openstack/puppet-openstacklib
Code Issues Proposed changes

Drop deprecated fallback to openrc

Browse Source 
It was deprecated 3 years ago when we introduced the logic to use
clouds.yaml [1].

[1] 08bf393ee4

Depends-on: https://review.opendev.org/966472
Change-Id: I4d9a97a58791889bee06143ebb63469d7a5fa8be
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2025-11-07 23:37:38 +09:00
parent 8c525c0b24
commit 1311b4471a
3 changed files with 6 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
lib/puppet/provider/openstack/auth.rb
View File

@@ -3,8 +3,6 @@ require File.join(File.dirname(__FILE__), '..','..','..', 'puppet/provider/opens
module Puppet::Provider::Openstack::Auth
RCFILENAME = "#{ENV['HOME']}/openrc"
CLOUDSFILENAMES = [
# This allows overrides by users
"/etc/openstack/puppet/clouds.yaml",
@@ -30,27 +28,6 @@ module Puppet::Provider::Openstack::Auth
end
end
def get_os_vars_from_rcfile(filename)
env = {}
rcfile = [filename, '/root/openrc'].detect { |f| File.exist? f }
unless rcfile.nil?
File.open(rcfile).readlines.delete_if{|l| l=~ /^#|^$/ }.each do |line|
# we only care about the OS_ vars from the file LP#1699950
if line =~ /OS_/
key, value = line.split('=')
key = key.split(' ').last
value = value.chomp.gsub(/'/, '')
env.merge!(key => value) if key =~ /OS_/
end
end
end
return env
end
def rc_filename
RCFILENAME
end
def clouds_filenames
CLOUDSFILENAMES
end
@@ -67,11 +44,6 @@ module Puppet::Provider::Openstack::Auth
clouds_env = get_os_vars_from_cloudsfile(scope)
if ! clouds_env.empty?
set_credentials(@credentials, clouds_env)
else
# If it fails then check rc files, to keep backword compatibility.
warning('Usage of rc file is deprecated and will be removed in a future release.')
@credentials.unset
set_credentials(@credentials, get_os_vars_from_rcfile(rc_filename))
end
end

6
releasenotes/notes/drop-rc-file-6c905f0be7a93ff3.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
upgrade:
- |
The base provider class to manage OpenStack resources no longer attempts to
load credentials from ``openrc`` file in the user's home directory. Use
the ``clouds.yaml`` file instead.

123
spec/unit/provider/openstack/auth_spec.rb
View File

@@ -62,12 +62,6 @@ describe Puppet::Provider::Openstack::Auth do
end
end
describe '#rc_filename' do
it 'returns RCFILENAME' do
expect(klass.rc_filename).to eq("#{ENV['HOME']}/openrc")
end
end
describe '#get_os_from_env' do
context 'with Openstack environment variables set' do
it 'provides a hash' do
@@ -122,70 +116,6 @@ describe Puppet::Provider::Openstack::Auth do
end
end
describe '#get_os_vars_from_rcfile' do
context 'with a valid RC file' do
it 'provides a hash' do
content = "export OS_USERNAME='test'\nexport OS_PASSWORD='abc123'\nexport OS_PROJECT_NAME='test'\nexport OS_AUTH_URL='http://127.0.0.1:5000'"
filename = 'file'
expect(File).to receive(:exist?).with('file').and_return(true)
expect(File).to receive(:open).with('file').and_return(StringIO.new(content))
response = klass.get_os_vars_from_rcfile(filename)
expect(response).to eq({
"OS_AUTH_URL" => "http://127.0.0.1:5000",
"OS_PASSWORD" => "abc123",
"OS_PROJECT_NAME" => "test",
"OS_USERNAME" => "test"})
end
end
context 'with a valid RC file with extra code in it' do
it 'provides a hash' do
content = "export OS_USERNAME='test'\nexport OS_PASSWORD='abc123'\nexport OS_PROJECT_NAME='test'\nexport OS_AUTH_URL='http://127.0.0.1:5000'\n_openstack() {\n foo\n} "
filename = 'file'
expect(File).to receive(:exist?).with('file').and_return(true)
expect(File).to receive(:open).with('file').and_return(StringIO.new(content))
response = klass.get_os_vars_from_rcfile(filename)
expect(response).to eq({
"OS_AUTH_URL" => "http://127.0.0.1:5000",
"OS_PASSWORD" => "abc123",
"OS_PROJECT_NAME" => "test",
"OS_USERNAME" => "test"})
end
end
context 'with an empty file' do
it 'provides an empty hash' do
filename = 'file'
expect(File).to receive(:exist?).with(filename).and_return(true)
expect(File).to receive(:open).with(filename).and_return(StringIO.new(""))
response = klass.get_os_vars_from_rcfile(filename)
expect(response).to eq({})
end
end
context 'with a nonexistent file' do
it 'should get default rcfile when no environment or openrc file' do
ENV.clear
content = "export OS_USERNAME='user'\nexport OS_PASSWORD='secret'\nexport OS_PROJECT_NAME='project'\nexport OS_AUTH_URL='http://127.0.0.1:5000'"
filename = '/root/openrc'
expect(File).to receive(:exist?).with("#{ENV['HOME']}/openrc").and_return(false)
expect(File).to receive(:exist?).with(filename).and_return(true)
expect(File).to receive(:open).with(filename).and_return(StringIO.new(content))
expect(klass.get_os_vars_from_rcfile("#{ENV['HOME']}/openrc")).to eq({
'OS_USERNAME' => 'user',
'OS_PASSWORD' => 'secret',
'OS_PROJECT_NAME' => 'project',
'OS_AUTH_URL' => 'http://127.0.0.1:5000'
})
end
end
end
before(:each) do
class Puppet::Provider::Openstack::AuthTester
@credentials = Puppet::Provider::Openstack::CredentialsV3.new
@@ -267,58 +197,5 @@ describe Puppet::Provider::Openstack::Auth do
})
end
end
context 'with a RC file containing user credentials' do
it 'is successful' do
# return incomplete creds from env
expect(klass).to receive(:get_os_vars_from_env)
.and_return({ 'OS_USERNAME' => 'incompleteusername',
'OS_AUTH_URL' => 'incompleteauthurl' })
content = "export OS_USERNAME='test'\nexport OS_PASSWORD='abc123'\nexport OS_PROJECT_NAME='test'\nexport OS_AUTH_URL='http://127.0.0.1:5000'\nexport OS_NOT_VALID='notvalid'"
expect(File).to receive(:exist?).with("/etc/openstack/puppet/clouds.yaml").and_return(false)
expect(File).to receive(:exist?).with("/etc/openstack/puppet/admin-clouds.yaml").and_return(false)
expect(File).to receive(:exist?).with("#{ENV['HOME']}/openrc").and_return(true)
expect(File).to receive(:open).with("#{ENV['HOME']}/openrc").and_return(StringIO.new(content))
expect(klass).to receive(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv', ['--long'])
.and_return('"ID","Name","Description","Enabled"
"1cb05cfed7c24279be884ba4f6520262","test","Test tenant",True
')
response = provider.class.request('project', 'list', ['--long'])
expect(response.first[:description]).to eq("Test tenant")
expect(klass.instance_variable_get(:@credentials).to_env).to eq({
'OS_USERNAME' => 'test',
'OS_PASSWORD' => 'abc123',
'OS_PROJECT_NAME' => 'test',
'OS_AUTH_URL' => 'http://127.0.0.1:5000',
'OS_IDENTITY_API_VERSION' => '3'
})
end
end
context 'with a RC file containing service token credentials' do
it 'is successful' do
# return incomplete creds from env
expect(klass).to receive(:get_os_vars_from_env)
.and_return({ 'OS_TOKEN' => 'incomplete' })
content = "export OS_TOKEN='test'\nexport OS_ENDPOINT='abc123'\nexport OS_NOT_VALID='notvalid'\n"
expect(File).to receive(:exist?).with("/etc/openstack/puppet/clouds.yaml").and_return(false)
expect(File).to receive(:exist?).with("/etc/openstack/puppet/admin-clouds.yaml").and_return(false)
expect(File).to receive(:exist?).with("#{ENV['HOME']}/openrc").and_return(true)
expect(File).to receive(:open).with("#{ENV['HOME']}/openrc").and_return(StringIO.new(content))
expect(klass).to receive(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv', ['--long'])
.and_return('"ID","Name","Description","Enabled"
"1cb05cfed7c24279be884ba4f6520262","test","Test tenant",True
')
response = klass.request('project', 'list', ['--long'])
expect(response.first[:description]).to eq("Test tenant")
expect(klass.instance_variable_get(:@credentials).to_env).to eq({
'OS_IDENTITY_API_VERSION' => '3',
'OS_TOKEN' => 'test',
'OS_ENDPOINT' => 'abc123',
})
end
end
end
end