Stop reading keystone_authtoken options

Using credentials in keystone_authtoken options for nova_* resources was deprecated some cycles ago[1]. [1] 0ed626e1461fecc4f443fcd543a99ba945539b1f Change-Id: Iff2124f142791df8eb0be12ce134e32145bc209c
2023-11-16 14:58:06 +09:00 · 2023-11-16 14:58:06 +09:00 · ce6d01138e
commit ce6d01138e
parent 9412e22cdd
3 changed files with 9 additions and 143 deletions
--- a/lib/puppet/provider/nova.rb
+++ b/lib/puppet/provider/nova.rb
@ -1,36 +1,11 @@
 require 'puppet/util/inifile'
 require 'puppet/provider/openstack'
 require 'puppet/provider/openstack/auth'
-require 'puppet/provider/openstack/credentials'

 class Puppet::Provider::Nova < Puppet::Provider::Openstack

  extend Puppet::Provider::Openstack::Auth

-  def self.request(service, action, properties=nil)
-    begin
-      super
-    rescue Puppet::Error::OpenstackAuthInputError => error
-      nova_request(service, action, error, properties)
-    end
-  end
-
-  def self.nova_request(service, action, error, properties=nil)
-    warning('Usage of keystone_authtoken parameters is deprecated.')
-    properties ||= []
-    @credentials.username = nova_credentials['username']
-    @credentials.password = nova_credentials['password']
-    @credentials.project_name = nova_credentials['project_name']
-    @credentials.auth_url = auth_endpoint
-    @credentials.user_domain_name = nova_credentials['user_domain_name']
-    @credentials.project_domain_name = nova_credentials['project_domain_name']
-    if nova_credentials['region_name']
-      @credentials.region_name = nova_credentials['region_name']
-    end
-    raise error unless @credentials.set?
-    Puppet::Provider::Openstack.request(service, action, properties, @credentials)
-  end
-
  def self.nova_manage_request(*args)
    # Not using the nova-manage command directly,
    # so we can disable combining of stderr/stdout output.
@ -65,58 +40,7 @@ class Puppet::Provider::Nova < Puppet::Provider::Openstack
    @nova_conf
  end

-  def self.nova_credentials
-    @nova_credentials ||= get_nova_credentials
-  end
-
-  def nova_credentials
-    self.class.nova_credentials
-  end
-
-  def self.get_nova_credentials
-    #needed keys for authentication
-    auth_keys = ['auth_url', 'project_name', 'username', 'password']
-    conf = nova_conf
-    if conf and conf['keystone_authtoken'] and
-        auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?}
-      creds = Hash[ auth_keys.map \
-                   { |k| [k, conf['keystone_authtoken'][k].strip] } ]
-      if !conf['keystone_authtoken']['region_name'].nil?
-        creds['region_name'] = conf['keystone_authtoken']['region_name'].strip
-      end
-
-      if !conf['keystone_authtoken']['project_domain_name'].nil?
-        creds['project_domain_name'] = conf['keystone_authtoken']['project_domain_name'].strip
-      else
-        creds['project_domain_name'] = 'Default'
-      end
-
-      if !conf['keystone_authtoken']['user_domain_name'].nil?
-        creds['user_domain_name'] = conf['keystone_authtoken']['user_domain_name'].strip
-      else
-        creds['user_domain_name'] = 'Default'
-      end
-
-      return creds
-    else
-      raise(Puppet::Error, "File: #{conf_filename} does not contain all " +
-            "required sections.  Nova types will not work if nova is not " +
-            "correctly configured.")
-    end
-  end
-
-  def self.get_auth_endpoint
-    q = nova_credentials
-    "#{q['auth_url']}"
-  end
-
-  def self.auth_endpoint
-    @auth_endpoint ||= get_auth_endpoint
-  end
-
  def self.reset
-    @auth_endpoint = nil
    @nova_conf = nil
-    @nova_credentials = nil
  end
 end
--- a/releasenotes/notes/stop-reading-authtoken-opts-028c5c463f97b1fa.yaml
+++ b/releasenotes/notes/stop-reading-authtoken-opts-028c5c463f97b1fa.yaml
@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    The following resource types no longer attempts to load user credentials
+    from the ``[keystone_authtoken]`` section in ``nova.conf``.
+
+    - ``nova_aggregate``
+    - ``nova_flavor``
+    - ``nova_service``
--- a/spec/unit/provider/nova_spec.rb
+++ b/spec/unit/provider/nova_spec.rb
@ -1,67 +0,0 @@
-require 'puppet'
-require 'spec_helper'
-require 'puppet/provider/nova'
-require 'rspec/mocks'
-
-describe Puppet::Provider::Nova do
-
-  def klass
-    described_class
-  end
-
-  let :credential_hash do
-    {
-      'auth_url'     => 'https://192.168.56.210:5000/v3/',
-      'project_name' => 'admin_tenant',
-      'username'     => 'admin',
-      'password'     => 'password',
-      'region_name'  => 'Region1',
-    }
-  end
-
-  let :auth_endpoint do
-    'https://192.168.56.210:5000/v3/'
-  end
-
-  let :credential_error do
-    /Nova types will not work/
-  end
-
-  after :each do
-    klass.reset
-  end
-
-  describe 'when determining credentials' do
-
-    it 'should fail if config is empty' do
-      conf = {}
-      expect(klass).to receive(:nova_conf).and_return(conf)
-      expect do
-        klass.nova_credentials
-      end.to raise_error(Puppet::Error, credential_error)
-    end
-
-    it 'should fail if config does not have keystone_authtoken section.' do
-      conf = {'foo' => 'bar'}
-      expect(klass).to receive(:nova_conf).and_return(conf)
-      expect do
-        klass.nova_credentials
-      end.to raise_error(Puppet::Error, credential_error)
-    end
-
-    it 'should fail if config does not contain all auth params' do
-      conf = {'keystone_authtoken' => {'invalid_value' => 'foo'}}
-      expect(klass).to receive(:nova_conf).and_return(conf)
-      expect do
-       klass.nova_credentials
-      end.to raise_error(Puppet::Error, credential_error)
-    end
-
-    it 'should use specified uri in the auth endpoint' do
-      conf = {'keystone_authtoken' => credential_hash}
-      expect(klass).to receive(:nova_conf).and_return(conf)
-      expect(klass.get_auth_endpoint).to eq(auth_endpoint)
-    end
-
-  end
-end