From ba4161b4683abd4ca5de2bcc5bfa40eff775a231 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Mon, 15 Feb 2016 12:49:55 -0500 Subject: [PATCH] auth file: default urls to keystone v3 Keystone v3 status is CURRENT [1] while v2.0 is SUPPORTED [2]. A lot of work has been done in puppet-keystone to use v3 API by default, even if we can still run v2.0. This patch: * add new parameter and set IDENTITY_API_VERSION to 3 by default * change urls for v3 endpoints by default * change tenant_name parameter to undef by default * change project_name parameter to 'openstack' by default * change project_domain and user_domain parameters to 'default' by default It's a non-backward compatible change, for the users who don't set the values that have been changed. Though they can still override the default and switching back to v2.0 if needed. [1] http://developer.openstack.org/api-ref-identity-v3.html [2] http://developer.openstack.org/api-ref-identity-v2.html Change-Id: If97d24e627ff5ff688f5fb634221a29a98f0ae90 --- manifests/auth_file.pp | 29 +++++++++++-------- .../openstack_extras_auth_file_spec.rb | 29 +++++++++++-------- templates/openrc.erb | 3 ++ 3 files changed, 37 insertions(+), 24 deletions(-) diff --git a/manifests/auth_file.pp b/manifests/auth_file.pp index a196071..3ec8999 100644 --- a/manifests/auth_file.pp +++ b/manifests/auth_file.pp @@ -11,7 +11,7 @@ # # [*auth_url*] # (optional) URL to authenticate against -# Defaults to 'http://127.0.0.1:5000/v2.0/' +# Defaults to 'http://127.0.0.1:5000/v3/' # # [*service_token*] # (optional) Keystone service token @@ -22,7 +22,7 @@ # # [*service_endpoint*] # (optional) Keystone service endpoint -# Defaults to 'http://127.0.0.1:35357/v2.0/' +# Defaults to 'http://127.0.0.1:35357/v3/' # # [*username*] # (optional) Username for this account as defined in keystone @@ -30,12 +30,12 @@ # # [*tenant_name*] # (optional) Tenant for this account as defined in keystone -# Defaults to 'openstack'. +# Defaults to undef. # # [*project_name*] # (optional) Project for this account as defined in keystone # Use instead of tenant_name for when using identity v3. -# Defaults to undef. +# Defaults to 'openstack'. # # [*region_name*] # (optional) Openstack region to use @@ -75,25 +75,29 @@ # # [*project_domain*] # (optional) Project domain in v3 api. -# Defaults to false +# Defaults to 'default'. # # [*user_domain*] # (optional) User domain in v3 api. -# Defaults to false +# Defaults to 'default'. +# +# [*identity_api_version*] +# (optional) Identity API version to use. +# Defaults to '3'. # class openstack_extras::auth_file( $password = undef, - $auth_url = 'http://127.0.0.1:5000/v2.0/', + $auth_url = 'http://127.0.0.1:5000/v3/', $service_token = undef, - $service_endpoint = 'http://127.0.0.1:35357/v2.0/', + $service_endpoint = 'http://127.0.0.1:35357/v3/', $username = 'admin', - $tenant_name = 'openstack', - $project_name = undef, + $tenant_name = undef, + $project_name = 'openstack', $region_name = 'RegionOne', $use_no_cache = true, - $project_domain = false, - $user_domain = false, + $project_domain = 'default', + $user_domain = 'default', $cinder_endpoint_type = 'publicURL', $glance_endpoint_type = 'publicURL', $keystone_endpoint_type = 'publicURL', @@ -101,6 +105,7 @@ class openstack_extras::auth_file( $neutron_endpoint_type = 'publicURL', $auth_strategy = 'keystone', $path = '/root/openrc', + $identity_api_version = '3', ) { if ! $password { fail('You must specify a password for openstack_extras::auth_file') diff --git a/spec/classes/openstack_extras_auth_file_spec.rb b/spec/classes/openstack_extras_auth_file_spec.rb index 099ed1d..31652c1 100644 --- a/spec/classes/openstack_extras_auth_file_spec.rb +++ b/spec/classes/openstack_extras_auth_file_spec.rb @@ -11,17 +11,20 @@ describe 'openstack_extras::auth_file' do it 'should create a openrc file' do verify_contents(catalogue, '/root/openrc', [ 'export OS_NO_CACHE=\'true\'', - 'export OS_TENANT_NAME=\'openstack\'', + 'export OS_PROJECT_NAME=\'openstack\'', 'export OS_USERNAME=\'admin\'', 'export OS_PASSWORD=\'admin\'', - 'export OS_AUTH_URL=\'http://127.0.0.1:5000/v2.0/\'', + 'export OS_AUTH_URL=\'http://127.0.0.1:5000/v3/\'', 'export OS_AUTH_STRATEGY=\'keystone\'', 'export OS_REGION_NAME=\'RegionOne\'', + 'export OS_PROJECT_DOMAIN_NAME=\'default\'', + 'export OS_USER_DOMAIN_NAME=\'default\'', 'export CINDER_ENDPOINT_TYPE=\'publicURL\'', 'export GLANCE_ENDPOINT_TYPE=\'publicURL\'', 'export KEYSTONE_ENDPOINT_TYPE=\'publicURL\'', 'export NOVA_ENDPOINT_TYPE=\'publicURL\'', - 'export NEUTRON_ENDPOINT_TYPE=\'publicURL\'' + 'export NEUTRON_ENDPOINT_TYPE=\'publicURL\'', + 'export IDENTITY_API_VERSION=\'3\'', ]) end end @@ -31,9 +34,9 @@ describe 'openstack_extras::auth_file' do let :params do { :password => 'admin', - :auth_url => 'http://127.0.0.2:5000/v2.0/', + :auth_url => 'http://127.0.0.2:5000/v3/', :service_token => 'servicetoken', - :service_endpoint => 'http://127.0.0.2:35357/v2.0/', + :service_endpoint => 'http://127.0.0.2:35357/v3/', :username => 'myuser', :tenant_name => 'mytenant', :project_name => 'myproject', @@ -45,30 +48,32 @@ describe 'openstack_extras::auth_file' do :nova_endpoint_type => 'internalURL', :neutron_endpoint_type => 'internalURL', :auth_strategy => 'no_auth', - :user_domain => 'Default', - :project_domain => 'Default' + :user_domain => 'anotherdomain', + :project_domain => 'anotherdomain', + :identity_api_version => '3.1', } end it 'should create a openrc file' do verify_contents(catalogue, '/root/openrc', [ 'export OS_SERVICE_TOKEN=\'servicetoken\'', - 'export OS_SERVICE_ENDPOINT=\'http://127.0.0.2:35357/v2.0/\'', + 'export OS_SERVICE_ENDPOINT=\'http://127.0.0.2:35357/v3/\'', 'export OS_NO_CACHE=\'false\'', 'export OS_TENANT_NAME=\'mytenant\'', 'export OS_PROJECT_NAME=\'myproject\'', 'export OS_USERNAME=\'myuser\'', 'export OS_PASSWORD=\'admin\'', - 'export OS_AUTH_URL=\'http://127.0.0.2:5000/v2.0/\'', + 'export OS_AUTH_URL=\'http://127.0.0.2:5000/v3/\'', 'export OS_AUTH_STRATEGY=\'no_auth\'', 'export OS_REGION_NAME=\'myregion\'', - 'export OS_PROJECT_DOMAIN_NAME=\'Default\'', - 'export OS_USER_DOMAIN_NAME=\'Default\'', + 'export OS_PROJECT_DOMAIN_NAME=\'anotherdomain\'', + 'export OS_USER_DOMAIN_NAME=\'anotherdomain\'', 'export CINDER_ENDPOINT_TYPE=\'internalURL\'', 'export GLANCE_ENDPOINT_TYPE=\'internalURL\'', 'export KEYSTONE_ENDPOINT_TYPE=\'internalURL\'', 'export NOVA_ENDPOINT_TYPE=\'internalURL\'', - 'export NEUTRON_ENDPOINT_TYPE=\'internalURL\'' + 'export NEUTRON_ENDPOINT_TYPE=\'internalURL\'', + 'export IDENTITY_API_VERSION=\'3.1\'', ]) end end diff --git a/templates/openrc.erb b/templates/openrc.erb index 45ffcff..727b891 100644 --- a/templates/openrc.erb +++ b/templates/openrc.erb @@ -4,7 +4,9 @@ export OS_SERVICE_TOKEN='<%= @service_token.gsub(/'/){ %q(\') } %>' export OS_SERVICE_ENDPOINT='<%= @service_endpoint %>' <% end -%> export OS_NO_CACHE='<%= @use_no_cache %>' +<% if @tenant_name -%> export OS_TENANT_NAME='<%= @tenant_name %>' +<% end -%> <% if @project_name -%> export OS_PROJECT_NAME='<%= @project_name %>' <% end -%> @@ -24,3 +26,4 @@ export GLANCE_ENDPOINT_TYPE='<%= @glance_endpoint_type %>' export KEYSTONE_ENDPOINT_TYPE='<%= @keystone_endpoint_type %>' export NOVA_ENDPOINT_TYPE='<%= @nova_endpoint_type %>' export NEUTRON_ENDPOINT_TYPE='<%= @neutron_endpoint_type %>' +export IDENTITY_API_VERSION='<%= @identity_api_version %>'