Add parameters to configure vendordata dynamic plugins' auth

These plugins can support keystone authentication; but need some auth
parameters to be configured.

Change-Id: I870e244aff97439143b58e9b2284830b4388cc5f
This commit is contained in:
Juan Antonio Osorio Robles 2017-03-27 18:27:48 +03:00
parent 210a3161e5
commit d80cb9ab16
3 changed files with 184 additions and 105 deletions

View File

@ -215,6 +215,39 @@
# and in others you need it set there.
# Defaults to false
#
# [*vendordata_dynamic_auth_auth_type*]
# (optional) Authentication type to load for vendordata dynamic plugins.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_auth_url*]
# (optional) URL to use for authenticating.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_os_region_name*]
# (optional) Region name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_password*]
# (optional) Password for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_project_domain_name*]
# (optional) Project domain name for the vendordata dynamic plugin
# credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_project_name*]
# (optional) Project name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_user_domain_name*]
# (optional) User domain name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_username*]
# (optional) User name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# DEPRECATED
#
# [*conductor_workers*]
@ -242,56 +275,64 @@
# Defaults to undef
#
class nova::api(
$enabled = true,
$manage_service = true,
$api_paste_config = 'api-paste.ini',
$ensure_package = 'present',
$api_bind_address = '0.0.0.0',
$osapi_compute_listen_port = 8774,
$metadata_listen = '0.0.0.0',
$metadata_listen_port = 8775,
$enabled_apis = ['osapi_compute', 'metadata'],
$use_forwarded_for = false,
$osapi_compute_workers = $::os_workers,
$metadata_workers = $::os_workers,
$sync_db = true,
$sync_db_api = true,
$db_online_data_migrations = false,
$neutron_metadata_proxy_shared_secret = undef,
$default_floating_pool = 'nova',
$pci_alias = undef,
$ratelimits = undef,
$ratelimits_factory =
$enabled = true,
$manage_service = true,
$api_paste_config = 'api-paste.ini',
$ensure_package = 'present',
$api_bind_address = '0.0.0.0',
$osapi_compute_listen_port = 8774,
$metadata_listen = '0.0.0.0',
$metadata_listen_port = 8775,
$enabled_apis = ['osapi_compute', 'metadata'],
$use_forwarded_for = false,
$osapi_compute_workers = $::os_workers,
$metadata_workers = $::os_workers,
$sync_db = true,
$sync_db_api = true,
$db_online_data_migrations = false,
$neutron_metadata_proxy_shared_secret = undef,
$default_floating_pool = 'nova',
$pci_alias = undef,
$ratelimits = undef,
$ratelimits_factory =
'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory',
$validate = false,
$validation_options = {},
$instance_name_template = undef,
$fping_path = '/usr/sbin/fping',
$service_name = $::nova::params::api_service_name,
$enable_proxy_headers_parsing = $::os_service_default,
$metadata_cache_expiration = $::os_service_default,
$vendordata_jsonfile_path = $::os_service_default,
$vendordata_providers = $::os_service_default,
$vendordata_dynamic_targets = $::os_service_default,
$vendordata_dynamic_connect_timeout = $::os_service_default,
$vendordata_dynamic_read_timeout = $::os_service_default,
$vendordata_dynamic_failure_fatal = $::os_service_default,
$max_limit = $::os_service_default,
$compute_link_prefix = $::os_service_default,
$glance_link_prefix = $::os_service_default,
$hide_server_address_states = $::os_service_default,
$allow_instance_snapshots = $::os_service_default,
$enable_network_quota = $::os_service_default,
$enable_instance_password = $::os_service_default,
$password_length = $::os_service_default,
$install_cinder_client = true,
$allow_resize_to_same_host = false,
$validate = false,
$validation_options = {},
$instance_name_template = undef,
$fping_path = '/usr/sbin/fping',
$service_name = $::nova::params::api_service_name,
$enable_proxy_headers_parsing = $::os_service_default,
$metadata_cache_expiration = $::os_service_default,
$vendordata_jsonfile_path = $::os_service_default,
$vendordata_providers = $::os_service_default,
$vendordata_dynamic_targets = $::os_service_default,
$vendordata_dynamic_connect_timeout = $::os_service_default,
$vendordata_dynamic_read_timeout = $::os_service_default,
$vendordata_dynamic_failure_fatal = $::os_service_default,
$max_limit = $::os_service_default,
$compute_link_prefix = $::os_service_default,
$glance_link_prefix = $::os_service_default,
$hide_server_address_states = $::os_service_default,
$allow_instance_snapshots = $::os_service_default,
$enable_network_quota = $::os_service_default,
$enable_instance_password = $::os_service_default,
$password_length = $::os_service_default,
$install_cinder_client = true,
$allow_resize_to_same_host = false,
$vendordata_dynamic_auth_auth_type = $::os_service_default,
$vendordata_dynamic_auth_auth_url = $::os_service_default,
$vendordata_dynamic_auth_os_region_name = $::os_service_default,
$vendordata_dynamic_auth_password = $::os_service_default,
$vendordata_dynamic_auth_project_domain_name = $::os_service_default,
$vendordata_dynamic_auth_project_name = $::os_service_default,
$vendordata_dynamic_auth_user_domain_name = $::os_service_default,
$vendordata_dynamic_auth_username = $::os_service_default,
# DEPRECATED PARAMETER
$conductor_workers = undef,
$osapi_max_limit = undef,
$osapi_compute_link_prefix = undef,
$osapi_glance_link_prefix = undef,
$osapi_hide_server_address_states = undef,
$conductor_workers = undef,
$osapi_max_limit = undef,
$osapi_compute_link_prefix = undef,
$osapi_glance_link_prefix = undef,
$osapi_hide_server_address_states = undef,
) inherits nova::params {
include ::nova::deps
@ -406,33 +447,41 @@ as a standalone service, or httpd for being run by a httpd server")
}
nova_config {
'wsgi/api_paste_config': value => $api_paste_config;
'DEFAULT/enabled_apis': value => join($enabled_apis_real, ',');
'DEFAULT/osapi_compute_listen': value => $api_bind_address;
'DEFAULT/metadata_listen': value => $metadata_listen;
'DEFAULT/metadata_listen_port': value => $metadata_listen_port;
'DEFAULT/osapi_compute_listen_port': value => $osapi_compute_listen_port;
'DEFAULT/osapi_volume_listen': value => $api_bind_address;
'DEFAULT/osapi_compute_workers': value => $osapi_compute_workers;
'DEFAULT/metadata_workers': value => $metadata_workers;
'DEFAULT/default_floating_pool': value => $default_floating_pool;
'DEFAULT/enable_network_quota': value => $enable_network_quota;
'DEFAULT/password_length': value => $password_length;
'api/metadata_cache_expiration': value => $metadata_cache_expiration;
'api/use_forwarded_for': value => $use_forwarded_for;
'api/fping_path': value => $fping_path;
'api/vendordata_jsonfile_path': value => $vendordata_jsonfile_path;
'api/vendordata_providers': value => $vendordata_providers_real;
'api/vendordata_dynamic_targets': value => $vendordata_dynamic_targets_real;
'api/vendordata_dynamic_connect_timeout': value => $vendordata_dynamic_connect_timeout;
'api/vendordata_dynamic_read_timeout': value => $vendordata_dynamic_read_timeout;
'api/vendordata_dynamic_failure_fatal': value => $vendordata_dynamic_failure_fatal;
'api/max_limit': value => $max_limit_real;
'api/compute_link_prefix': value => $compute_link_prefix_real;
'api/glance_link_prefix': value => $glance_link_prefix_real;
'api/hide_server_address_states': value => $hide_server_address_states_real;
'api/allow_instance_snapshots': value => $allow_instance_snapshots;
'api/enable_instance_password': value => $enable_instance_password;
'wsgi/api_paste_config': value => $api_paste_config;
'DEFAULT/enabled_apis': value => join($enabled_apis_real, ',');
'DEFAULT/osapi_compute_listen': value => $api_bind_address;
'DEFAULT/metadata_listen': value => $metadata_listen;
'DEFAULT/metadata_listen_port': value => $metadata_listen_port;
'DEFAULT/osapi_compute_listen_port': value => $osapi_compute_listen_port;
'DEFAULT/osapi_volume_listen': value => $api_bind_address;
'DEFAULT/osapi_compute_workers': value => $osapi_compute_workers;
'DEFAULT/metadata_workers': value => $metadata_workers;
'DEFAULT/default_floating_pool': value => $default_floating_pool;
'DEFAULT/enable_network_quota': value => $enable_network_quota;
'DEFAULT/password_length': value => $password_length;
'api/metadata_cache_expiration': value => $metadata_cache_expiration;
'api/use_forwarded_for': value => $use_forwarded_for;
'api/fping_path': value => $fping_path;
'api/vendordata_jsonfile_path': value => $vendordata_jsonfile_path;
'api/vendordata_providers': value => $vendordata_providers_real;
'api/vendordata_dynamic_targets': value => $vendordata_dynamic_targets_real;
'api/vendordata_dynamic_connect_timeout': value => $vendordata_dynamic_connect_timeout;
'api/vendordata_dynamic_read_timeout': value => $vendordata_dynamic_read_timeout;
'api/vendordata_dynamic_failure_fatal': value => $vendordata_dynamic_failure_fatal;
'api/max_limit': value => $max_limit_real;
'api/compute_link_prefix': value => $compute_link_prefix_real;
'api/glance_link_prefix': value => $glance_link_prefix_real;
'api/hide_server_address_states': value => $hide_server_address_states_real;
'api/allow_instance_snapshots': value => $allow_instance_snapshots;
'api/enable_instance_password': value => $enable_instance_password;
'vendordata_dynamic_auth/auth_type': value => $vendordata_dynamic_auth_auth_type;
'vendordata_dynamic_auth/auth_url': value => $vendordata_dynamic_auth_auth_url;
'vendordata_dynamic_auth/os_region_name': value => $vendordata_dynamic_auth_os_region_name;
'vendordata_dynamic_auth/password': value => $vendordata_dynamic_auth_password, secret => true;
'vendordata_dynamic_auth/project_domain_name': value => $vendordata_dynamic_auth_project_domain_name;
'vendordata_dynamic_auth/project_name': value => $vendordata_dynamic_auth_project_name;
'vendordata_dynamic_auth/user_domain_name': value => $vendordata_dynamic_auth_user_domain_name;
'vendordata_dynamic_auth/username': value => $vendordata_dynamic_auth_username;
}
oslo::middleware {'nova_config':

View File

@ -0,0 +1,6 @@
---
features:
- Vendordata Dynamic plugins' authentication can be configured via the
vendordata_dynamic_plugin_auth_* parameters for the api manifest. These
parameters set the values in the vendordata_dynamic_auth section of the
nova configuration.

View File

@ -72,6 +72,14 @@ describe 'nova::api' do
is_expected.to contain_nova_config('api/enable_instance_password').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => false)
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => '<SERVICE DEFAULT>')
end
it 'unconfigures neutron_metadata proxy' do
@ -83,36 +91,44 @@ describe 'nova::api' do
context 'with overridden parameters' do
before do
params.merge!({
:enabled => false,
:ensure_package => '2012.1-2',
:api_bind_address => '192.168.56.210',
:metadata_listen => '127.0.0.1',
:metadata_listen_port => 8875,
:osapi_compute_listen_port => 8874,
:use_forwarded_for => false,
:ratelimits => '(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)',
:neutron_metadata_proxy_shared_secret => 'secrete',
:osapi_compute_workers => 1,
:metadata_workers => 2,
:default_floating_pool => 'public',
:enable_proxy_headers_parsing => true,
:metadata_cache_expiration => 15,
:vendordata_jsonfile_path => '/tmp',
:vendordata_providers => ['StaticJSON', 'DynamicJSON'],
:vendordata_dynamic_targets => ['join@http://127.0.0.1:9999/v1/'],
:vendordata_dynamic_connect_timeout => 30,
:vendordata_dynamic_read_timeout => 30,
:vendordata_dynamic_failure_fatal => false,
:osapi_max_limit => 1000,
:osapi_compute_link_prefix => 'https://10.0.0.1:7777/',
:osapi_glance_link_prefix => 'https://10.0.0.1:6666/',
:osapi_hide_server_address_states => 'building',
:allow_instance_snapshots => true,
:enable_network_quota => false,
:enable_instance_password => true,
:password_length => 12,
:pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]",
:allow_resize_to_same_host => true,
:enabled => false,
:ensure_package => '2012.1-2',
:api_bind_address => '192.168.56.210',
:metadata_listen => '127.0.0.1',
:metadata_listen_port => 8875,
:osapi_compute_listen_port => 8874,
:use_forwarded_for => false,
:ratelimits => '(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)',
:neutron_metadata_proxy_shared_secret => 'secrete',
:osapi_compute_workers => 1,
:metadata_workers => 2,
:default_floating_pool => 'public',
:enable_proxy_headers_parsing => true,
:metadata_cache_expiration => 15,
:vendordata_jsonfile_path => '/tmp',
:vendordata_providers => ['StaticJSON', 'DynamicJSON'],
:vendordata_dynamic_targets => ['join@http://127.0.0.1:9999/v1/'],
:vendordata_dynamic_connect_timeout => 30,
:vendordata_dynamic_read_timeout => 30,
:vendordata_dynamic_failure_fatal => false,
:osapi_max_limit => 1000,
:osapi_compute_link_prefix => 'https://10.0.0.1:7777/',
:osapi_glance_link_prefix => 'https://10.0.0.1:6666/',
:osapi_hide_server_address_states => 'building',
:allow_instance_snapshots => true,
:enable_network_quota => false,
:enable_instance_password => true,
:password_length => 12,
:pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]",
:allow_resize_to_same_host => true,
:vendordata_dynamic_auth_auth_type => 'password',
:vendordata_dynamic_auth_auth_url => 'http://127.0.0.1:5000',
:vendordata_dynamic_auth_os_region_name => 'RegionOne',
:vendordata_dynamic_auth_password => 'secrete',
:vendordata_dynamic_auth_project_domain_name => 'Default',
:vendordata_dynamic_auth_project_name => 'project',
:vendordata_dynamic_auth_user_domain_name => 'Default',
:vendordata_dynamic_auth_username => 'user',
})
end
@ -160,6 +176,14 @@ describe 'nova::api' do
is_expected.to contain_nova_config('api/enable_instance_password').with('value' => true)
is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '12')
is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => true)
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => 'password')
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => 'http://127.0.0.1:5000')
is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => 'RegionOne')
is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => 'secrete').with_secret(true)
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => 'Default')
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => 'project')
is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => 'Default')
is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => 'user')
end
it 'configures nova pci_alias entries' do