Add parameters to configure vendordata dynamic plugins' auth

These plugins can support keystone authentication; but need some auth
parameters to be configured.

Change-Id: I870e244aff97439143b58e9b2284830b4388cc5f

manifests/api.pp

@@ -215,6 +215,39 @@
 #   and in others you need it set there.
 #   Defaults to false
 #
+#  [*vendordata_dynamic_auth_auth_type*]
+#   (optional) Authentication type to load for vendordata dynamic plugins.
+#   Defaults to $::os_service_default
+#
+#  [*vendordata_dynamic_auth_auth_url*]
+#   (optional) URL to use for authenticating.
+#   Defaults to $::os_service_default
+#
+#  [*vendordata_dynamic_auth_os_region_name*]
+#   (optional) Region name for the vendordata dynamic plugin credentials.
+#   Defaults to $::os_service_default
+#
+#  [*vendordata_dynamic_auth_password*]
+#   (optional) Password for the vendordata dynamic plugin credentials.
+#   Defaults to $::os_service_default
+#
+#  [*vendordata_dynamic_auth_project_domain_name*]
+#   (optional) Project domain name for the vendordata dynamic plugin
+#    credentials.
+#   Defaults to $::os_service_default
+#
+#  [*vendordata_dynamic_auth_project_name*]
+#   (optional) Project name for the vendordata dynamic plugin credentials.
+#   Defaults to $::os_service_default
+#
+#  [*vendordata_dynamic_auth_user_domain_name*]
+#   (optional) User domain name for the vendordata dynamic plugin credentials.
+#   Defaults to $::os_service_default
+#
+#  [*vendordata_dynamic_auth_username*]
+#   (optional) User name for the vendordata dynamic plugin credentials.
+#   Defaults to $::os_service_default
+#
 # DEPRECATED
 #
 # [*conductor_workers*]
@@ -286,6 +319,14 @@ class nova::api(
   $password_length                             = $::os_service_default,
   $install_cinder_client                       = true,
   $allow_resize_to_same_host                   = false,
+  $vendordata_dynamic_auth_auth_type           = $::os_service_default,
+  $vendordata_dynamic_auth_auth_url            = $::os_service_default,
+  $vendordata_dynamic_auth_os_region_name      = $::os_service_default,
+  $vendordata_dynamic_auth_password            = $::os_service_default,
+  $vendordata_dynamic_auth_project_domain_name = $::os_service_default,
+  $vendordata_dynamic_auth_project_name        = $::os_service_default,
+  $vendordata_dynamic_auth_user_domain_name    = $::os_service_default,
+  $vendordata_dynamic_auth_username            = $::os_service_default,
   # DEPRECATED PARAMETER
   $conductor_workers                           = undef,
   $osapi_max_limit                             = undef,
@@ -433,6 +474,14 @@ as a standalone service, or httpd for being run by a httpd server")
     'api/hide_server_address_states':              value => $hide_server_address_states_real;
     'api/allow_instance_snapshots':                value => $allow_instance_snapshots;
     'api/enable_instance_password':                value => $enable_instance_password;
+    'vendordata_dynamic_auth/auth_type':           value => $vendordata_dynamic_auth_auth_type;
+    'vendordata_dynamic_auth/auth_url':            value => $vendordata_dynamic_auth_auth_url;
+    'vendordata_dynamic_auth/os_region_name':      value => $vendordata_dynamic_auth_os_region_name;
+    'vendordata_dynamic_auth/password':            value => $vendordata_dynamic_auth_password, secret => true;
+    'vendordata_dynamic_auth/project_domain_name': value => $vendordata_dynamic_auth_project_domain_name;
+    'vendordata_dynamic_auth/project_name':        value => $vendordata_dynamic_auth_project_name;
+    'vendordata_dynamic_auth/user_domain_name':    value => $vendordata_dynamic_auth_user_domain_name;
+    'vendordata_dynamic_auth/username':            value => $vendordata_dynamic_auth_username;
   }
 
   oslo::middleware {'nova_config':

releasenotes/notes/vendordata-dynamic-plugin-auth-149cd7ff53fc731b.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - Vendordata Dynamic plugins' authentication can be configured via the
+    vendordata_dynamic_plugin_auth_* parameters for the api manifest. These
+    parameters set the values in the vendordata_dynamic_auth section of the
+    nova configuration.

spec/classes/nova_api_spec.rb

@@ -72,6 +72,14 @@ describe 'nova::api' do
         is_expected.to contain_nova_config('api/enable_instance_password').with('value' => '<SERVICE DEFAULT>')
         is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '<SERVICE DEFAULT>')
         is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => false)
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => '<SERVICE DEFAULT>')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => '<SERVICE DEFAULT>')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => '<SERVICE DEFAULT>')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => '<SERVICE DEFAULT>')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => '<SERVICE DEFAULT>')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => '<SERVICE DEFAULT>')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => '<SERVICE DEFAULT>')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => '<SERVICE DEFAULT>')
       end
 
       it 'unconfigures neutron_metadata proxy' do
@@ -113,6 +121,14 @@ describe 'nova::api' do
           :password_length                             => 12,
           :pci_alias                                   => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]",
           :allow_resize_to_same_host                   => true,
+          :vendordata_dynamic_auth_auth_type           => 'password',
+          :vendordata_dynamic_auth_auth_url            => 'http://127.0.0.1:5000',
+          :vendordata_dynamic_auth_os_region_name      => 'RegionOne',
+          :vendordata_dynamic_auth_password            => 'secrete',
+          :vendordata_dynamic_auth_project_domain_name => 'Default',
+          :vendordata_dynamic_auth_project_name        => 'project',
+          :vendordata_dynamic_auth_user_domain_name    => 'Default',
+          :vendordata_dynamic_auth_username            => 'user',
         })
       end
 
@@ -160,6 +176,14 @@ describe 'nova::api' do
         is_expected.to contain_nova_config('api/enable_instance_password').with('value' => true)
         is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '12')
         is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => true)
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => 'password')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => 'http://127.0.0.1:5000')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => 'RegionOne')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => 'secrete').with_secret(true)
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => 'Default')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => 'project')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => 'Default')
+        is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => 'user')
       end
 
       it 'configures nova pci_alias entries' do