auth file: default urls to keystone v3

Keystone v3 status is CURRENT [1] while v2.0 is SUPPORTED [2].
A lot of work has been done in puppet-keystone to use v3 API by default,
even if we can still run v2.0.

This patch:

* add new parameter and set IDENTITY_API_VERSION to 3 by default
* change urls for v3 endpoints by default
* change tenant_name parameter to undef by default
* change project_name parameter to 'openstack' by default
* change project_domain and user_domain parameters to 'default' by
  default

It's a non-backward compatible change, for the users who don't set the
values that have been changed.
Though they can still override the default and switching back to
v2.0 if needed.

[1] http://developer.openstack.org/api-ref-identity-v3.html
[2] http://developer.openstack.org/api-ref-identity-v2.html

Change-Id: If97d24e627ff5ff688f5fb634221a29a98f0ae90

manifests/auth_file.pp

@@ -11,7 +11,7 @@
 #
 # [*auth_url*]
 #   (optional) URL to authenticate against
-#   Defaults to 'http://127.0.0.1:5000/v2.0/'
+#   Defaults to 'http://127.0.0.1:5000/v3/'
 #
 # [*service_token*]
 #   (optional) Keystone service token
@@ -22,7 +22,7 @@
 #
 # [*service_endpoint*]
 #   (optional) Keystone service endpoint
-#   Defaults to 'http://127.0.0.1:35357/v2.0/'
+#   Defaults to 'http://127.0.0.1:35357/v3/'
 #
 # [*username*]
 #   (optional) Username for this account as defined in keystone
@@ -30,12 +30,12 @@
 #
 # [*tenant_name*]
 #   (optional) Tenant for this account as defined in keystone
-#   Defaults to 'openstack'.
+#   Defaults to undef.
 #
 # [*project_name*]
 #   (optional) Project for this account as defined in keystone
 #   Use instead of tenant_name for when using identity v3.
-#   Defaults to undef.
+#   Defaults to 'openstack'.
 #
 # [*region_name*]
 #   (optional) Openstack region to use
@@ -75,25 +75,29 @@
 #
 # [*project_domain*]
 #   (optional) Project domain in v3 api.
-#   Defaults to false
+#   Defaults to 'default'.
 #
 # [*user_domain*]
 #   (optional) User domain in v3 api.
-#   Defaults to false
+#   Defaults to 'default'.
+#
+# [*identity_api_version*]
+#   (optional) Identity API version to use.
+#   Defaults to '3'.
 #
 
 class openstack_extras::auth_file(
   $password                 = undef,
-  $auth_url                 = 'http://127.0.0.1:5000/v2.0/',
+  $auth_url                 = 'http://127.0.0.1:5000/v3/',
   $service_token            = undef,
-  $service_endpoint         = 'http://127.0.0.1:35357/v2.0/',
+  $service_endpoint         = 'http://127.0.0.1:35357/v3/',
   $username                 = 'admin',
-  $tenant_name              = 'openstack',
-  $project_name             = undef,
+  $tenant_name              = undef,
+  $project_name             = 'openstack',
   $region_name              = 'RegionOne',
   $use_no_cache             = true,
-  $project_domain           = false,
-  $user_domain              = false,
+  $project_domain           = 'default',
+  $user_domain              = 'default',
   $cinder_endpoint_type     = 'publicURL',
   $glance_endpoint_type     = 'publicURL',
   $keystone_endpoint_type   = 'publicURL',
@@ -101,6 +105,7 @@ class openstack_extras::auth_file(
   $neutron_endpoint_type    = 'publicURL',
   $auth_strategy            = 'keystone',
   $path                     = '/root/openrc',
+  $identity_api_version     = '3',
 ) {
   if ! $password {
     fail('You must specify a password for openstack_extras::auth_file')

spec/classes/openstack_extras_auth_file_spec.rb

@@ -11,17 +11,20 @@ describe 'openstack_extras::auth_file' do
     it 'should create a openrc file' do
       verify_contents(catalogue, '/root/openrc', [
         'export OS_NO_CACHE=\'true\'',
-        'export OS_TENANT_NAME=\'openstack\'',
+        'export OS_PROJECT_NAME=\'openstack\'',
         'export OS_USERNAME=\'admin\'',
         'export OS_PASSWORD=\'admin\'',
-        'export OS_AUTH_URL=\'http://127.0.0.1:5000/v2.0/\'',
+        'export OS_AUTH_URL=\'http://127.0.0.1:5000/v3/\'',
         'export OS_AUTH_STRATEGY=\'keystone\'',
         'export OS_REGION_NAME=\'RegionOne\'',
+        'export OS_PROJECT_DOMAIN_NAME=\'default\'',
+        'export OS_USER_DOMAIN_NAME=\'default\'',
         'export CINDER_ENDPOINT_TYPE=\'publicURL\'',
         'export GLANCE_ENDPOINT_TYPE=\'publicURL\'',
         'export KEYSTONE_ENDPOINT_TYPE=\'publicURL\'',
         'export NOVA_ENDPOINT_TYPE=\'publicURL\'',
-        'export NEUTRON_ENDPOINT_TYPE=\'publicURL\''
+        'export NEUTRON_ENDPOINT_TYPE=\'publicURL\'',
+        'export IDENTITY_API_VERSION=\'3\'',
       ])
     end
   end
@@ -31,9 +34,9 @@ describe 'openstack_extras::auth_file' do
     let :params do
       {
         :password                 => 'admin',
-        :auth_url                 => 'http://127.0.0.2:5000/v2.0/',
+        :auth_url                 => 'http://127.0.0.2:5000/v3/',
         :service_token            => 'servicetoken',
-        :service_endpoint         => 'http://127.0.0.2:35357/v2.0/',
+        :service_endpoint         => 'http://127.0.0.2:35357/v3/',
         :username                 => 'myuser',
         :tenant_name              => 'mytenant',
         :project_name             => 'myproject',
@@ -45,30 +48,32 @@ describe 'openstack_extras::auth_file' do
         :nova_endpoint_type       => 'internalURL',
         :neutron_endpoint_type    => 'internalURL',
         :auth_strategy            => 'no_auth',
-        :user_domain              => 'Default',
-        :project_domain           => 'Default'
+        :user_domain              => 'anotherdomain',
+        :project_domain           => 'anotherdomain',
+        :identity_api_version     => '3.1',
       }
     end
 
     it 'should create a openrc file' do
       verify_contents(catalogue, '/root/openrc', [
         'export OS_SERVICE_TOKEN=\'servicetoken\'',
-        'export OS_SERVICE_ENDPOINT=\'http://127.0.0.2:35357/v2.0/\'',
+        'export OS_SERVICE_ENDPOINT=\'http://127.0.0.2:35357/v3/\'',
         'export OS_NO_CACHE=\'false\'',
         'export OS_TENANT_NAME=\'mytenant\'',
         'export OS_PROJECT_NAME=\'myproject\'',
         'export OS_USERNAME=\'myuser\'',
         'export OS_PASSWORD=\'admin\'',
-        'export OS_AUTH_URL=\'http://127.0.0.2:5000/v2.0/\'',
+        'export OS_AUTH_URL=\'http://127.0.0.2:5000/v3/\'',
         'export OS_AUTH_STRATEGY=\'no_auth\'',
         'export OS_REGION_NAME=\'myregion\'',
-        'export OS_PROJECT_DOMAIN_NAME=\'Default\'',
-        'export OS_USER_DOMAIN_NAME=\'Default\'',
+        'export OS_PROJECT_DOMAIN_NAME=\'anotherdomain\'',
+        'export OS_USER_DOMAIN_NAME=\'anotherdomain\'',
         'export CINDER_ENDPOINT_TYPE=\'internalURL\'',
         'export GLANCE_ENDPOINT_TYPE=\'internalURL\'',
         'export KEYSTONE_ENDPOINT_TYPE=\'internalURL\'',
         'export NOVA_ENDPOINT_TYPE=\'internalURL\'',
-        'export NEUTRON_ENDPOINT_TYPE=\'internalURL\''
+        'export NEUTRON_ENDPOINT_TYPE=\'internalURL\'',
+        'export IDENTITY_API_VERSION=\'3.1\'',
       ])
     end
   end

templates/openrc.erb

@@ -4,7 +4,9 @@ export OS_SERVICE_TOKEN='<%= @service_token.gsub(/'/){ %q(\') } %>'
 export OS_SERVICE_ENDPOINT='<%= @service_endpoint %>'
 <% end -%>
 export OS_NO_CACHE='<%= @use_no_cache %>'
+<% if @tenant_name -%>
 export OS_TENANT_NAME='<%= @tenant_name %>'
+<% end -%>
 <% if @project_name -%>
 export OS_PROJECT_NAME='<%= @project_name %>'
 <% end -%>
@@ -24,3 +26,4 @@ export GLANCE_ENDPOINT_TYPE='<%= @glance_endpoint_type %>'
 export KEYSTONE_ENDPOINT_TYPE='<%= @keystone_endpoint_type %>'
 export NOVA_ENDPOINT_TYPE='<%= @nova_endpoint_type %>'
 export NEUTRON_ENDPOINT_TYPE='<%= @neutron_endpoint_type %>'
+export IDENTITY_API_VERSION='<%= @identity_api_version %>'