Add support for identity_uri.

This patch adds the ability to set a new identity_uri parameter. It also deprecates the old auth_host, auth_port, auth_protocol, and auth_admin_prefix parameters. Logic is in place so that users of the deprecated settings should have a smooth upgrade process and get deprecation warnings until they adopt the new settings. Change-Id: Ideefb4d824cbd5b4b83f9eb773a75e536e3458fb
2015-01-27 21:24:14 -05:00 · 2015-01-27 21:24:14 -05:00 · d87c1e8fe7
commit d87c1e8fe7
parent 00e744a9b1
2 changed files with 96 additions and 23 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -20,23 +20,27 @@
 #   Defaults to 'present'
 #
 # [*auth_host*]
-#   (optional) The IP of the server running keystone
+#   (optional) DEPRECATED. The IP of the server running keystone
 #   Defaults to '127.0.0.1'
 #
 # [*auth_port*]
-#   (optional) The port to use when authenticating against Keystone
+#   (optional) DEPRECATED. The port to use when authenticating against Keystone
 #   Defaults to 35357
 #
 # [*auth_protocol*]
-#   (optional) The protocol to use when authenticating against Keystone
+#   (optional) DEPRECATED. The protocol to use when authenticating against Keystone
 #   Defaults to 'http'
 #
 # [*auth_uri*]
-#   (optional) The uri of a Keystone service to authenticate against
+#   (optional) Complete public Identity API endpoint.
 #   Defaults to false
 #
+# [*identity_uri*]
+#   (optional) Complete admin Identity API endpoint.
+#   Defaults to: false
+#
 # [*auth_admin_prefix*]
-#   (optional) Prefix to prepend at the beginning of the keystone path
+#   (optional) DEPRECATED. Prefix to prepend at the beginning of the keystone path
 #   Defaults to false
 #
 # [*auth_version*]
@ -147,11 +151,8 @@ class nova::api(
  $enabled               = false,
  $manage_service        = true,
  $ensure_package        = 'present',
-  $auth_host             = '127.0.0.1',
-  $auth_port             = 35357,
-  $auth_protocol         = 'http',
  $auth_uri              = false,
-  $auth_admin_prefix     = false,
+  $identity_uri          = false,
  $auth_version          = false,
  $admin_tenant_name     = 'services',
  $admin_user            = 'nova',
@ -174,6 +175,10 @@ class nova::api(
  $validate              = false,
  $validation_options    = {},
  # DEPRECATED PARAMETER
+  $auth_protocol         = 'http',
+  $auth_port             = 35357,
+  $auth_host             = '127.0.0.1',
+  $auth_admin_prefix     = false,
  $conductor_workers     = undef,
 ) {

@ -240,32 +245,67 @@ class nova::api(
  }
  nova_config { 'keystone_authtoken/auth_uri': value => $auth_uri_real; }

+  if $identity_uri {
+    nova_config { 'keystone_authtoken/identity_uri': value => $identity_uri; }
+  } else {
+    nova_config { 'keystone_authtoken/identity_uri': ensure => absent; }
+  }
+
  if $auth_version {
    nova_config { 'keystone_authtoken/auth_version': value => $auth_version; }
  } else {
    nova_config { 'keystone_authtoken/auth_version': ensure => absent; }
  }

+  # if both auth_uri and identity_uri are set we skip these deprecated settings entirely
+  if !$auth_uri or !$identity_uri {
+
+    if $auth_host {
+      warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      nova_config { 'keystone_authtoken/auth_host': value => $auth_host; }
+    } else {
+      nova_config { 'keystone_authtoken/auth_host': ensure => absent; }
+    }
+
+    if $auth_port {
+      warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      nova_config { 'keystone_authtoken/auth_port': value => $auth_port; }
+    } else {
+      nova_config { 'keystone_authtoken/auth_port': ensure => absent; }
+    }
+
+    if $auth_protocol {
+      warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      nova_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; }
+    } else {
+      nova_config { 'keystone_authtoken/auth_protocol': ensure => absent; }
+    }
+
+    if $auth_admin_prefix {
+      warning('The auth_admin_prefix  parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+      nova_config {
+        'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
+      }
+    } else {
+      nova_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; }
+    }
+
+  } else {
+    nova_config {
+      'keystone_authtoken/auth_host': ensure => absent;
+      'keystone_authtoken/auth_port': ensure => absent;
+      'keystone_authtoken/auth_protocol': ensure => absent;
+      'keystone_authtoken/auth_admin_prefix': ensure => absent;
+    }
+  }
+
  nova_config {
-    'keystone_authtoken/auth_host':         value => $auth_host;
-    'keystone_authtoken/auth_port':         value => $auth_port;
-    'keystone_authtoken/auth_protocol':     value => $auth_protocol;
    'keystone_authtoken/admin_tenant_name': value => $admin_tenant_name;
    'keystone_authtoken/admin_user':        value => $admin_user;
    'keystone_authtoken/admin_password':    value => $admin_password, secret => true;
  }

-  if $auth_admin_prefix {
-    validate_re($auth_admin_prefix, '^(/.+[^/])?$')
-    nova_config {
-      'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
-    }
-  } else {
-    nova_config {
-      'keystone_authtoken/auth_admin_prefix': ensure => absent;
-    }
-  }
-
  if $keystone_ec2_url {
    nova_config {
      'DEFAULT/keystone_ec2_url': value => $keystone_ec2_url;
--- a/spec/classes/nova_api_spec.rb
+++ b/spec/classes/nova_api_spec.rb
@ -256,6 +256,39 @@ describe 'nova::api' do
      it { should contain_nova_config('database/idle_timeout').with_value('30') }
    end

+    context 'with custom keystone identity_uri' do
+      before do
+        params.merge!({
+          :identity_uri => 'https://foo.bar:1234/',
+        })
+      end
+      it 'configures identity_uri' do
+        should contain_nova_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/");
+        # since only auth_uri is set the deprecated auth parameters should
+        # still get set in case they are still in use
+        should contain_nova_config('keystone_authtoken/auth_host').with_value('127.0.0.1');
+        should contain_nova_config('keystone_authtoken/auth_port').with_value('35357');
+        should contain_nova_config('keystone_authtoken/auth_protocol').with_value('http');
+      end
+    end
+
+    context 'with custom keystone identity_uri and auth_uri' do
+      before do
+        params.merge!({
+          :identity_uri => 'https://foo.bar:35357/',
+          :auth_uri => 'https://foo.bar:5000/v2.0/',
+        })
+      end
+      it 'configures identity_uri' do
+        should contain_nova_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
+        should contain_nova_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
+        should contain_nova_config('keystone_authtoken/auth_host').with_ensure('absent')
+        should contain_nova_config('keystone_authtoken/auth_port').with_ensure('absent')
+        should contain_nova_config('keystone_authtoken/auth_protocol').with_ensure('absent')
+        should contain_nova_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
+      end
+    end
+
  end

  context 'on Debian platforms' do