Reference in New Issue
Block a user