Use a 'params' hash for authtoken parameters
Currently adding a new authtoken parameter requires changes in nearly 30 different puppet projects. For options without defaults, defining these individually in each puppet-* project doesn't appear to add any value since validation is already happening in the keystone::resource::authtoken class. This change adds a params parameter which is a hash of options to pass through to the authtoken resource. The individual params are still used as defaults, but any keys set in the params hash override them. I propose deprecating these individual parameters in a future commit. Depends-On: https://review.opendev.org/#/c/743858/ Change-Id: I695834ac03a52d8569e50db600676a89e165491d
This commit is contained in:
parent
c1d92c4c74
commit
5c38281e1b
|
@ -352,19 +352,22 @@ as a standalone service, or httpd for being run by a httpd server")
|
||||||
}
|
}
|
||||||
|
|
||||||
if $validate {
|
if $validate {
|
||||||
#Shrinking the variables names in favor of not
|
$authtoken_values = {
|
||||||
#having more than 140 chars per line
|
'username' => $::nova::keystone::authtoken::username,
|
||||||
#Admin user real
|
'password' => $::nova::keystone::authtoken::password,
|
||||||
$aur = $::nova::keystone::authtoken::username
|
'project_name' => $::nova::keystone::authtoken::project_name,
|
||||||
#Admin password real
|
'www_authenticate_uri' => $::nova::keystone::authtoken::www_authenticate_uri,
|
||||||
$apr = $::nova::keystone::authtoken::password
|
}
|
||||||
#Admin tenant name real
|
$authtoken = merge($authtoken_values, $::nova::keystone::authtoken::params)
|
||||||
$atnr = $::nova::keystone::authtoken::project_name
|
|
||||||
#Keystone Auth URI
|
|
||||||
$kau = $::nova::keystone::authtoken::www_authenticate_uri
|
|
||||||
$defaults = {
|
$defaults = {
|
||||||
'nova-api' => {
|
'nova-api' => {
|
||||||
'command' => "nova --os-auth-url ${kau} --os-project-name ${atnr} --os-username ${aur} --os-password ${apr} flavor-list",
|
'command' => @("CMD"/L)
|
||||||
|
nova --os-auth-url ${authtoken['www_authenticate_uri']} \
|
||||||
|
--os-project-name ${authtoken['project_name']} \
|
||||||
|
--os-username ${authtoken['username']} \
|
||||||
|
--os-password ${authtoken['password']} \
|
||||||
|
flavor-list
|
||||||
|
|- CMD
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$validation_options_hash = merge ($defaults, $validation_options)
|
$validation_options_hash = merge ($defaults, $validation_options)
|
||||||
|
|
|
@ -182,6 +182,10 @@
|
||||||
# "public", "internal" or "admin".
|
# "public", "internal" or "admin".
|
||||||
# Defaults to $::os_service_default.
|
# Defaults to $::os_service_default.
|
||||||
#
|
#
|
||||||
|
# [*params*]
|
||||||
|
# (Optional) Hash of additional parameters to pass through to the keystone
|
||||||
|
# authtoken class. Values set here override the individual parameters above.
|
||||||
|
#
|
||||||
class nova::keystone::authtoken(
|
class nova::keystone::authtoken(
|
||||||
$username = 'nova',
|
$username = 'nova',
|
||||||
$password = $::os_service_default,
|
$password = $::os_service_default,
|
||||||
|
@ -218,6 +222,7 @@ class nova::keystone::authtoken(
|
||||||
$service_token_roles = $::os_service_default,
|
$service_token_roles = $::os_service_default,
|
||||||
$service_token_roles_required = $::os_service_default,
|
$service_token_roles_required = $::os_service_default,
|
||||||
$interface = $::os_service_default,
|
$interface = $::os_service_default,
|
||||||
|
$params = {},
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include nova::deps
|
include nova::deps
|
||||||
|
@ -226,41 +231,44 @@ class nova::keystone::authtoken(
|
||||||
fail('Please set password for nova service user')
|
fail('Please set password for nova service user')
|
||||||
}
|
}
|
||||||
|
|
||||||
keystone::resource::authtoken { 'nova_config':
|
keystone::resource::authtoken {
|
||||||
username => $username,
|
'nova_config':
|
||||||
password => $password,
|
* => $params;
|
||||||
project_name => $project_name,
|
default:
|
||||||
auth_url => $auth_url,
|
username => $username,
|
||||||
www_authenticate_uri => $www_authenticate_uri,
|
password => $password,
|
||||||
auth_version => $auth_version,
|
project_name => $project_name,
|
||||||
auth_type => $auth_type,
|
auth_url => $auth_url,
|
||||||
auth_section => $auth_section,
|
www_authenticate_uri => $www_authenticate_uri,
|
||||||
user_domain_name => $user_domain_name,
|
auth_version => $auth_version,
|
||||||
project_domain_name => $project_domain_name,
|
auth_type => $auth_type,
|
||||||
insecure => $insecure,
|
auth_section => $auth_section,
|
||||||
cache => $cache,
|
user_domain_name => $user_domain_name,
|
||||||
cafile => $cafile,
|
project_domain_name => $project_domain_name,
|
||||||
certfile => $certfile,
|
insecure => $insecure,
|
||||||
delay_auth_decision => $delay_auth_decision,
|
cache => $cache,
|
||||||
enforce_token_bind => $enforce_token_bind,
|
cafile => $cafile,
|
||||||
http_connect_timeout => $http_connect_timeout,
|
certfile => $certfile,
|
||||||
http_request_max_retries => $http_request_max_retries,
|
delay_auth_decision => $delay_auth_decision,
|
||||||
include_service_catalog => $include_service_catalog,
|
enforce_token_bind => $enforce_token_bind,
|
||||||
keyfile => $keyfile,
|
http_connect_timeout => $http_connect_timeout,
|
||||||
memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
|
http_request_max_retries => $http_request_max_retries,
|
||||||
memcache_pool_dead_retry => $memcache_pool_dead_retry,
|
include_service_catalog => $include_service_catalog,
|
||||||
memcache_pool_maxsize => $memcache_pool_maxsize,
|
keyfile => $keyfile,
|
||||||
memcache_pool_socket_timeout => $memcache_pool_socket_timeout,
|
memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
|
||||||
memcache_secret_key => $memcache_secret_key,
|
memcache_pool_dead_retry => $memcache_pool_dead_retry,
|
||||||
memcache_security_strategy => $memcache_security_strategy,
|
memcache_pool_maxsize => $memcache_pool_maxsize,
|
||||||
memcache_use_advanced_pool => $memcache_use_advanced_pool,
|
memcache_pool_socket_timeout => $memcache_pool_socket_timeout,
|
||||||
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
memcache_secret_key => $memcache_secret_key,
|
||||||
memcached_servers => $memcached_servers,
|
memcache_security_strategy => $memcache_security_strategy,
|
||||||
manage_memcache_package => $manage_memcache_package,
|
memcache_use_advanced_pool => $memcache_use_advanced_pool,
|
||||||
region_name => $region_name,
|
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
||||||
token_cache_time => $token_cache_time,
|
memcached_servers => $memcached_servers,
|
||||||
service_token_roles => $service_token_roles,
|
manage_memcache_package => $manage_memcache_package,
|
||||||
service_token_roles_required => $service_token_roles_required,
|
region_name => $region_name,
|
||||||
interface => $interface,
|
token_cache_time => $token_cache_time,
|
||||||
|
service_token_roles => $service_token_roles,
|
||||||
|
service_token_roles_required => $service_token_roles_required,
|
||||||
|
interface => $interface;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@ describe 'nova::api' do
|
||||||
"include nova
|
"include nova
|
||||||
class { 'nova::keystone::authtoken':
|
class { 'nova::keystone::authtoken':
|
||||||
password => 'passw0rd',
|
password => 'passw0rd',
|
||||||
|
params => { 'username' => 'novae' },
|
||||||
}"
|
}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -143,7 +144,7 @@ describe 'nova::api' do
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
it { is_expected.to contain_openstacklib__service_validation('nova-api').with(
|
it { is_expected.to contain_openstacklib__service_validation('nova-api').with(
|
||||||
:command => 'nova --os-auth-url http://127.0.0.1:5000/ --os-project-name services --os-username nova --os-password passw0rd flavor-list',
|
:command => 'nova --os-auth-url http://127.0.0.1:5000/ --os-project-name services --os-username novae --os-password passw0rd flavor-list',
|
||||||
:subscribe => 'Service[nova-api]',
|
:subscribe => 'Service[nova-api]',
|
||||||
)}
|
)}
|
||||||
|
|
||||||
|
|
|
@ -86,6 +86,7 @@ describe 'nova::keystone::authtoken' do
|
||||||
:service_token_roles => ['service'],
|
:service_token_roles => ['service'],
|
||||||
:service_token_roles_required => true,
|
:service_token_roles_required => true,
|
||||||
:interface => 'internal',
|
:interface => 'internal',
|
||||||
|
:params => { 'service_type' => "compute" },
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -124,12 +125,26 @@ describe 'nova::keystone::authtoken' do
|
||||||
is_expected.to contain_nova_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
|
is_expected.to contain_nova_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
|
||||||
is_expected.to contain_nova_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
|
is_expected.to contain_nova_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
|
||||||
is_expected.to contain_nova_config('keystone_authtoken/interface').with_value(params[:interface])
|
is_expected.to contain_nova_config('keystone_authtoken/interface').with_value(params[:interface])
|
||||||
|
is_expected.to contain_nova_config('keystone_authtoken/service_type').with_value(params[:params]['service_type'])
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'installs python memcache package' do
|
it 'installs python memcache package' do
|
||||||
is_expected.to contain_package('python-memcache')
|
is_expected.to contain_package('python-memcache')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when overriding parameters via params hash' do
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:username => 'myuser',
|
||||||
|
:params => { 'username' => "myotheruser" },
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configure keystone_authtoken' do
|
||||||
|
is_expected.to contain_nova_config('keystone_authtoken/username').with_value(params[:params]['username'])
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
on_supported_os({
|
on_supported_os({
|
||||||
|
|
Loading…
Reference in New Issue