From ab3a58f014cd474d8e612da515220a0bd253a505 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 12 Jan 2022 18:55:50 +0900 Subject: [PATCH] Add support for [keystone] parameters This change adds support for parameters in the [keystone] section, which are used to query Keystone API to validate the given project id. Change-Id: I3b9416f1e3f7ae303a182c3890a8797605a40271 --- manifests/keystone.pp | 95 +++++++++++++++++++ .../keystone-parameters-2222c1f0038d641b.yaml | 5 + spec/classes/nova_keystone_spec.rb | 77 +++++++++++++++ 3 files changed, 177 insertions(+) create mode 100644 manifests/keystone.pp create mode 100644 releasenotes/notes/keystone-parameters-2222c1f0038d641b.yaml create mode 100644 spec/classes/nova_keystone_spec.rb diff --git a/manifests/keystone.pp b/manifests/keystone.pp new file mode 100644 index 000000000..6a8b5a595 --- /dev/null +++ b/manifests/keystone.pp @@ -0,0 +1,95 @@ +# == Class: nova::keystone +# +# Configures Keystone credentials to use by Nova. +# +# === Parameters: +# +# [*password*] +# (required) Password for connecting to Keystone services in +# admin context through the OpenStack Identity service. +# +# [*auth_type*] +# (optional) Name of the auth type to load (string value) +# Defaults to 'password' +# +# [*auth_url*] +# (optional) Points to the OpenStack Identity server IP and port. +# This is the Identity (keystone) admin API server IP and port value, +# and not the Identity service API IP and port. +# Defaults to $::os_service_default +# +# [*timeout*] +# (optional) Timeout value for connecting to keystone in seconds. +# Defaults to $::os_service_default +# +# [*service_type*] +# (optional) The default service_type for endpoint URL discovery. +# Defaults to $::os_service_default +# +# [*valid_interfaces*] +# (optional) List of interfaces, in order of preference for endpoint URL. +# Defaults to $::os_service_default +# +# [*region_name*] +# (optional) Region name for connecting to keystone in admin context +# through the OpenStack Identity service. +# Defaults to $::os_service_default +# +# [*endpoint_override*] +# (optional) Always use this endpoint URL for requests for this client. +# Defaults to $::os_service_default +# +# [*project_name*] +# (optional) Project name for connecting to Keystone services in +# admin context through the OpenStack Identity service. +# Defaults to 'services' +# +# [*project_domain_name*] +# (optional) Project Domain name for connecting to Keystone services in +# admin context through the OpenStack Identity service. +# Defaults to 'Default' +# +# [*username*] +# (optional) Username for connecting to Keystone services in admin context +# through the OpenStack Identity service. +# Defaults to 'keystone' +# +# [*user_domain_name*] +# (optional) User Domain name for connecting to Keystone services in +# admin context through the OpenStack Identity service. +# Defaults to 'Default' +# +# = +# +class nova::keystone ( + $password, + $auth_type = 'password', + $auth_url = 'http://127.0.0.1:5000', + $timeout = $::os_service_default, + $service_type = $::os_service_default, + $valid_interfaces = $::os_service_default, + $endpoint_override = $::os_service_default, + $region_name = $::os_service_default, + $project_name = 'services', + $project_domain_name = 'Default', + $username = 'nova', + $user_domain_name = 'Default', +) { + + include nova::deps + + nova_config { + 'keystone/password': value => $password, secret => true; + 'keystone/auth_type': value => $auth_type; + 'keystone/auth_url': value => $auth_url; + 'keystone/service_type': value => $service_type; + 'keystone/valid_interfaces': value => join(any2array($valid_interfaces), ','); + 'keystone/endpoint_override': value => $endpoint_override; + 'keystone/region_name': value => $region_name; + 'keystone/timeout': value => $timeout; + 'keystone/project_name': value => $project_name; + 'keystone/project_domain_name': value => $project_domain_name; + 'keystone/username': value => $username; + 'keystone/user_domain_name': value => $user_domain_name; + } +} diff --git a/releasenotes/notes/keystone-parameters-2222c1f0038d641b.yaml b/releasenotes/notes/keystone-parameters-2222c1f0038d641b.yaml new file mode 100644 index 000000000..a6ebe5366 --- /dev/null +++ b/releasenotes/notes/keystone-parameters-2222c1f0038d641b.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The new ``nova::keystone`` class has been added. This class manages + the parameters in the ``[keystone]`` section. diff --git a/spec/classes/nova_keystone_spec.rb b/spec/classes/nova_keystone_spec.rb new file mode 100644 index 000000000..18d39eff5 --- /dev/null +++ b/spec/classes/nova_keystone_spec.rb @@ -0,0 +1,77 @@ +require 'spec_helper' + +describe 'nova::keystone' do + + shared_examples 'nova::keystone' do + + let :params do + { + :password => 's3cr3t' + } + end + + context 'with required parameters' do + it 'configures keystone in nova.conf' do + should contain_nova_config('keystone/password').with_value('s3cr3t').with_secret(true) + should contain_nova_config('keystone/auth_type').with_value('password') + should contain_nova_config('keystone/auth_url').with_value('http://127.0.0.1:5000') + should contain_nova_config('keystone/timeout').with_value('') + should contain_nova_config('keystone/service_type').with_value('') + should contain_nova_config('keystone/valid_interfaces').with_value('') + should contain_nova_config('keystone/endpoint_override').with_value('') + should contain_nova_config('keystone/region_name').with_value('') + should contain_nova_config('keystone/project_name').with_value('services') + should contain_nova_config('keystone/project_domain_name').with_value('Default') + should contain_nova_config('keystone/username').with_value('nova') + should contain_nova_config('keystone/user_domain_name').with_value('Default') + end + + end + + context 'with parameters' do + before do + params.merge!({ + :auth_type => 'v3password', + :auth_url => 'http://10.0.0.10:5000/', + :timeout => 60, + :service_type => 'identity', + :valid_interfaces => ['internal', 'public'], + :endpoint_override => 'http://10.0.0.11:5000/', + :region_name => 'RegionOne', + :project_name => 'alt_service', + :project_domain_name => 'DomainX', + :username => 'alt_nova', + :user_domain_name => 'DomainY', + }) + end + + it 'configures keystone in nova.conf' do + should contain_nova_config('keystone/password').with_value('s3cr3t').with_secret(true) + should contain_nova_config('keystone/auth_type').with_value('v3password') + should contain_nova_config('keystone/auth_url').with_value('http://10.0.0.10:5000/') + should contain_nova_config('keystone/timeout').with_value(60) + should contain_nova_config('keystone/service_type').with_value('identity') + should contain_nova_config('keystone/valid_interfaces').with_value('internal,public') + should contain_nova_config('keystone/endpoint_override').with_value('http://10.0.0.11:5000/') + should contain_nova_config('keystone/region_name').with_value('RegionOne') + should contain_nova_config('keystone/project_name').with_value('alt_service') + should contain_nova_config('keystone/project_domain_name').with_value('DomainX') + should contain_nova_config('keystone/username').with_value('alt_nova') + should contain_nova_config('keystone/user_domain_name').with_value('DomainY') + end + + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts()) + end + + it_behaves_like 'nova::keystone' + end + end +end