From 67dfb62e4def4462b6ebeba6fe1debf62ed3ec80 Mon Sep 17 00:00:00 2001
From: Michael Chapman <woppin@gmail.com>
Date: Mon, 1 Dec 2014 23:18:43 +1100
Subject: [PATCH] Add auth file from openstack repo

This commit adds the openrc templating that was
in the old openstack repository, with some changes
to the parameter names to match those in the file itself.

Change-Id: I979ea227c93153c15ea78c0c47b9c94843a314af
---
 manifests/auth_file.pp                        | 92 +++++++++++++++++++
 .../openstack_extras_auth_file_spec.rb        | 86 +++++++++++++++++
 templates/openrc.erb                          | 17 ++++
 3 files changed, 195 insertions(+)
 create mode 100644 manifests/auth_file.pp
 create mode 100644 spec/classes/openstack_extras_auth_file_spec.rb
 create mode 100644 templates/openrc.erb

diff --git a/manifests/auth_file.pp b/manifests/auth_file.pp
new file mode 100644
index 0000000..193df36
--- /dev/null
+++ b/manifests/auth_file.pp
@@ -0,0 +1,92 @@
+# == Class: openstack_extras::auth_file
+#
+# Creates an auth file that can be used to export
+# environment variables that can be used to authenticate
+# against a keystone server.
+#
+# === Parameters
+#
+# [*password*]
+#   (required) Password for this account as defined in keystone
+#
+# [*auth_url*]
+#   (optional) URL to authenticate against
+#   Defaults to 'http://127.0.0.1:5000/v2.0/'
+#
+# [*service_token*]
+#   (optional) Keystone service token
+#   NOTE: This setting will trigger a warning from keystone.
+#   Authentication credentials will be ignored by keystone client
+#   in favor of token authentication.
+#   Defaults to undef.
+#
+# [*service_endpoint*]
+#   (optional) Keystone service endpoint
+#   Defaults to 'http://127.0.0.1:35357/v2.0/'
+#
+# [*username*]
+#   (optional) Username for this account as defined in keystone
+#   Defaults to 'admin'.
+#
+# [*tenant_name*]
+#   (optional) Tenant for this account as defined in keystone
+#   Defaults to 'openstack'.
+#
+# [*region_name*]
+#   (optional) Openstack region to use
+#   Defaults to 'RegionOne'.
+#
+# [*use_no_cache*]
+#   (optional) Do not use the auth token cache.
+#   Defaults to true.
+#
+# [*cinder_endpoint_type*]
+#   (optional) The Cinder endpoint to use
+#   Defaults to 'publicURL'.
+#
+# [*glance_endpoint_type*]
+#   (optional) The Glance endpoint to use
+#   Defaults to 'publicURL'.
+#
+# [*keystone_endpoint_type*]
+#   (optional) The Keystone endpoint to use
+#   Defaults to 'publicURL'.
+#
+# [*nova_endpoint_type*]
+#   (optional) The Nova endpoint to use
+#   Defaults to 'publicURL'.
+#
+# [*neutron_endpoint_type*]
+#   (optional) The Neutron endpoint to use
+#   Defaults to 'publicURL'.
+#
+# [*auth_strategy*]
+#   (optional) The method to use for authentication
+#   Defaults to 'keystone'.
+#
+class openstack_extras::auth_file(
+  $password                 = undef,
+  $auth_url                 = 'http://127.0.0.1:5000/v2.0/',
+  $service_token            = undef,
+  $service_endpoint         = 'http://127.0.0.1:35357/v2.0/',
+  $username                 = 'admin',
+  $tenant_name              = 'openstack',
+  $region_name              = 'RegionOne',
+  $use_no_cache             = true,
+  $cinder_endpoint_type     = 'publicURL',
+  $glance_endpoint_type     = 'publicURL',
+  $keystone_endpoint_type   = 'publicURL',
+  $nova_endpoint_type       = 'publicURL',
+  $neutron_endpoint_type    = 'publicURL',
+  $auth_strategy            = 'keystone',
+) {
+  if ! $password {
+    fail('You must specify a password for openstack_extras::auth_file')
+  }
+  file { '/root/openrc':
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0700',
+    content => template('openstack_extras/openrc.erb')
+  }
+}
diff --git a/spec/classes/openstack_extras_auth_file_spec.rb b/spec/classes/openstack_extras_auth_file_spec.rb
new file mode 100644
index 0000000..199ddae
--- /dev/null
+++ b/spec/classes/openstack_extras_auth_file_spec.rb
@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+describe 'openstack_extras::auth_file' do
+
+  describe "when only passing default class parameters" do
+
+    let :params do
+      { :password => 'admin' }
+    end
+
+    it 'should create a openrc file' do
+      verify_contents(subject, '/root/openrc', [
+        'export OS_NO_CACHE=\'true\'',
+        'export OS_TENANT_NAME=\'openstack\'',
+        'export OS_USERNAME=\'admin\'',
+        'export OS_PASSWORD=\'admin\'',
+        'export OS_AUTH_URL=\'http://127.0.0.1:5000/v2.0/\'',
+        'export OS_AUTH_STRATEGY=\'keystone\'',
+        'export OS_REGION_NAME=\'RegionOne\'',
+        'export CINDER_ENDPOINT_TYPE=\'publicURL\'',
+        'export GLANCE_ENDPOINT_TYPE=\'publicURL\'',
+        'export KEYSTONE_ENDPOINT_TYPE=\'publicURL\'',
+        'export NOVA_ENDPOINT_TYPE=\'publicURL\'',
+        'export NEUTRON_ENDPOINT_TYPE=\'publicURL\''
+      ])
+    end
+  end
+
+  describe 'when overriding parameters' do
+
+    let :params do
+      {
+        :password                 => 'admin',
+        :auth_url                 => 'http://127.0.0.2:5000/v2.0/',
+        :service_token            => 'servicetoken',
+        :service_endpoint         => 'http://127.0.0.2:35357/v2.0/',
+        :username                 => 'myuser',
+        :tenant_name              => 'mytenant',
+        :region_name              => 'myregion',
+        :use_no_cache             => 'false',
+        :cinder_endpoint_type     => 'internalURL',
+        :glance_endpoint_type     => 'internalURL',
+        :keystone_endpoint_type   => 'internalURL',
+        :nova_endpoint_type       => 'internalURL',
+        :neutron_endpoint_type    => 'internalURL',
+        :auth_strategy            => 'no_auth',
+      }
+    end
+
+    it 'should create a openrc file' do
+      verify_contents(subject, '/root/openrc', [
+        'export OS_SERVICE_TOKEN=\'servicetoken\'',
+        'export OS_SERVICE_ENDPOINT=\'http://127.0.0.2:35357/v2.0/\'',
+        'export OS_NO_CACHE=\'false\'',
+        'export OS_TENANT_NAME=\'mytenant\'',
+        'export OS_USERNAME=\'myuser\'',
+        'export OS_PASSWORD=\'admin\'',
+        'export OS_AUTH_URL=\'http://127.0.0.2:5000/v2.0/\'',
+        'export OS_AUTH_STRATEGY=\'no_auth\'',
+        'export OS_REGION_NAME=\'myregion\'',
+        'export CINDER_ENDPOINT_TYPE=\'internalURL\'',
+        'export GLANCE_ENDPOINT_TYPE=\'internalURL\'',
+        'export KEYSTONE_ENDPOINT_TYPE=\'internalURL\'',
+        'export NOVA_ENDPOINT_TYPE=\'internalURL\'',
+        'export NEUTRON_ENDPOINT_TYPE=\'internalURL\''
+      ])
+    end
+  end
+
+  describe "handle password and token with single quotes" do
+
+    let :params do
+      {
+        :password             => 'singlequote\'',
+        :service_token        => 'key\'stone'
+      }
+    end
+
+    it 'should create a openrc file' do
+      verify_contents(subject, '/root/openrc', [
+        'export OS_SERVICE_TOKEN=\'key\\\'stone\'',
+        'export OS_PASSWORD=\'singlequote\\\'\'',
+      ])
+    end
+  end
+end
diff --git a/templates/openrc.erb b/templates/openrc.erb
new file mode 100644
index 0000000..9b39f39
--- /dev/null
+++ b/templates/openrc.erb
@@ -0,0 +1,17 @@
+#!/bin/sh
+<% if @service_token -%>
+export OS_SERVICE_TOKEN='<%= @service_token.gsub(/'/){ %q(\') } %>'
+export OS_SERVICE_ENDPOINT='<%= @service_endpoint %>'
+<% end -%>
+export OS_NO_CACHE='<%= @use_no_cache %>'
+export OS_TENANT_NAME='<%= @tenant_name %>'
+export OS_USERNAME='<%= @username %>'
+export OS_PASSWORD='<%= @password.gsub(/'/){ %q(\') } %>'
+export OS_AUTH_URL='<%= @auth_url %>'
+export OS_AUTH_STRATEGY='<%= @auth_strategy %>'
+export OS_REGION_NAME='<%= @region_name %>'
+export CINDER_ENDPOINT_TYPE='<%= @cinder_endpoint_type %>'
+export GLANCE_ENDPOINT_TYPE='<%= @glance_endpoint_type %>'
+export KEYSTONE_ENDPOINT_TYPE='<%= @keystone_endpoint_type %>'
+export NOVA_ENDPOINT_TYPE='<%= @nova_endpoint_type %>'
+export NEUTRON_ENDPOINT_TYPE='<%= @neutron_endpoint_type %>'