auth file: default urls to keystone v3

Keystone v3 status is CURRENT [1] while v2.0 is SUPPORTED [2]. A lot of work has been done in puppet-keystone to use v3 API by default, even if we can still run v2.0. This patch: * add new parameter and set IDENTITY_API_VERSION to 3 by default * change urls for v3 endpoints by default * change tenant_name parameter to undef by default * change project_name parameter to 'openstack' by default * change project_domain and user_domain parameters to 'default' by default It's a non-backward compatible change, for the users who don't set the values that have been changed. Though they can still override the default and switching back to v2.0 if needed. [1] http://developer.openstack.org/api-ref-identity-v3.html [2] http://developer.openstack.org/api-ref-identity-v2.html Change-Id: If97d24e627ff5ff688f5fb634221a29a98f0ae90
2016-02-15 12:49:55 -05:00 · 2016-02-15 12:49:55 -05:00 · ba4161b468
parent b21b30b18a
commit ba4161b468
3 changed files with 37 additions and 24 deletions
--- a/manifests/auth_file.pp
+++ b/manifests/auth_file.pp
@ -11,7 +11,7 @@
 #
 # [*auth_url*]
 #   (optional) URL to authenticate against
-#   Defaults to 'http://127.0.0.1:5000/v2.0/'
+#   Defaults to 'http://127.0.0.1:5000/v3/'
 #
 # [*service_token*]
 #   (optional) Keystone service token
@ -22,7 +22,7 @@
 #
 # [*service_endpoint*]
 #   (optional) Keystone service endpoint
-#   Defaults to 'http://127.0.0.1:35357/v2.0/'
+#   Defaults to 'http://127.0.0.1:35357/v3/'
 #
 # [*username*]
 #   (optional) Username for this account as defined in keystone
@ -30,12 +30,12 @@
 #
 # [*tenant_name*]
 #   (optional) Tenant for this account as defined in keystone
-#   Defaults to 'openstack'.
+#   Defaults to undef.
 #
 # [*project_name*]
 #   (optional) Project for this account as defined in keystone
 #   Use instead of tenant_name for when using identity v3.
-#   Defaults to undef.
+#   Defaults to 'openstack'.
 #
 # [*region_name*]
 #   (optional) Openstack region to use
@ -75,25 +75,29 @@
 #
 # [*project_domain*]
 #   (optional) Project domain in v3 api.
-#   Defaults to false
+#   Defaults to 'default'.
 #
 # [*user_domain*]
 #   (optional) User domain in v3 api.
-#   Defaults to false
+#   Defaults to 'default'.
+#
+# [*identity_api_version*]
+#   (optional) Identity API version to use.
+#   Defaults to '3'.
 #

 class openstack_extras::auth_file(
  $password                 = undef,
-  $auth_url                 = 'http://127.0.0.1:5000/v2.0/',
+  $auth_url                 = 'http://127.0.0.1:5000/v3/',
  $service_token            = undef,
-  $service_endpoint         = 'http://127.0.0.1:35357/v2.0/',
+  $service_endpoint         = 'http://127.0.0.1:35357/v3/',
  $username                 = 'admin',
-  $tenant_name              = 'openstack',
-  $project_name             = undef,
+  $tenant_name              = undef,
+  $project_name             = 'openstack',
  $region_name              = 'RegionOne',
  $use_no_cache             = true,
-  $project_domain           = false,
-  $user_domain              = false,
+  $project_domain           = 'default',
+  $user_domain              = 'default',
  $cinder_endpoint_type     = 'publicURL',
  $glance_endpoint_type     = 'publicURL',
  $keystone_endpoint_type   = 'publicURL',
@ -101,6 +105,7 @@ class openstack_extras::auth_file(
  $neutron_endpoint_type    = 'publicURL',
  $auth_strategy            = 'keystone',
  $path                     = '/root/openrc',
+  $identity_api_version     = '3',
 ) {
  if ! $password {
    fail('You must specify a password for openstack_extras::auth_file')
--- a/spec/classes/openstack_extras_auth_file_spec.rb
+++ b/spec/classes/openstack_extras_auth_file_spec.rb
@ -11,17 +11,20 @@ describe 'openstack_extras::auth_file' do
    it 'should create a openrc file' do
      verify_contents(catalogue, '/root/openrc', [
        'export OS_NO_CACHE=\'true\'',
-        'export OS_TENANT_NAME=\'openstack\'',
+        'export OS_PROJECT_NAME=\'openstack\'',
        'export OS_USERNAME=\'admin\'',
        'export OS_PASSWORD=\'admin\'',
-        'export OS_AUTH_URL=\'http://127.0.0.1:5000/v2.0/\'',
+        'export OS_AUTH_URL=\'http://127.0.0.1:5000/v3/\'',
        'export OS_AUTH_STRATEGY=\'keystone\'',
        'export OS_REGION_NAME=\'RegionOne\'',
+        'export OS_PROJECT_DOMAIN_NAME=\'default\'',
+        'export OS_USER_DOMAIN_NAME=\'default\'',
        'export CINDER_ENDPOINT_TYPE=\'publicURL\'',
        'export GLANCE_ENDPOINT_TYPE=\'publicURL\'',
        'export KEYSTONE_ENDPOINT_TYPE=\'publicURL\'',
        'export NOVA_ENDPOINT_TYPE=\'publicURL\'',
-        'export NEUTRON_ENDPOINT_TYPE=\'publicURL\''
+        'export NEUTRON_ENDPOINT_TYPE=\'publicURL\'',
+        'export IDENTITY_API_VERSION=\'3\'',
      ])
    end
  end
@ -31,9 +34,9 @@ describe 'openstack_extras::auth_file' do
    let :params do
      {
        :password                 => 'admin',
-        :auth_url                 => 'http://127.0.0.2:5000/v2.0/',
+        :auth_url                 => 'http://127.0.0.2:5000/v3/',
        :service_token            => 'servicetoken',
-        :service_endpoint         => 'http://127.0.0.2:35357/v2.0/',
+        :service_endpoint         => 'http://127.0.0.2:35357/v3/',
        :username                 => 'myuser',
        :tenant_name              => 'mytenant',
        :project_name             => 'myproject',
@ -45,30 +48,32 @@ describe 'openstack_extras::auth_file' do
        :nova_endpoint_type       => 'internalURL',
        :neutron_endpoint_type    => 'internalURL',
        :auth_strategy            => 'no_auth',
-        :user_domain              => 'Default',
-        :project_domain           => 'Default'
+        :user_domain              => 'anotherdomain',
+        :project_domain           => 'anotherdomain',
+        :identity_api_version     => '3.1',
      }
    end

    it 'should create a openrc file' do
      verify_contents(catalogue, '/root/openrc', [
        'export OS_SERVICE_TOKEN=\'servicetoken\'',
-        'export OS_SERVICE_ENDPOINT=\'http://127.0.0.2:35357/v2.0/\'',
+        'export OS_SERVICE_ENDPOINT=\'http://127.0.0.2:35357/v3/\'',
        'export OS_NO_CACHE=\'false\'',
        'export OS_TENANT_NAME=\'mytenant\'',
        'export OS_PROJECT_NAME=\'myproject\'',
        'export OS_USERNAME=\'myuser\'',
        'export OS_PASSWORD=\'admin\'',
-        'export OS_AUTH_URL=\'http://127.0.0.2:5000/v2.0/\'',
+        'export OS_AUTH_URL=\'http://127.0.0.2:5000/v3/\'',
        'export OS_AUTH_STRATEGY=\'no_auth\'',
        'export OS_REGION_NAME=\'myregion\'',
-        'export OS_PROJECT_DOMAIN_NAME=\'Default\'',
-        'export OS_USER_DOMAIN_NAME=\'Default\'',
+        'export OS_PROJECT_DOMAIN_NAME=\'anotherdomain\'',
+        'export OS_USER_DOMAIN_NAME=\'anotherdomain\'',
        'export CINDER_ENDPOINT_TYPE=\'internalURL\'',
        'export GLANCE_ENDPOINT_TYPE=\'internalURL\'',
        'export KEYSTONE_ENDPOINT_TYPE=\'internalURL\'',
        'export NOVA_ENDPOINT_TYPE=\'internalURL\'',
-        'export NEUTRON_ENDPOINT_TYPE=\'internalURL\''
+        'export NEUTRON_ENDPOINT_TYPE=\'internalURL\'',
+        'export IDENTITY_API_VERSION=\'3.1\'',
      ])
    end
  end
--- a/templates/openrc.erb
+++ b/templates/openrc.erb
@ -4,7 +4,9 @@ export OS_SERVICE_TOKEN='<%= @service_token.gsub(/'/){ %q(\') } %>'
 export OS_SERVICE_ENDPOINT='<%= @service_endpoint %>'
 <% end -%>
 export OS_NO_CACHE='<%= @use_no_cache %>'
+<% if @tenant_name -%>
 export OS_TENANT_NAME='<%= @tenant_name %>'
+<% end -%>
 <% if @project_name -%>
 export OS_PROJECT_NAME='<%= @project_name %>'
 <% end -%>
@ -24,3 +26,4 @@ export GLANCE_ENDPOINT_TYPE='<%= @glance_endpoint_type %>'
 export KEYSTONE_ENDPOINT_TYPE='<%= @keystone_endpoint_type %>'
 export NOVA_ENDPOINT_TYPE='<%= @nova_endpoint_type %>'
 export NEUTRON_ENDPOINT_TYPE='<%= @neutron_endpoint_type %>'
+export IDENTITY_API_VERSION='<%= @identity_api_version %>'