From 20d93c4148c3d5082315263e7754267f50cb46bd Mon Sep 17 00:00:00 2001
From: ZhongShengping <chdzsp@163.com>
Date: Tue, 3 Apr 2018 16:55:03 +0800
Subject: [PATCH] Deprecate auth_uri option

Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.

[1]https://review.openstack.org/#/c/508522/

Change-Id: I0dd36ef1f1f5dcdc57413736ecb8f2555712c36d
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
---
 lib/puppet/provider/nova.rb                   |  4 ++--
 lib/puppet/type/nova_aggregate.rb             |  2 +-
 lib/puppet/type/nova_flavor.rb                |  2 +-
 manifests/api.pp                              |  3 ++-
 manifests/keystone/authtoken.pp               | 19 ++++++++++++++++---
 manifests/metadata/novajoin/authtoken.pp      | 19 ++++++++++++++++---
 ...e_auth_uri_parameter-82edf8271e3c276f.yaml |  6 ++++++
 spec/classes/nova_keystone_authtoken_spec.rb  |  6 +++---
 .../nova_metadata_novajoin_authtoken_spec.rb  |  6 +++---
 spec/unit/provider/nova_spec.rb               | 10 +++++-----
 10 files changed, 55 insertions(+), 22 deletions(-)
 create mode 100644 releasenotes/notes/deprecate_auth_uri_parameter-82edf8271e3c276f.yaml

diff --git a/lib/puppet/provider/nova.rb b/lib/puppet/provider/nova.rb
index bb5f3216a..f5aaf93cc 100644
--- a/lib/puppet/provider/nova.rb
+++ b/lib/puppet/provider/nova.rb
@@ -82,7 +82,7 @@ class Puppet::Provider::Nova < Puppet::Provider::Openstack
 
   def self.get_nova_credentials
     #needed keys for authentication
-    auth_keys = ['auth_uri', 'project_name', 'username', 'password']
+    auth_keys = ['www_authenticate_uri', 'project_name', 'username', 'password']
     conf = nova_conf
     if conf and conf['keystone_authtoken'] and
         auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?}
@@ -111,7 +111,7 @@ class Puppet::Provider::Nova < Puppet::Provider::Openstack
 
   def self.get_auth_endpoint
     q = nova_credentials
-    "#{q['auth_uri']}"
+    "#{q['www_authenticate_uri']}"
   end
 
   def self.auth_endpoint
diff --git a/lib/puppet/type/nova_aggregate.rb b/lib/puppet/type/nova_aggregate.rb
index 0427be571..8196ed259 100644
--- a/lib/puppet/type/nova_aggregate.rb
+++ b/lib/puppet/type/nova_aggregate.rb
@@ -50,7 +50,7 @@ Puppet::Type.newtype(:nova_aggregate) do
   ensurable
 
   autorequire(:nova_config) do
-    ['auth_uri', 'project_name', 'username', 'password']
+    ['www_authenticate_uri', 'project_name', 'username', 'password']
   end
 
   newparam(:name, :namevar => true) do
diff --git a/lib/puppet/type/nova_flavor.rb b/lib/puppet/type/nova_flavor.rb
index 85fa3d667..4c91578e8 100644
--- a/lib/puppet/type/nova_flavor.rb
+++ b/lib/puppet/type/nova_flavor.rb
@@ -56,7 +56,7 @@ Puppet::Type.newtype(:nova_flavor) do
   ensurable
 
   autorequire(:nova_config) do
-    ['auth_uri', 'project_name', 'username', 'password']
+    ['www_authenticate_uri', 'project_name', 'username', 'password']
   end
 
   # Require the nova-api service to be running
diff --git a/manifests/api.pp b/manifests/api.pp
index c1a5ecf25..607e9d45a 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -552,7 +552,8 @@ as a standalone service, or httpd for being run by a httpd server")
     #Admin tenant name real
     $atnr = $::nova::keystone::authtoken::project_name
     #Keystone Auth URI
-    $kau = $::nova::keystone::authtoken::auth_uri
+    # TODO(tobasco): Remove pick when auth_uri is removed.
+    $kau = pick($::nova::keystone::authtoken::auth_uri, $::nova::keystone::authtoken::www_authenticate_uri)
     $defaults = {
       'nova-api' => {
         'command'  => "nova --os-auth-url ${kau} --os-project-name ${atnr} --os-username ${aur} --os-password ${apr} flavor-list",
diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp
index abe195e1b..05db3786c 100644
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@@ -42,7 +42,7 @@
 #   (Optional) Authentication type to load
 #   Defaults to $::os_service_default
 #
-# [*auth_uri*]
+# [*www_authenticate_uri*]
 #   (Optional) Complete public Identity API endpoint.
 #   Defaults to 'http://127.0.0.1:5000/'.
 #
@@ -178,6 +178,12 @@
 #   (in seconds). Set to -1 to disable caching completely. Integer value
 #   Defaults to $::os_service_default.
 #
+# DEPRECATED PARAMETERS
+#
+# [*auth_uri*]
+#   (Optional) Complete public Identity API endpoint.
+#   Defaults to undef
+#
 class nova::keystone::authtoken(
   $username                       = 'nova',
   $password                       = $::os_service_default,
@@ -188,7 +194,7 @@ class nova::keystone::authtoken(
   $insecure                       = $::os_service_default,
   $auth_section                   = $::os_service_default,
   $auth_type                      = 'password',
-  $auth_uri                       = 'http://127.0.0.1:5000/',
+  $www_authenticate_uri           = 'http://127.0.0.1:5000/',
   $auth_version                   = $::os_service_default,
   $cache                          = $::os_service_default,
   $cafile                         = $::os_service_default,
@@ -213,6 +219,8 @@ class nova::keystone::authtoken(
   $manage_memcache_package        = false,
   $region_name                    = $::os_service_default,
   $token_cache_time               = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $auth_uri                       = undef,
 ) {
 
   include ::nova::deps
@@ -221,12 +229,17 @@ class nova::keystone::authtoken(
     fail('Please set password for nova service user')
   }
 
+  if $auth_uri {
+    warning('The auth_uri parameter is deprecated. Please use www_authenticate_uri instead.')
+  }
+  $www_authenticate_uri_real = pick($auth_uri, $www_authenticate_uri)
+
   keystone::resource::authtoken { 'nova_config':
     username                       => $username,
     password                       => $password,
     project_name                   => $project_name,
     auth_url                       => $auth_url,
-    auth_uri                       => $auth_uri,
+    www_authenticate_uri           => $www_authenticate_uri_real,
     auth_version                   => $auth_version,
     auth_type                      => $auth_type,
     auth_section                   => $auth_section,
diff --git a/manifests/metadata/novajoin/authtoken.pp b/manifests/metadata/novajoin/authtoken.pp
index 267fb5b29..88a4585ba 100644
--- a/manifests/metadata/novajoin/authtoken.pp
+++ b/manifests/metadata/novajoin/authtoken.pp
@@ -42,7 +42,7 @@
 #   (Optional) Authentication type to load
 #   Defaults to $::os_service_default
 #
-# [*auth_uri*]
+# [*www_authenticate_uri*]
 #   (Optional) Complete public Identity API endpoint.
 #   Defaults to 'http://127.0.0.1:5000/'.
 #
@@ -178,6 +178,12 @@
 #   (in seconds). Set to -1 to disable caching completely. Integer value
 #   Defaults to $::os_service_default.
 #
+# DEPRECATED PARAMETERS
+#
+# [*auth_uri*]
+#   (Optional) Complete public Identity API endpoint.
+#   Defaults to undef
+#
 class nova::metadata::novajoin::authtoken(
   $username                       = 'novajoin',
   $password                       = $::os_service_default,
@@ -188,7 +194,7 @@ class nova::metadata::novajoin::authtoken(
   $insecure                       = $::os_service_default,
   $auth_section                   = $::os_service_default,
   $auth_type                      = 'password',
-  $auth_uri                       = 'http://127.0.0.1:5000/',
+  $www_authenticate_uri           = 'http://127.0.0.1:5000/',
   $auth_version                   = $::os_service_default,
   $cache                          = $::os_service_default,
   $cafile                         = $::os_service_default,
@@ -213,18 +219,25 @@ class nova::metadata::novajoin::authtoken(
   $manage_memcache_package        = false,
   $region_name                    = $::os_service_default,
   $token_cache_time               = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $auth_uri                       = undef,
 ) {
 
   if is_service_default($password) {
     fail('Please set password for novajoin service user')
   }
 
+  if $auth_uri {
+    warning('The auth_uri parameter is deprecated. Please use www_authenticate_uri instead.')
+  }
+  $www_authenticate_uri_real = pick($auth_uri, $www_authenticate_uri)
+
   keystone::resource::authtoken { 'novajoin_config':
     username                       => $username,
     password                       => $password,
     project_name                   => $project_name,
     auth_url                       => $auth_url,
-    auth_uri                       => $auth_uri,
+    www_authenticate_uri           => $www_authenticate_uri_real,
     auth_version                   => $auth_version,
     auth_type                      => $auth_type,
     auth_section                   => $auth_section,
diff --git a/releasenotes/notes/deprecate_auth_uri_parameter-82edf8271e3c276f.yaml b/releasenotes/notes/deprecate_auth_uri_parameter-82edf8271e3c276f.yaml
new file mode 100644
index 000000000..df99d16a1
--- /dev/null
+++ b/releasenotes/notes/deprecate_auth_uri_parameter-82edf8271e3c276f.yaml
@@ -0,0 +1,6 @@
+---
+deprecations:
+  - nova::keystone::authtoken::auth_uri is deprecated and will be removed in a future release.
+    Please use www_authenticate_uri instead.
+  - nova::metadata::novajoin::authtoken::auth_uri is deprecated and will be removed in a future release.
+    Please use www_authenticate_uri instead.
diff --git a/spec/classes/nova_keystone_authtoken_spec.rb b/spec/classes/nova_keystone_authtoken_spec.rb
index ee443ae19..d889209bd 100644
--- a/spec/classes/nova_keystone_authtoken_spec.rb
+++ b/spec/classes/nova_keystone_authtoken_spec.rb
@@ -20,7 +20,7 @@ describe 'nova::keystone::authtoken' do
         is_expected.to contain_nova_config('keystone_authtoken/insecure').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_nova_config('keystone_authtoken/auth_section').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_nova_config('keystone_authtoken/auth_type').with_value('password')
-        is_expected.to contain_nova_config('keystone_authtoken/auth_uri').with_value('http://127.0.0.1:5000/')
+        is_expected.to contain_nova_config('keystone_authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000/')
         is_expected.to contain_nova_config('keystone_authtoken/auth_version').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_nova_config('keystone_authtoken/cache').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_nova_config('keystone_authtoken/cafile').with_value('<SERVICE DEFAULT>')
@@ -50,7 +50,7 @@ describe 'nova::keystone::authtoken' do
     context 'when overriding parameters' do
       before do
         params.merge!({
-          :auth_uri                             => 'https://10.0.0.1:9999/',
+          :www_authenticate_uri                 => 'https://10.0.0.1:9999/',
           :username                             => 'myuser',
           :password                             => 'mypasswd',
           :auth_url                             => 'http://:127.0.0.1:35357',
@@ -90,7 +90,7 @@ describe 'nova::keystone::authtoken' do
       end
 
       it 'configure keystone_authtoken' do
-        is_expected.to contain_nova_config('keystone_authtoken/auth_uri').with_value('https://10.0.0.1:9999/') 
+        is_expected.to contain_nova_config('keystone_authtoken/www_authenticate_uri').with_value('https://10.0.0.1:9999/') 
         is_expected.to contain_nova_config('keystone_authtoken/username').with_value(params[:username])
         is_expected.to contain_nova_config('keystone_authtoken/password').with_value(params[:password]).with_secret(true)
         is_expected.to contain_nova_config('keystone_authtoken/auth_url').with_value(params[:auth_url])
diff --git a/spec/classes/nova_metadata_novajoin_authtoken_spec.rb b/spec/classes/nova_metadata_novajoin_authtoken_spec.rb
index b6093d365..10f16adee 100644
--- a/spec/classes/nova_metadata_novajoin_authtoken_spec.rb
+++ b/spec/classes/nova_metadata_novajoin_authtoken_spec.rb
@@ -20,7 +20,7 @@ describe 'nova::metadata::novajoin::authtoken' do
         is_expected.to contain_novajoin_config('keystone_authtoken/insecure').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_novajoin_config('keystone_authtoken/auth_section').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_novajoin_config('keystone_authtoken/auth_type').with_value('password')
-        is_expected.to contain_novajoin_config('keystone_authtoken/auth_uri').with_value('http://127.0.0.1:5000/')
+        is_expected.to contain_novajoin_config('keystone_authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000/')
         is_expected.to contain_novajoin_config('keystone_authtoken/auth_version').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_novajoin_config('keystone_authtoken/cache').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_novajoin_config('keystone_authtoken/cafile').with_value('<SERVICE DEFAULT>')
@@ -50,7 +50,7 @@ describe 'nova::metadata::novajoin::authtoken' do
     context 'when overriding parameters' do
       before do
         params.merge!({
-          :auth_uri                             => 'https://10.0.0.1:9999/',
+          :www_authenticate_uri                 => 'https://10.0.0.1:9999/',
           :username                             => 'myuser',
           :password                             => 'mypasswd',
           :auth_url                             => 'http://:127.0.0.1:35357',
@@ -90,7 +90,7 @@ describe 'nova::metadata::novajoin::authtoken' do
       end
 
       it 'configure keystone_authtoken' do
-        is_expected.to contain_novajoin_config('keystone_authtoken/auth_uri').with_value('https://10.0.0.1:9999/')
+        is_expected.to contain_novajoin_config('keystone_authtoken/www_authenticate_uri').with_value('https://10.0.0.1:9999/')
         is_expected.to contain_novajoin_config('keystone_authtoken/username').with_value(params[:username])
         is_expected.to contain_novajoin_config('keystone_authtoken/password').with_value(params[:password]).with_secret(true)
         is_expected.to contain_novajoin_config('keystone_authtoken/auth_url').with_value(params[:auth_url])
diff --git a/spec/unit/provider/nova_spec.rb b/spec/unit/provider/nova_spec.rb
index d370576cb..68a3aa252 100644
--- a/spec/unit/provider/nova_spec.rb
+++ b/spec/unit/provider/nova_spec.rb
@@ -11,11 +11,11 @@ describe Puppet::Provider::Nova do
 
   let :credential_hash do
     {
-      'auth_uri'     => 'https://192.168.56.210:35357/v2.0/',
-      'project_name' => 'admin_tenant',
-      'username'     => 'admin',
-      'password'     => 'password',
-      'region_name'  => 'Region1',
+      'www_authenticate_uri' => 'https://192.168.56.210:35357/v2.0/',
+      'project_name'         => 'admin_tenant',
+      'username'             => 'admin',
+      'password'             => 'password',
+      'region_name'          => 'Region1',
     }
   end