openstack/puppet-nova
Code Issues Proposed changes

Remove old authtoken options

Browse Source 
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section

Change-Id: I773852cadc4369dab2ecbce1c643e8f6febc67d2
This commit is contained in:
Iury Gregory Melo Ferreira 2016-11-08 01:16:34 -03:00
parent 88656250b6
commit 78d4d325ec
8 changed files with 58 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
manifests/api.pp
View File

@ -215,11 +215,6 @@
# (optional) DEPRECATED. The port on which the EC2 API will listen. # (optional) DEPRECATED. The port on which the EC2 API will listen.
# Defaults to port undef # Defaults to port undef
# #
# [*auth_version*]
# (optional) DEPRECATED. Use auth_token from
# nova::keystone::authtoken class instead.
# Defaults to undef
#
# [*ec2_workers*] # [*ec2_workers*]
# (optional) DEPRECATED. Number of workers for EC2 service # (optional) DEPRECATED. Number of workers for EC2 service
# Defaults to undef # Defaults to undef
@ -229,31 +224,6 @@
# Class instead. # Class instead.
# Defaults to undef # Defaults to undef
# #
# [*admin_tenant_name*]
# (optional) DEPRECATED. Use project_name from
# nova::keystone::authtoken class instead.
# Defaults to undef
#
# [*admin_user*]
# (optional) DEPRECATED. Use username from
# nova::keystone::authtoken class instead.
# Defaults to undef
#
# [*admin_password*]
# (optional) DEPRECATED. Use password from
# nova::keystone::authtoken class instead.
# Defaults to undef
#
# [*identity_uri*]
# (optional) DEPRECATED. Use auth_url from
# nova::keystone::authtoken class instead.
# Defaults to undef
#
# [*auth_uri*]
# (optional) DEPRECATED. Use auth_uri from
# nova::keystone::authtoken class instead.
# Defaults to undef
#
class nova::api( class nova::api(
$enabled = true, $enabled = true,
$manage_service = true, $manage_service = true,
@ -302,12 +272,6 @@ class nova::api(
$ec2_listen_port = undef, $ec2_listen_port = undef,
$ec2_workers = undef, $ec2_workers = undef,
$keystone_ec2_url = undef, $keystone_ec2_url = undef,
$auth_version = undef,
$admin_password = undef,
$auth_uri = undef,
$identity_uri = undef,
$admin_tenant_name = undef,
$admin_user = undef,
) inherits nova::params { ) inherits nova::params {
include ::nova::deps include ::nova::deps
@ -338,31 +302,6 @@ class nova::api(
} }
} }
if $auth_version {
warning('nova::api::auth_version is deprecated, use nova::keystone::authtoken::auth_version instead.')
}
if $identity_uri {
warning('nova::api::identity_uri is deprecated, use nova::keystone::authtoken::auth_url instead.')
}
if $auth_uri {
warning('nova::api::auth_uri is deprecated, use nova::keystone::authtoken::auth_uri instead.')
}
if $admin_tenant_name {
warning('nova::api::admin_tenant_name is deprecated, use nova::keystone::authtoken::project_name instead.')
}
if $admin_user {
warning('nova::api::admin_user is deprecated, use nova::keystone::authtoken::username instead.')
}
if $admin_password {
warning('nova::api::admin_password is deprecated, use nova::keystone::authtoken::password instead.')
}
if !is_service_default($vendordata_providers) and !empty($vendordata_providers){ if !is_service_default($vendordata_providers) and !empty($vendordata_providers){
validate_array($vendordata_providers) validate_array($vendordata_providers)
$vendordata_providers_real = join($vendordata_providers, ',') $vendordata_providers_real = join($vendordata_providers, ',')
@ -506,11 +445,11 @@ as a standalone service, or httpd for being run by a httpd server")
#Shrinking the variables names in favor of not #Shrinking the variables names in favor of not
#having more than 140 chars per line #having more than 140 chars per line
#Admin user real #Admin user real
$aur = pick($admin_user, $::nova::keystone::authtoken::username) $aur = $::nova::keystone::authtoken::username
#Admin password real #Admin password real
$apr = pick($admin_password, $::nova::keystone::authtoken::password) $apr = $::nova::keystone::authtoken::password
#Admin tenan name real #Admin tenan name real
$atnr = pick($admin_tenant_name, $::nova::keystone::authtoken::project_name) $atnr = $::nova::keystone::authtoken::project_name
#Keystone Auth URI #Keystone Auth URI
$kau = $::nova::keystone::authtoken::auth_uri $kau = $::nova::keystone::authtoken::auth_uri
$defaults = { $defaults = {

11
manifests/init.pp
View File

@ -397,12 +397,6 @@
# #
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
# #
# [*memcached_servers*]
# (optional) DEPRECATED. Use memcached_servers from
# nova::keystone::authtoken class instead.
# memcached server IP's:Memcached Port.
# Defaults to undef
#
# [*rabbit_host*] # [*rabbit_host*]
# (optional) Location of rabbitmq installation. (string value) # (optional) Location of rabbitmq installation. (string value)
# Defaults to $::os_service_default # Defaults to $::os_service_default
@ -517,7 +511,6 @@ class nova(
$disk_allocation_ratio = $::os_service_default, $disk_allocation_ratio = $::os_service_default,
$purge_config = false, $purge_config = false,
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
$memcached_servers = undef,
$rabbit_host = $::os_service_default, $rabbit_host = $::os_service_default,
$rabbit_hosts = $::os_service_default, $rabbit_hosts = $::os_service_default,
$rabbit_password = $::os_service_default, $rabbit_password = $::os_service_default,
@ -537,10 +530,6 @@ class nova(
warning('enabled_ssl_apis is empty but use_ssl is set to true') warning('enabled_ssl_apis is empty but use_ssl is set to true')
} }
if $memcached_servers {
warning('nova::memcached_servers is deprecated, use nova::keystone::authtoken::memcached_servers instead.')
}
if !is_service_default($rabbit_host) or if !is_service_default($rabbit_host) or
!is_service_default($rabbit_hosts) or !is_service_default($rabbit_hosts) or
!is_service_default($rabbit_password) or !is_service_default($rabbit_password) or

24
manifests/keystone/authtoken.pp
View File

@ -223,25 +223,17 @@ class nova::keystone::authtoken(
$token_cache_time = $::os_service_default, $token_cache_time = $::os_service_default,
) { ) {
if is_service_default($password) and ! $::nova::api::admin_password { if is_service_default($password) {
fail('Please set password for nova service user') fail('Please set password for nova service user')
} }
$username_real = pick($::nova::api::admin_user, $username)
$password_real = pick($::nova::api::admin_password, $password)
$project_name_real = pick($::nova::api::admin_tenant_name, $project_name)
$auth_uri_real = pick($::nova::api::auth_uri, $auth_uri)
$auth_version_real = pick($::nova::api::auth_version, $auth_version)
$memcached_servers_real = pick($::nova::memcached_servers, $memcached_servers)
$auth_url_real = pick($::nova::api::identity_uri, $auth_url)
keystone::resource::authtoken { 'nova_config': keystone::resource::authtoken { 'nova_config':
username => $username_real, username => $username,
password => $password_real, password => $password,
project_name => $project_name_real, project_name => $project_name,
auth_url => $auth_url_real, auth_url => $auth_url,
auth_uri => $auth_uri_real, auth_uri => $auth_uri,
auth_version => $auth_version_real, auth_version => $auth_version,
auth_type => $auth_type, auth_type => $auth_type,
auth_section => $auth_section, auth_section => $auth_section,
user_domain_name => $user_domain_name, user_domain_name => $user_domain_name,
@ -266,7 +258,7 @@ class nova::keystone::authtoken(
memcache_security_strategy => $memcache_security_strategy, memcache_security_strategy => $memcache_security_strategy,
memcache_use_advanced_pool => $memcache_use_advanced_pool, memcache_use_advanced_pool => $memcache_use_advanced_pool,
memcache_pool_unused_timeout => $memcache_pool_unused_timeout, memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
memcached_servers => $memcached_servers_real, memcached_servers => $memcached_servers,
region_name => $region_name, region_name => $region_name,
revocation_cache_time => $revocation_cache_time, revocation_cache_time => $revocation_cache_time,
signing_dir => $signing_dir, signing_dir => $signing_dir,

9
releasenotes/notes/remove_old_authtoken_options-f551ca427590e8b7.yaml Normal file
View File

@ -0,0 +1,9 @@
---
other:
- removed deprecated nova::api::admin_tenant_name
- removed deprecated nova::api::admin_user
- removed deprecated nova::api::admin_password
- removed deprecated nova::api::identity_uri
- removed deprecated nova::api::auth_uri
- removed deprecated nova::api::auth_version
- removed deprecated nova::memcached_servers

63
spec/classes/nova_api_spec.rb
View File

@ -3,11 +3,14 @@ require 'spec_helper'
describe 'nova::api' do describe 'nova::api' do
let :pre_condition do let :pre_condition do
'include nova' "include nova
class { '::nova::keystone::authtoken':
password => 'passw0rd',
}"
end end
let :params do let :params do
{ :admin_password => 'passw0rd' } {}
end end
shared_examples 'nova-api' do shared_examples 'nova-api' do
@ -35,19 +38,6 @@ describe 'nova::api' do
is_expected.to_not contain_exec('validate_nova_api') is_expected.to_not contain_exec('validate_nova_api')
end end
it 'configures keystone_authtoken middleware' do
is_expected.to contain_nova_config(
'keystone_authtoken/auth_uri').with_value('http://127.0.0.1:5000/')
is_expected.to contain_nova_config(
'keystone_authtoken/auth_url').with_value('http://127.0.0.1:35357/')
is_expected.to contain_nova_config(
'keystone_authtoken/project_name').with_value('services')
is_expected.to contain_nova_config(
'keystone_authtoken/username').with_value('nova')
is_expected.to contain_nova_config(
'keystone_authtoken/password').with_value('passw0rd').with_secret(true)
end
it 'enable metadata in evenlet configuration' do it 'enable metadata in evenlet configuration' do
is_expected.to contain_nova_config('DEFAULT/enabled_apis').with_value('osapi_compute,metadata') is_expected.to contain_nova_config('DEFAULT/enabled_apis').with_value('osapi_compute,metadata')
end end
@ -94,11 +84,6 @@ describe 'nova::api' do
params.merge!({ params.merge!({
:enabled => false, :enabled => false,
:ensure_package => '2012.1-2', :ensure_package => '2012.1-2',
:auth_uri => 'https://10.0.0.1:9999/',
:identity_uri => 'https://10.0.0.1:8888/',
:admin_tenant_name => 'service2',
:admin_user => 'nova2',
:admin_password => 'passw0rd2',
:api_bind_address => '192.168.56.210', :api_bind_address => '192.168.56.210',
:metadata_listen => '127.0.0.1', :metadata_listen => '127.0.0.1',
:metadata_listen_port => 8875, :metadata_listen_port => 8875,
@ -144,21 +129,6 @@ describe 'nova::api' do
) )
end end
it 'configures keystone_authtoken middleware' do
is_expected.to contain_nova_config(
'keystone_authtoken/auth_uri').with_value('https://10.0.0.1:9999/')
is_expected.to contain_nova_config(
'keystone_authtoken/auth_url').with_value('https://10.0.0.1:8888/')
is_expected.to contain_nova_config(
'keystone_authtoken/project_name').with_value('service2')
is_expected.to contain_nova_config(
'keystone_authtoken/username').with_value('nova2')
is_expected.to contain_nova_config(
'keystone_authtoken/password').with_value('passw0rd2').with_secret(true)
is_expected.to contain_nova_paste_api_ini(
'filter:ratelimit/limits').with_value('(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)')
end
it 'configures various stuff' do it 'configures various stuff' do
is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen').with('value' => '192.168.56.210') is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen').with('value' => '192.168.56.210')
is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen_port').with('value' => '8874') is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen_port').with('value' => '8874')
@ -248,7 +218,10 @@ describe 'nova::api' do
context 'with default database parameters' do context 'with default database parameters' do
let :pre_condition do let :pre_condition do
"include nova" "include nova
class { '::nova::keystone::authtoken':
password => 'a_big_secret',
}"
end end
it { is_expected.to_not contain_nova_config('database/connection') } it { is_expected.to_not contain_nova_config('database/connection') }
@ -267,6 +240,9 @@ describe 'nova::api' do
api_slave_connection => 'mysql://user:pass@slave/db2', api_slave_connection => 'mysql://user:pass@slave/db2',
database_idle_timeout => '30', database_idle_timeout => '30',
} }
class { '::nova::keystone::authtoken':
password => 'passw0rd',
}
" "
end end
@ -295,7 +271,10 @@ describe 'nova::api' do
let :pre_condition do let :pre_condition do
"include ::apache "include ::apache
include ::nova" include ::nova
class { '::nova::keystone::authtoken':
password => 'a_big_secret',
}"
end end
it 'enable nova API service' do it 'enable nova API service' do
@ -320,7 +299,10 @@ describe 'nova::api' do
let :pre_condition do let :pre_condition do
"include ::apache "include ::apache
include ::nova" include ::nova
class { '::nova::keystone::authtoken':
password => 'a_big_secret',
}"
end end
it 'disable nova API service' do it 'disable nova API service' do
@ -349,7 +331,10 @@ describe 'nova::api' do
let :pre_condition do let :pre_condition do
"include ::apache "include ::apache
include ::nova" include ::nova
class { '::nova::keystone::authtoken':
password => 'a_big_secret',
}"
end end
it_raises 'a Puppet::Error', /Invalid service_name/ it_raises 'a Puppet::Error', /Invalid service_name/

1
spec/classes/nova_init_spec.rb
View File

@ -94,7 +94,6 @@ describe 'nova' do
:service_down_time => '120', :service_down_time => '120',
:auth_strategy => 'foo', :auth_strategy => 'foo',
:ensure_package => '2012.1.1-15.el6', :ensure_package => '2012.1.1-15.el6',
:memcached_servers => ['memcached01:11211', 'memcached02:11211'],
:host => 'test-001.example.org', :host => 'test-001.example.org',
:notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673', :notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673',
:notification_driver => 'ceilometer.compute.nova_notifier', :notification_driver => 'ceilometer.compute.nova_notifier',

8
spec/classes/nova_keystone_auth_spec.rb
View File

@ -124,8 +124,11 @@ describe 'nova::keystone::auth' do
describe 'when configuring nova-api and the keystone endpoint' do describe 'when configuring nova-api and the keystone endpoint' do
let :pre_condition do let :pre_condition do
"class { 'nova::api': admin_password => 'test' } "class { '::nova::keystone::authtoken':
include nova" password => 'secrete',
}
class { 'nova::api':}
include nova"
end end
let :facts do let :facts do
@ -158,4 +161,3 @@ describe 'nova::keystone::auth' do
end end
end end

12
spec/classes/nova_wsgi_apache_spec.rb
View File

@ -12,9 +12,11 @@ describe 'nova::wsgi::apache' do
let :pre_condition do let :pre_condition do
"include nova "include nova
class { '::nova::keystone::authtoken':
password => 'secrete',
}
class { '::nova::api': class { '::nova::api':
service_name => 'httpd', service_name => 'httpd',
admin_password => 'secrete',
}" }"
end end
@ -28,9 +30,11 @@ describe 'nova::wsgi::apache' do
let :pre_condition do let :pre_condition do
"include nova "include nova
class { '::nova::keystone::authtoken':
password => 'secrete',
}
class { '::nova::api': class { '::nova::api':
service_name => 'httpd', service_name => 'httpd',
admin_password => 'secrete',
}" }"
end end
@ -83,9 +87,11 @@ describe 'nova::wsgi::apache' do
describe 'when overriding parameters using different ports' do describe 'when overriding parameters using different ports' do
let :pre_condition do let :pre_condition do
"include nova "include nova
class { '::nova::keystone::authtoken':
password => 'secrete',
}
class { '::nova::api': class { '::nova::api':
service_name => 'httpd', service_name => 'httpd',
admin_password => 'secrete',
}" }"
end end