From 78d4d325eccc8b9f00bb6423a5352b7e8d6045f3 Mon Sep 17 00:00:00 2001 From: Iury Gregory Melo Ferreira Date: Tue, 8 Nov 2016 01:16:34 -0300 Subject: [PATCH] Remove old authtoken options Since we are in ocata lets remove all old parameters in api to configure the keystone_authtoken section Change-Id: I773852cadc4369dab2ecbce1c643e8f6febc67d2 --- manifests/api.pp | 67 +------------------ manifests/init.pp | 11 --- manifests/keystone/authtoken.pp | 24 +++---- ...ld_authtoken_options-f551ca427590e8b7.yaml | 9 +++ spec/classes/nova_api_spec.rb | 63 +++++++---------- spec/classes/nova_init_spec.rb | 1 - spec/classes/nova_keystone_auth_spec.rb | 8 ++- spec/classes/nova_wsgi_apache_spec.rb | 12 +++- 8 files changed, 58 insertions(+), 137 deletions(-) create mode 100644 releasenotes/notes/remove_old_authtoken_options-f551ca427590e8b7.yaml diff --git a/manifests/api.pp b/manifests/api.pp index a6bcc772e..8a8fe7b9b 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -215,11 +215,6 @@ # (optional) DEPRECATED. The port on which the EC2 API will listen. # Defaults to port undef # -# [*auth_version*] -# (optional) DEPRECATED. Use auth_token from -# nova::keystone::authtoken class instead. -# Defaults to undef -# # [*ec2_workers*] # (optional) DEPRECATED. Number of workers for EC2 service # Defaults to undef @@ -229,31 +224,6 @@ # Class instead. # Defaults to undef # -# [*admin_tenant_name*] -# (optional) DEPRECATED. Use project_name from -# nova::keystone::authtoken class instead. -# Defaults to undef -# -# [*admin_user*] -# (optional) DEPRECATED. Use username from -# nova::keystone::authtoken class instead. -# Defaults to undef -# -# [*admin_password*] -# (optional) DEPRECATED. Use password from -# nova::keystone::authtoken class instead. -# Defaults to undef -# -# [*identity_uri*] -# (optional) DEPRECATED. Use auth_url from -# nova::keystone::authtoken class instead. -# Defaults to undef -# -# [*auth_uri*] -# (optional) DEPRECATED. Use auth_uri from -# nova::keystone::authtoken class instead. -# Defaults to undef -# class nova::api( $enabled = true, $manage_service = true, @@ -302,12 +272,6 @@ class nova::api( $ec2_listen_port = undef, $ec2_workers = undef, $keystone_ec2_url = undef, - $auth_version = undef, - $admin_password = undef, - $auth_uri = undef, - $identity_uri = undef, - $admin_tenant_name = undef, - $admin_user = undef, ) inherits nova::params { include ::nova::deps @@ -338,31 +302,6 @@ class nova::api( } } - if $auth_version { - warning('nova::api::auth_version is deprecated, use nova::keystone::authtoken::auth_version instead.') - } - - if $identity_uri { - warning('nova::api::identity_uri is deprecated, use nova::keystone::authtoken::auth_url instead.') - } - - if $auth_uri { - warning('nova::api::auth_uri is deprecated, use nova::keystone::authtoken::auth_uri instead.') - } - - if $admin_tenant_name { - warning('nova::api::admin_tenant_name is deprecated, use nova::keystone::authtoken::project_name instead.') - } - - if $admin_user { - warning('nova::api::admin_user is deprecated, use nova::keystone::authtoken::username instead.') - } - - if $admin_password { - warning('nova::api::admin_password is deprecated, use nova::keystone::authtoken::password instead.') - } - - if !is_service_default($vendordata_providers) and !empty($vendordata_providers){ validate_array($vendordata_providers) $vendordata_providers_real = join($vendordata_providers, ',') @@ -506,11 +445,11 @@ as a standalone service, or httpd for being run by a httpd server") #Shrinking the variables names in favor of not #having more than 140 chars per line #Admin user real - $aur = pick($admin_user, $::nova::keystone::authtoken::username) + $aur = $::nova::keystone::authtoken::username #Admin password real - $apr = pick($admin_password, $::nova::keystone::authtoken::password) + $apr = $::nova::keystone::authtoken::password #Admin tenan name real - $atnr = pick($admin_tenant_name, $::nova::keystone::authtoken::project_name) + $atnr = $::nova::keystone::authtoken::project_name #Keystone Auth URI $kau = $::nova::keystone::authtoken::auth_uri $defaults = { diff --git a/manifests/init.pp b/manifests/init.pp index 6edda7660..5a3de38cd 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -397,12 +397,6 @@ # # DEPRECATED PARAMETERS # -# [*memcached_servers*] -# (optional) DEPRECATED. Use memcached_servers from -# nova::keystone::authtoken class instead. -# memcached server IP's:Memcached Port. -# Defaults to undef -# # [*rabbit_host*] # (optional) Location of rabbitmq installation. (string value) # Defaults to $::os_service_default @@ -517,7 +511,6 @@ class nova( $disk_allocation_ratio = $::os_service_default, $purge_config = false, # DEPRECATED PARAMETERS - $memcached_servers = undef, $rabbit_host = $::os_service_default, $rabbit_hosts = $::os_service_default, $rabbit_password = $::os_service_default, @@ -537,10 +530,6 @@ class nova( warning('enabled_ssl_apis is empty but use_ssl is set to true') } - if $memcached_servers { - warning('nova::memcached_servers is deprecated, use nova::keystone::authtoken::memcached_servers instead.') - } - if !is_service_default($rabbit_host) or !is_service_default($rabbit_hosts) or !is_service_default($rabbit_password) or diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp index 89ac3fc0b..5644ce8b0 100644 --- a/manifests/keystone/authtoken.pp +++ b/manifests/keystone/authtoken.pp @@ -223,25 +223,17 @@ class nova::keystone::authtoken( $token_cache_time = $::os_service_default, ) { - if is_service_default($password) and ! $::nova::api::admin_password { + if is_service_default($password) { fail('Please set password for nova service user') } - $username_real = pick($::nova::api::admin_user, $username) - $password_real = pick($::nova::api::admin_password, $password) - $project_name_real = pick($::nova::api::admin_tenant_name, $project_name) - $auth_uri_real = pick($::nova::api::auth_uri, $auth_uri) - $auth_version_real = pick($::nova::api::auth_version, $auth_version) - $memcached_servers_real = pick($::nova::memcached_servers, $memcached_servers) - $auth_url_real = pick($::nova::api::identity_uri, $auth_url) - keystone::resource::authtoken { 'nova_config': - username => $username_real, - password => $password_real, - project_name => $project_name_real, - auth_url => $auth_url_real, - auth_uri => $auth_uri_real, - auth_version => $auth_version_real, + username => $username, + password => $password, + project_name => $project_name, + auth_url => $auth_url, + auth_uri => $auth_uri, + auth_version => $auth_version, auth_type => $auth_type, auth_section => $auth_section, user_domain_name => $user_domain_name, @@ -266,7 +258,7 @@ class nova::keystone::authtoken( memcache_security_strategy => $memcache_security_strategy, memcache_use_advanced_pool => $memcache_use_advanced_pool, memcache_pool_unused_timeout => $memcache_pool_unused_timeout, - memcached_servers => $memcached_servers_real, + memcached_servers => $memcached_servers, region_name => $region_name, revocation_cache_time => $revocation_cache_time, signing_dir => $signing_dir, diff --git a/releasenotes/notes/remove_old_authtoken_options-f551ca427590e8b7.yaml b/releasenotes/notes/remove_old_authtoken_options-f551ca427590e8b7.yaml new file mode 100644 index 000000000..6d61f80ad --- /dev/null +++ b/releasenotes/notes/remove_old_authtoken_options-f551ca427590e8b7.yaml @@ -0,0 +1,9 @@ +--- +other: + - removed deprecated nova::api::admin_tenant_name + - removed deprecated nova::api::admin_user + - removed deprecated nova::api::admin_password + - removed deprecated nova::api::identity_uri + - removed deprecated nova::api::auth_uri + - removed deprecated nova::api::auth_version + - removed deprecated nova::memcached_servers diff --git a/spec/classes/nova_api_spec.rb b/spec/classes/nova_api_spec.rb index f2e0d1a21..cc9eaa34b 100644 --- a/spec/classes/nova_api_spec.rb +++ b/spec/classes/nova_api_spec.rb @@ -3,11 +3,14 @@ require 'spec_helper' describe 'nova::api' do let :pre_condition do - 'include nova' + "include nova + class { '::nova::keystone::authtoken': + password => 'passw0rd', + }" end let :params do - { :admin_password => 'passw0rd' } + {} end shared_examples 'nova-api' do @@ -35,19 +38,6 @@ describe 'nova::api' do is_expected.to_not contain_exec('validate_nova_api') end - it 'configures keystone_authtoken middleware' do - is_expected.to contain_nova_config( - 'keystone_authtoken/auth_uri').with_value('http://127.0.0.1:5000/') - is_expected.to contain_nova_config( - 'keystone_authtoken/auth_url').with_value('http://127.0.0.1:35357/') - is_expected.to contain_nova_config( - 'keystone_authtoken/project_name').with_value('services') - is_expected.to contain_nova_config( - 'keystone_authtoken/username').with_value('nova') - is_expected.to contain_nova_config( - 'keystone_authtoken/password').with_value('passw0rd').with_secret(true) - end - it 'enable metadata in evenlet configuration' do is_expected.to contain_nova_config('DEFAULT/enabled_apis').with_value('osapi_compute,metadata') end @@ -94,11 +84,6 @@ describe 'nova::api' do params.merge!({ :enabled => false, :ensure_package => '2012.1-2', - :auth_uri => 'https://10.0.0.1:9999/', - :identity_uri => 'https://10.0.0.1:8888/', - :admin_tenant_name => 'service2', - :admin_user => 'nova2', - :admin_password => 'passw0rd2', :api_bind_address => '192.168.56.210', :metadata_listen => '127.0.0.1', :metadata_listen_port => 8875, @@ -144,21 +129,6 @@ describe 'nova::api' do ) end - it 'configures keystone_authtoken middleware' do - is_expected.to contain_nova_config( - 'keystone_authtoken/auth_uri').with_value('https://10.0.0.1:9999/') - is_expected.to contain_nova_config( - 'keystone_authtoken/auth_url').with_value('https://10.0.0.1:8888/') - is_expected.to contain_nova_config( - 'keystone_authtoken/project_name').with_value('service2') - is_expected.to contain_nova_config( - 'keystone_authtoken/username').with_value('nova2') - is_expected.to contain_nova_config( - 'keystone_authtoken/password').with_value('passw0rd2').with_secret(true) - is_expected.to contain_nova_paste_api_ini( - 'filter:ratelimit/limits').with_value('(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)') - end - it 'configures various stuff' do is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen').with('value' => '192.168.56.210') is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen_port').with('value' => '8874') @@ -248,7 +218,10 @@ describe 'nova::api' do context 'with default database parameters' do let :pre_condition do - "include nova" + "include nova + class { '::nova::keystone::authtoken': + password => 'a_big_secret', + }" end it { is_expected.to_not contain_nova_config('database/connection') } @@ -267,6 +240,9 @@ describe 'nova::api' do api_slave_connection => 'mysql://user:pass@slave/db2', database_idle_timeout => '30', } + class { '::nova::keystone::authtoken': + password => 'passw0rd', + } " end @@ -295,7 +271,10 @@ describe 'nova::api' do let :pre_condition do "include ::apache - include ::nova" + include ::nova + class { '::nova::keystone::authtoken': + password => 'a_big_secret', + }" end it 'enable nova API service' do @@ -320,7 +299,10 @@ describe 'nova::api' do let :pre_condition do "include ::apache - include ::nova" + include ::nova + class { '::nova::keystone::authtoken': + password => 'a_big_secret', + }" end it 'disable nova API service' do @@ -349,7 +331,10 @@ describe 'nova::api' do let :pre_condition do "include ::apache - include ::nova" + include ::nova + class { '::nova::keystone::authtoken': + password => 'a_big_secret', + }" end it_raises 'a Puppet::Error', /Invalid service_name/ diff --git a/spec/classes/nova_init_spec.rb b/spec/classes/nova_init_spec.rb index a487b821b..4b2a2ee9a 100644 --- a/spec/classes/nova_init_spec.rb +++ b/spec/classes/nova_init_spec.rb @@ -94,7 +94,6 @@ describe 'nova' do :service_down_time => '120', :auth_strategy => 'foo', :ensure_package => '2012.1.1-15.el6', - :memcached_servers => ['memcached01:11211', 'memcached02:11211'], :host => 'test-001.example.org', :notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673', :notification_driver => 'ceilometer.compute.nova_notifier', diff --git a/spec/classes/nova_keystone_auth_spec.rb b/spec/classes/nova_keystone_auth_spec.rb index 70a8df0a2..d263825c0 100644 --- a/spec/classes/nova_keystone_auth_spec.rb +++ b/spec/classes/nova_keystone_auth_spec.rb @@ -124,8 +124,11 @@ describe 'nova::keystone::auth' do describe 'when configuring nova-api and the keystone endpoint' do let :pre_condition do - "class { 'nova::api': admin_password => 'test' } - include nova" + "class { '::nova::keystone::authtoken': + password => 'secrete', + } + class { 'nova::api':} + include nova" end let :facts do @@ -158,4 +161,3 @@ describe 'nova::keystone::auth' do end end - diff --git a/spec/classes/nova_wsgi_apache_spec.rb b/spec/classes/nova_wsgi_apache_spec.rb index afa86e1b5..2dff8ac08 100644 --- a/spec/classes/nova_wsgi_apache_spec.rb +++ b/spec/classes/nova_wsgi_apache_spec.rb @@ -12,9 +12,11 @@ describe 'nova::wsgi::apache' do let :pre_condition do "include nova + class { '::nova::keystone::authtoken': + password => 'secrete', + } class { '::nova::api': service_name => 'httpd', - admin_password => 'secrete', }" end @@ -28,9 +30,11 @@ describe 'nova::wsgi::apache' do let :pre_condition do "include nova + class { '::nova::keystone::authtoken': + password => 'secrete', + } class { '::nova::api': service_name => 'httpd', - admin_password => 'secrete', }" end @@ -83,9 +87,11 @@ describe 'nova::wsgi::apache' do describe 'when overriding parameters using different ports' do let :pre_condition do "include nova + class { '::nova::keystone::authtoken': + password => 'secrete', + } class { '::nova::api': service_name => 'httpd', - admin_password => 'secrete', }" end