Use a 'params' hash for authtoken parameters

Currently adding a new authtoken parameter requires changes in nearly 30 different puppet projects. For options without defaults, defining these individually in each puppet-* project doesn't appear to add any value since validation is already happening in the keystone::resource::authtoken class. This change adds a params parameter which is a hash of options to pass through to the authtoken resource. The individual params are still used as defaults, but any keys set in the params hash override them. I propose deprecating these individual parameters in a future commit. Depends-On: https://review.opendev.org/#/c/743858/ Change-Id: I695834ac03a52d8569e50db600676a89e165491d
2020-07-30 11:29:36 +10:00 · 2020-07-30 11:29:36 +10:00 · 5c38281e1b
parent c1d92c4c74
commit 5c38281e1b
4 changed files with 75 additions and 48 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -352,19 +352,22 @@ as a standalone service, or httpd for being run by a httpd server")
  }

  if $validate {
-    #Shrinking the variables names in favor of not
-    #having more than 140 chars per line
-    #Admin user real
-    $aur = $::nova::keystone::authtoken::username
-    #Admin password real
-    $apr = $::nova::keystone::authtoken::password
-    #Admin tenant name real
-    $atnr = $::nova::keystone::authtoken::project_name
-    #Keystone Auth URI
-    $kau = $::nova::keystone::authtoken::www_authenticate_uri
+    $authtoken_values = {
+      'username' => $::nova::keystone::authtoken::username,
+      'password' => $::nova::keystone::authtoken::password,
+      'project_name' => $::nova::keystone::authtoken::project_name,
+      'www_authenticate_uri' => $::nova::keystone::authtoken::www_authenticate_uri,
+    }
+    $authtoken = merge($authtoken_values, $::nova::keystone::authtoken::params)
    $defaults = {
      'nova-api' => {
-        'command'  => "nova --os-auth-url ${kau} --os-project-name ${atnr} --os-username ${aur} --os-password ${apr} flavor-list",
+        'command'  => @("CMD"/L)
+          nova --os-auth-url ${authtoken['www_authenticate_uri']} \
+          --os-project-name ${authtoken['project_name']} \
+          --os-username ${authtoken['username']} \
+          --os-password ${authtoken['password']} \
+          flavor-list
+          |- CMD
      }
    }
    $validation_options_hash = merge ($defaults, $validation_options)
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@ -182,6 +182,10 @@
 #  "public", "internal" or "admin".
 #  Defaults to $::os_service_default.
 #
+# [*params*]
+#  (Optional) Hash of additional parameters to pass through to the keystone
+#  authtoken class. Values set here override the individual parameters above.
+#
 class nova::keystone::authtoken(
  $username                       = 'nova',
  $password                       = $::os_service_default,
@ -218,6 +222,7 @@ class nova::keystone::authtoken(
  $service_token_roles            = $::os_service_default,
  $service_token_roles_required   = $::os_service_default,
  $interface                      = $::os_service_default,
+  $params                         = {},
 ) {

  include nova::deps
@ -226,41 +231,44 @@ class nova::keystone::authtoken(
    fail('Please set password for nova service user')
  }

-  keystone::resource::authtoken { 'nova_config':
-    username                       => $username,
-    password                       => $password,
-    project_name                   => $project_name,
-    auth_url                       => $auth_url,
-    www_authenticate_uri           => $www_authenticate_uri,
-    auth_version                   => $auth_version,
-    auth_type                      => $auth_type,
-    auth_section                   => $auth_section,
-    user_domain_name               => $user_domain_name,
-    project_domain_name            => $project_domain_name,
-    insecure                       => $insecure,
-    cache                          => $cache,
-    cafile                         => $cafile,
-    certfile                       => $certfile,
-    delay_auth_decision            => $delay_auth_decision,
-    enforce_token_bind             => $enforce_token_bind,
-    http_connect_timeout           => $http_connect_timeout,
-    http_request_max_retries       => $http_request_max_retries,
-    include_service_catalog        => $include_service_catalog,
-    keyfile                        => $keyfile,
-    memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
-    memcache_pool_dead_retry       => $memcache_pool_dead_retry,
-    memcache_pool_maxsize          => $memcache_pool_maxsize,
-    memcache_pool_socket_timeout   => $memcache_pool_socket_timeout,
-    memcache_secret_key            => $memcache_secret_key,
-    memcache_security_strategy     => $memcache_security_strategy,
-    memcache_use_advanced_pool     => $memcache_use_advanced_pool,
-    memcache_pool_unused_timeout   => $memcache_pool_unused_timeout,
-    memcached_servers              => $memcached_servers,
-    manage_memcache_package        => $manage_memcache_package,
-    region_name                    => $region_name,
-    token_cache_time               => $token_cache_time,
-    service_token_roles            => $service_token_roles,
-    service_token_roles_required   => $service_token_roles_required,
-    interface                      => $interface,
+  keystone::resource::authtoken {
+    'nova_config':
+      *                              => $params;
+    default:
+      username                       => $username,
+      password                       => $password,
+      project_name                   => $project_name,
+      auth_url                       => $auth_url,
+      www_authenticate_uri           => $www_authenticate_uri,
+      auth_version                   => $auth_version,
+      auth_type                      => $auth_type,
+      auth_section                   => $auth_section,
+      user_domain_name               => $user_domain_name,
+      project_domain_name            => $project_domain_name,
+      insecure                       => $insecure,
+      cache                          => $cache,
+      cafile                         => $cafile,
+      certfile                       => $certfile,
+      delay_auth_decision            => $delay_auth_decision,
+      enforce_token_bind             => $enforce_token_bind,
+      http_connect_timeout           => $http_connect_timeout,
+      http_request_max_retries       => $http_request_max_retries,
+      include_service_catalog        => $include_service_catalog,
+      keyfile                        => $keyfile,
+      memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
+      memcache_pool_dead_retry       => $memcache_pool_dead_retry,
+      memcache_pool_maxsize          => $memcache_pool_maxsize,
+      memcache_pool_socket_timeout   => $memcache_pool_socket_timeout,
+      memcache_secret_key            => $memcache_secret_key,
+      memcache_security_strategy     => $memcache_security_strategy,
+      memcache_use_advanced_pool     => $memcache_use_advanced_pool,
+      memcache_pool_unused_timeout   => $memcache_pool_unused_timeout,
+      memcached_servers              => $memcached_servers,
+      manage_memcache_package        => $manage_memcache_package,
+      region_name                    => $region_name,
+      token_cache_time               => $token_cache_time,
+      service_token_roles            => $service_token_roles,
+      service_token_roles_required   => $service_token_roles_required,
+      interface                      => $interface;
  }
 }
--- a/spec/classes/nova_api_spec.rb
+++ b/spec/classes/nova_api_spec.rb
@ -6,6 +6,7 @@ describe 'nova::api' do
    "include nova
     class { 'nova::keystone::authtoken':
       password => 'passw0rd',
+       params => { 'username' => 'novae' },
     }"
  end

@ -143,7 +144,7 @@ describe 'nova::api' do
        })
      end
      it { is_expected.to contain_openstacklib__service_validation('nova-api').with(
-        :command   => 'nova --os-auth-url http://127.0.0.1:5000/ --os-project-name services --os-username nova --os-password passw0rd flavor-list',
+        :command   => 'nova --os-auth-url http://127.0.0.1:5000/ --os-project-name services --os-username novae --os-password passw0rd flavor-list',
        :subscribe => 'Service[nova-api]',
      )}

--- a/spec/classes/nova_keystone_authtoken_spec.rb
+++ b/spec/classes/nova_keystone_authtoken_spec.rb
@ -86,6 +86,7 @@ describe 'nova::keystone::authtoken' do
          :service_token_roles                  => ['service'],
          :service_token_roles_required         => true,
          :interface                            => 'internal',
+          :params                               => { 'service_type' => "compute" },
        })
      end

@ -124,12 +125,26 @@ describe 'nova::keystone::authtoken' do
        is_expected.to contain_nova_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
        is_expected.to contain_nova_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
        is_expected.to contain_nova_config('keystone_authtoken/interface').with_value(params[:interface])
+        is_expected.to contain_nova_config('keystone_authtoken/service_type').with_value(params[:params]['service_type'])
      end

      it 'installs python memcache package' do
        is_expected.to contain_package('python-memcache')
      end
    end
+
+    context 'when overriding parameters via params hash' do
+      before do
+        params.merge!({
+          :username                             => 'myuser',
+          :params                               => { 'username' => "myotheruser" },
+        })
+      end
+
+      it 'configure keystone_authtoken' do
+        is_expected.to contain_nova_config('keystone_authtoken/username').with_value(params[:params]['username'])
+      end
+    end
  end

  on_supported_os({