Add parameters to configure vendordata dynamic plugins' auth

These plugins can support keystone authentication; but need some auth
parameters to be configured.

Change-Id: I870e244aff97439143b58e9b2284830b4388cc5f
This commit is contained in:
Juan Antonio Osorio Robles 2017-03-27 18:27:48 +03:00
parent 210a3161e5
commit d80cb9ab16
3 changed files with 184 additions and 105 deletions

View File

@ -215,6 +215,39 @@
# and in others you need it set there.
# Defaults to false
#
# [*vendordata_dynamic_auth_auth_type*]
# (optional) Authentication type to load for vendordata dynamic plugins.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_auth_url*]
# (optional) URL to use for authenticating.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_os_region_name*]
# (optional) Region name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_password*]
# (optional) Password for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_project_domain_name*]
# (optional) Project domain name for the vendordata dynamic plugin
# credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_project_name*]
# (optional) Project name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_user_domain_name*]
# (optional) User domain name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# [*vendordata_dynamic_auth_username*]
# (optional) User name for the vendordata dynamic plugin credentials.
# Defaults to $::os_service_default
#
# DEPRECATED
#
# [*conductor_workers*]
@ -286,6 +319,14 @@ class nova::api(
$password_length = $::os_service_default,
$install_cinder_client = true,
$allow_resize_to_same_host = false,
$vendordata_dynamic_auth_auth_type = $::os_service_default,
$vendordata_dynamic_auth_auth_url = $::os_service_default,
$vendordata_dynamic_auth_os_region_name = $::os_service_default,
$vendordata_dynamic_auth_password = $::os_service_default,
$vendordata_dynamic_auth_project_domain_name = $::os_service_default,
$vendordata_dynamic_auth_project_name = $::os_service_default,
$vendordata_dynamic_auth_user_domain_name = $::os_service_default,
$vendordata_dynamic_auth_username = $::os_service_default,
# DEPRECATED PARAMETER
$conductor_workers = undef,
$osapi_max_limit = undef,
@ -433,6 +474,14 @@ as a standalone service, or httpd for being run by a httpd server")
'api/hide_server_address_states': value => $hide_server_address_states_real;
'api/allow_instance_snapshots': value => $allow_instance_snapshots;
'api/enable_instance_password': value => $enable_instance_password;
'vendordata_dynamic_auth/auth_type': value => $vendordata_dynamic_auth_auth_type;
'vendordata_dynamic_auth/auth_url': value => $vendordata_dynamic_auth_auth_url;
'vendordata_dynamic_auth/os_region_name': value => $vendordata_dynamic_auth_os_region_name;
'vendordata_dynamic_auth/password': value => $vendordata_dynamic_auth_password, secret => true;
'vendordata_dynamic_auth/project_domain_name': value => $vendordata_dynamic_auth_project_domain_name;
'vendordata_dynamic_auth/project_name': value => $vendordata_dynamic_auth_project_name;
'vendordata_dynamic_auth/user_domain_name': value => $vendordata_dynamic_auth_user_domain_name;
'vendordata_dynamic_auth/username': value => $vendordata_dynamic_auth_username;
}
oslo::middleware {'nova_config':

View File

@ -0,0 +1,6 @@
---
features:
- Vendordata Dynamic plugins' authentication can be configured via the
vendordata_dynamic_plugin_auth_* parameters for the api manifest. These
parameters set the values in the vendordata_dynamic_auth section of the
nova configuration.

View File

@ -72,6 +72,14 @@ describe 'nova::api' do
is_expected.to contain_nova_config('api/enable_instance_password').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => false)
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => '<SERVICE DEFAULT>')
is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => '<SERVICE DEFAULT>')
end
it 'unconfigures neutron_metadata proxy' do
@ -113,6 +121,14 @@ describe 'nova::api' do
:password_length => 12,
:pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]",
:allow_resize_to_same_host => true,
:vendordata_dynamic_auth_auth_type => 'password',
:vendordata_dynamic_auth_auth_url => 'http://127.0.0.1:5000',
:vendordata_dynamic_auth_os_region_name => 'RegionOne',
:vendordata_dynamic_auth_password => 'secrete',
:vendordata_dynamic_auth_project_domain_name => 'Default',
:vendordata_dynamic_auth_project_name => 'project',
:vendordata_dynamic_auth_user_domain_name => 'Default',
:vendordata_dynamic_auth_username => 'user',
})
end
@ -160,6 +176,14 @@ describe 'nova::api' do
is_expected.to contain_nova_config('api/enable_instance_password').with('value' => true)
is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '12')
is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => true)
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => 'password')
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => 'http://127.0.0.1:5000')
is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => 'RegionOne')
is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => 'secrete').with_secret(true)
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => 'Default')
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => 'project')
is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => 'Default')
is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => 'user')
end
it 'configures nova pci_alias entries' do