openstack
/
puppet-nova
Code Issues Proposed changes

Add parameters to configure vendordata dynamic plugins' auth 

These plugins can support keystone authentication; but need some auth
parameters to be configured.

Change-Id: I870e244aff97439143b58e9b2284830b4388cc5f
This commit is contained in:
Juan Antonio Osorio Robles 2017-03-27 18:27:48 +03:00
parent 210a3161e5
commit d80cb9ab16
3 changed files with 184 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
manifests/api.pp
View File

@ -215,6 +215,39 @@
# and in others you need it set there. # and in others you need it set there.
# Defaults to false # Defaults to false
# #
# [*vendordata_dynamic_auth_auth_type*]
# (optional) Authentication type to load for vendordata dynamic plugins.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_auth_url*]
# (optional) URL to use for authenticating.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_os_region_name*]
# (optional) Region name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_password*]
# (optional) Password for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_project_domain_name*]
# (optional) Project domain name for the vendordata dynamic plugin
# credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_project_name*]
# (optional) Project name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_user_domain_name*]
# (optional) User domain name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_username*]
# (optional) User name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# DEPRECATED # DEPRECATED
# #
# [*conductor_workers*] # [*conductor_workers*]
@ -242,56 +275,64 @@
# Defaults to undef # Defaults to undef
# #
class nova::api( class nova::api(
$enabled = true, $enabled = true,
$manage_service = true, $manage_service = true,
$api_paste_config = 'api-paste.ini', $api_paste_config = 'api-paste.ini',
$ensure_package = 'present', $ensure_package = 'present',
$api_bind_address = '0.0.0.0', $api_bind_address = '0.0.0.0',
$osapi_compute_listen_port = 8774, $osapi_compute_listen_port = 8774,
$metadata_listen = '0.0.0.0', $metadata_listen = '0.0.0.0',
$metadata_listen_port = 8775, $metadata_listen_port = 8775,
$enabled_apis = ['osapi_compute', 'metadata'], $enabled_apis = ['osapi_compute', 'metadata'],
$use_forwarded_for = false, $use_forwarded_for = false,
$osapi_compute_workers = $::os_workers, $osapi_compute_workers = $::os_workers,
$metadata_workers = $::os_workers, $metadata_workers = $::os_workers,
$sync_db = true, $sync_db = true,
$sync_db_api = true, $sync_db_api = true,
$db_online_data_migrations = false, $db_online_data_migrations = false,
$neutron_metadata_proxy_shared_secret = undef, $neutron_metadata_proxy_shared_secret = undef,
$default_floating_pool = 'nova', $default_floating_pool = 'nova',
$pci_alias = undef, $pci_alias = undef,
$ratelimits = undef, $ratelimits = undef,
$ratelimits_factory = $ratelimits_factory =
'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory', 'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory',
$validate = false, $validate = false,
$validation_options = {}, $validation_options = {},
$instance_name_template = undef, $instance_name_template = undef,
$fping_path = '/usr/sbin/fping', $fping_path = '/usr/sbin/fping',
$service_name = $::nova::params::api_service_name, $service_name = $::nova::params::api_service_name,
$enable_proxy_headers_parsing = $::os_service_default, $enable_proxy_headers_parsing = $::os_service_default,
$metadata_cache_expiration = $::os_service_default, $metadata_cache_expiration = $::os_service_default,
$vendordata_jsonfile_path = $::os_service_default, $vendordata_jsonfile_path = $::os_service_default,
$vendordata_providers = $::os_service_default, $vendordata_providers = $::os_service_default,
$vendordata_dynamic_targets = $::os_service_default, $vendordata_dynamic_targets = $::os_service_default,
$vendordata_dynamic_connect_timeout = $::os_service_default, $vendordata_dynamic_connect_timeout = $::os_service_default,
$vendordata_dynamic_read_timeout = $::os_service_default, $vendordata_dynamic_read_timeout = $::os_service_default,
$vendordata_dynamic_failure_fatal = $::os_service_default, $vendordata_dynamic_failure_fatal = $::os_service_default,
$max_limit = $::os_service_default, $max_limit = $::os_service_default,
$compute_link_prefix = $::os_service_default, $compute_link_prefix = $::os_service_default,
$glance_link_prefix = $::os_service_default, $glance_link_prefix = $::os_service_default,
$hide_server_address_states = $::os_service_default, $hide_server_address_states = $::os_service_default,
$allow_instance_snapshots = $::os_service_default, $allow_instance_snapshots = $::os_service_default,
$enable_network_quota = $::os_service_default, $enable_network_quota = $::os_service_default,
$enable_instance_password = $::os_service_default, $enable_instance_password = $::os_service_default,
$password_length = $::os_service_default, $password_length = $::os_service_default,
$install_cinder_client = true, $install_cinder_client = true,
$allow_resize_to_same_host = false, $allow_resize_to_same_host = false,
$vendordata_dynamic_auth_auth_type = $::os_service_default,
$vendordata_dynamic_auth_auth_url = $::os_service_default,
$vendordata_dynamic_auth_os_region_name = $::os_service_default,
$vendordata_dynamic_auth_password = $::os_service_default,
$vendordata_dynamic_auth_project_domain_name = $::os_service_default,
$vendordata_dynamic_auth_project_name = $::os_service_default,
$vendordata_dynamic_auth_user_domain_name = $::os_service_default,
$vendordata_dynamic_auth_username = $::os_service_default,
# DEPRECATED PARAMETER # DEPRECATED PARAMETER
$conductor_workers = undef, $conductor_workers = undef,
$osapi_max_limit = undef, $osapi_max_limit = undef,
$osapi_compute_link_prefix = undef, $osapi_compute_link_prefix = undef,
$osapi_glance_link_prefix = undef, $osapi_glance_link_prefix = undef,
$osapi_hide_server_address_states = undef, $osapi_hide_server_address_states = undef,
) inherits nova::params { ) inherits nova::params {
include ::nova::deps include ::nova::deps
@ -406,33 +447,41 @@ as a standalone service, or httpd for being run by a httpd server")
} }
nova_config { nova_config {
'wsgi/api_paste_config': value => $api_paste_config; 'wsgi/api_paste_config': value => $api_paste_config;
'DEFAULT/enabled_apis': value => join($enabled_apis_real, ','); 'DEFAULT/enabled_apis': value => join($enabled_apis_real, ',');
'DEFAULT/osapi_compute_listen': value => $api_bind_address; 'DEFAULT/osapi_compute_listen': value => $api_bind_address;
'DEFAULT/metadata_listen': value => $metadata_listen; 'DEFAULT/metadata_listen': value => $metadata_listen;
'DEFAULT/metadata_listen_port': value => $metadata_listen_port; 'DEFAULT/metadata_listen_port': value => $metadata_listen_port;
'DEFAULT/osapi_compute_listen_port': value => $osapi_compute_listen_port; 'DEFAULT/osapi_compute_listen_port': value => $osapi_compute_listen_port;
'DEFAULT/osapi_volume_listen': value => $api_bind_address; 'DEFAULT/osapi_volume_listen': value => $api_bind_address;
'DEFAULT/osapi_compute_workers': value => $osapi_compute_workers; 'DEFAULT/osapi_compute_workers': value => $osapi_compute_workers;
'DEFAULT/metadata_workers': value => $metadata_workers; 'DEFAULT/metadata_workers': value => $metadata_workers;
'DEFAULT/default_floating_pool': value => $default_floating_pool; 'DEFAULT/default_floating_pool': value => $default_floating_pool;
'DEFAULT/enable_network_quota': value => $enable_network_quota; 'DEFAULT/enable_network_quota': value => $enable_network_quota;
'DEFAULT/password_length': value => $password_length; 'DEFAULT/password_length': value => $password_length;
'api/metadata_cache_expiration': value => $metadata_cache_expiration; 'api/metadata_cache_expiration': value => $metadata_cache_expiration;
'api/use_forwarded_for': value => $use_forwarded_for; 'api/use_forwarded_for': value => $use_forwarded_for;
'api/fping_path': value => $fping_path; 'api/fping_path': value => $fping_path;
'api/vendordata_jsonfile_path': value => $vendordata_jsonfile_path; 'api/vendordata_jsonfile_path': value => $vendordata_jsonfile_path;
'api/vendordata_providers': value => $vendordata_providers_real; 'api/vendordata_providers': value => $vendordata_providers_real;
'api/vendordata_dynamic_targets': value => $vendordata_dynamic_targets_real; 'api/vendordata_dynamic_targets': value => $vendordata_dynamic_targets_real;
'api/vendordata_dynamic_connect_timeout': value => $vendordata_dynamic_connect_timeout; 'api/vendordata_dynamic_connect_timeout': value => $vendordata_dynamic_connect_timeout;
'api/vendordata_dynamic_read_timeout': value => $vendordata_dynamic_read_timeout; 'api/vendordata_dynamic_read_timeout': value => $vendordata_dynamic_read_timeout;
'api/vendordata_dynamic_failure_fatal': value => $vendordata_dynamic_failure_fatal; 'api/vendordata_dynamic_failure_fatal': value => $vendordata_dynamic_failure_fatal;
'api/max_limit': value => $max_limit_real; 'api/max_limit': value => $max_limit_real;
'api/compute_link_prefix': value => $compute_link_prefix_real; 'api/compute_link_prefix': value => $compute_link_prefix_real;
'api/glance_link_prefix': value => $glance_link_prefix_real; 'api/glance_link_prefix': value => $glance_link_prefix_real;
'api/hide_server_address_states': value => $hide_server_address_states_real; 'api/hide_server_address_states': value => $hide_server_address_states_real;
'api/allow_instance_snapshots': value => $allow_instance_snapshots; 'api/allow_instance_snapshots': value => $allow_instance_snapshots;
'api/enable_instance_password': value => $enable_instance_password; 'api/enable_instance_password': value => $enable_instance_password;
'vendordata_dynamic_auth/auth_type': value => $vendordata_dynamic_auth_auth_type;
'vendordata_dynamic_auth/auth_url': value => $vendordata_dynamic_auth_auth_url;
'vendordata_dynamic_auth/os_region_name': value => $vendordata_dynamic_auth_os_region_name;
'vendordata_dynamic_auth/password': value => $vendordata_dynamic_auth_password, secret => true;
'vendordata_dynamic_auth/project_domain_name': value => $vendordata_dynamic_auth_project_domain_name;
'vendordata_dynamic_auth/project_name': value => $vendordata_dynamic_auth_project_name;
'vendordata_dynamic_auth/user_domain_name': value => $vendordata_dynamic_auth_user_domain_name;
'vendordata_dynamic_auth/username': value => $vendordata_dynamic_auth_username;
} }
oslo::middleware {'nova_config': oslo::middleware {'nova_config':

6
releasenotes/notes/vendordata-dynamic-plugin-auth-149cd7ff53fc731b.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- Vendordata Dynamic plugins' authentication can be configured via the
vendordata_dynamic_plugin_auth_* parameters for the api manifest. These
parameters set the values in the vendordata_dynamic_auth section of the
nova configuration.

84
spec/classes/nova_api_spec.rb
View File

@ -72,6 +72,14 @@ describe 'nova::api' do
is_expected.to contain_nova_config('api/enable_instance_password').with('value' => '<SERVICE DEFAULT>') is_expected.to contain_nova_config('api/enable_instance_password').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '<SERVICE DEFAULT>') is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => false) is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => false)
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => '<SERVICE DEFAULT>')
end end
it 'unconfigures neutron_metadata proxy' do it 'unconfigures neutron_metadata proxy' do
@ -83,36 +91,44 @@ describe 'nova::api' do
context 'with overridden parameters' do context 'with overridden parameters' do
before do before do
params.merge!({ params.merge!({
:enabled => false, :enabled => false,
:ensure_package => '2012.1-2', :ensure_package => '2012.1-2',
:api_bind_address => '192.168.56.210', :api_bind_address => '192.168.56.210',
:metadata_listen => '127.0.0.1', :metadata_listen => '127.0.0.1',
:metadata_listen_port => 8875, :metadata_listen_port => 8875,
:osapi_compute_listen_port => 8874, :osapi_compute_listen_port => 8874,
:use_forwarded_for => false, :use_forwarded_for => false,
:ratelimits => '(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)', :ratelimits => '(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)',
:neutron_metadata_proxy_shared_secret => 'secrete', :neutron_metadata_proxy_shared_secret => 'secrete',
:osapi_compute_workers => 1, :osapi_compute_workers => 1,
:metadata_workers => 2, :metadata_workers => 2,
:default_floating_pool => 'public', :default_floating_pool => 'public',
:enable_proxy_headers_parsing => true, :enable_proxy_headers_parsing => true,
:metadata_cache_expiration => 15, :metadata_cache_expiration => 15,
:vendordata_jsonfile_path => '/tmp', :vendordata_jsonfile_path => '/tmp',
:vendordata_providers => ['StaticJSON', 'DynamicJSON'], :vendordata_providers => ['StaticJSON', 'DynamicJSON'],
:vendordata_dynamic_targets => ['join@http://127.0.0.1:9999/v1/'], :vendordata_dynamic_targets => ['join@http://127.0.0.1:9999/v1/'],
:vendordata_dynamic_connect_timeout => 30, :vendordata_dynamic_connect_timeout => 30,
:vendordata_dynamic_read_timeout => 30, :vendordata_dynamic_read_timeout => 30,
:vendordata_dynamic_failure_fatal => false, :vendordata_dynamic_failure_fatal => false,
:osapi_max_limit => 1000, :osapi_max_limit => 1000,
:osapi_compute_link_prefix => 'https://10.0.0.1:7777/', :osapi_compute_link_prefix => 'https://10.0.0.1:7777/',
:osapi_glance_link_prefix => 'https://10.0.0.1:6666/', :osapi_glance_link_prefix => 'https://10.0.0.1:6666/',
:osapi_hide_server_address_states => 'building', :osapi_hide_server_address_states => 'building',
:allow_instance_snapshots => true, :allow_instance_snapshots => true,
:enable_network_quota => false, :enable_network_quota => false,
:enable_instance_password => true, :enable_instance_password => true,
:password_length => 12, :password_length => 12,
:pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]", :pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]",
:allow_resize_to_same_host => true, :allow_resize_to_same_host => true,
:vendordata_dynamic_auth_auth_type => 'password',
:vendordata_dynamic_auth_auth_url => 'http://127.0.0.1:5000',
:vendordata_dynamic_auth_os_region_name => 'RegionOne',
:vendordata_dynamic_auth_password => 'secrete',
:vendordata_dynamic_auth_project_domain_name => 'Default',
:vendordata_dynamic_auth_project_name => 'project',
:vendordata_dynamic_auth_user_domain_name => 'Default',
:vendordata_dynamic_auth_username => 'user',
}) })
end end
@ -160,6 +176,14 @@ describe 'nova::api' do
is_expected.to contain_nova_config('api/enable_instance_password').with('value' => true) is_expected.to contain_nova_config('api/enable_instance_password').with('value' => true)
is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '12') is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '12')
is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => true) is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => true)
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => 'password')
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => 'http://127.0.0.1:5000')
is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => 'RegionOne')
is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => 'secrete').with_secret(true)
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => 'Default')
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => 'project')
is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => 'Default')
is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => 'user')
end end
it 'configures nova pci_alias entries' do it 'configures nova pci_alias entries' do