diff --git a/lib/puppet/provider/openstack/auth.rb b/lib/puppet/provider/openstack/auth.rb index 677c9547..c5cb7717 100644 --- a/lib/puppet/provider/openstack/auth.rb +++ b/lib/puppet/provider/openstack/auth.rb @@ -3,8 +3,6 @@ require File.join(File.dirname(__FILE__), '..','..','..', 'puppet/provider/opens module Puppet::Provider::Openstack::Auth - RCFILENAME = "#{ENV['HOME']}/openrc" - CLOUDSFILENAMES = [ # This allows overrides by users "/etc/openstack/puppet/clouds.yaml", @@ -30,27 +28,6 @@ module Puppet::Provider::Openstack::Auth end end - def get_os_vars_from_rcfile(filename) - env = {} - rcfile = [filename, '/root/openrc'].detect { |f| File.exist? f } - unless rcfile.nil? - File.open(rcfile).readlines.delete_if{|l| l=~ /^#|^$/ }.each do |line| - # we only care about the OS_ vars from the file LP#1699950 - if line =~ /OS_/ - key, value = line.split('=') - key = key.split(' ').last - value = value.chomp.gsub(/'/, '') - env.merge!(key => value) if key =~ /OS_/ - end - end - end - return env - end - - def rc_filename - RCFILENAME - end - def clouds_filenames CLOUDSFILENAMES end @@ -67,11 +44,6 @@ module Puppet::Provider::Openstack::Auth clouds_env = get_os_vars_from_cloudsfile(scope) if ! clouds_env.empty? set_credentials(@credentials, clouds_env) - else - # If it fails then check rc files, to keep backword compatibility. - warning('Usage of rc file is deprecated and will be removed in a future release.') - @credentials.unset - set_credentials(@credentials, get_os_vars_from_rcfile(rc_filename)) end end diff --git a/releasenotes/notes/drop-rc-file-6c905f0be7a93ff3.yaml b/releasenotes/notes/drop-rc-file-6c905f0be7a93ff3.yaml new file mode 100644 index 00000000..afbccdce --- /dev/null +++ b/releasenotes/notes/drop-rc-file-6c905f0be7a93ff3.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The base provider class to manage OpenStack resources no longer attempts to + load credentials from ``openrc`` file in the user's home directory. Use + the ``clouds.yaml`` file instead. diff --git a/spec/unit/provider/openstack/auth_spec.rb b/spec/unit/provider/openstack/auth_spec.rb index 2dc0b994..a731de18 100644 --- a/spec/unit/provider/openstack/auth_spec.rb +++ b/spec/unit/provider/openstack/auth_spec.rb @@ -62,12 +62,6 @@ describe Puppet::Provider::Openstack::Auth do end end - describe '#rc_filename' do - it 'returns RCFILENAME' do - expect(klass.rc_filename).to eq("#{ENV['HOME']}/openrc") - end - end - describe '#get_os_from_env' do context 'with Openstack environment variables set' do it 'provides a hash' do @@ -122,70 +116,6 @@ describe Puppet::Provider::Openstack::Auth do end end - describe '#get_os_vars_from_rcfile' do - context 'with a valid RC file' do - it 'provides a hash' do - content = "export OS_USERNAME='test'\nexport OS_PASSWORD='abc123'\nexport OS_PROJECT_NAME='test'\nexport OS_AUTH_URL='http://127.0.0.1:5000'" - filename = 'file' - expect(File).to receive(:exist?).with('file').and_return(true) - expect(File).to receive(:open).with('file').and_return(StringIO.new(content)) - - response = klass.get_os_vars_from_rcfile(filename) - expect(response).to eq({ - "OS_AUTH_URL" => "http://127.0.0.1:5000", - "OS_PASSWORD" => "abc123", - "OS_PROJECT_NAME" => "test", - "OS_USERNAME" => "test"}) - end - end - - context 'with a valid RC file with extra code in it' do - it 'provides a hash' do - content = "export OS_USERNAME='test'\nexport OS_PASSWORD='abc123'\nexport OS_PROJECT_NAME='test'\nexport OS_AUTH_URL='http://127.0.0.1:5000'\n_openstack() {\n foo\n} " - filename = 'file' - expect(File).to receive(:exist?).with('file').and_return(true) - expect(File).to receive(:open).with('file').and_return(StringIO.new(content)) - - response = klass.get_os_vars_from_rcfile(filename) - expect(response).to eq({ - "OS_AUTH_URL" => "http://127.0.0.1:5000", - "OS_PASSWORD" => "abc123", - "OS_PROJECT_NAME" => "test", - "OS_USERNAME" => "test"}) - end - end - - context 'with an empty file' do - it 'provides an empty hash' do - filename = 'file' - expect(File).to receive(:exist?).with(filename).and_return(true) - expect(File).to receive(:open).with(filename).and_return(StringIO.new("")) - - response = klass.get_os_vars_from_rcfile(filename) - expect(response).to eq({}) - end - end - - context 'with a nonexistent file' do - it 'should get default rcfile when no environment or openrc file' do - ENV.clear - content = "export OS_USERNAME='user'\nexport OS_PASSWORD='secret'\nexport OS_PROJECT_NAME='project'\nexport OS_AUTH_URL='http://127.0.0.1:5000'" - filename = '/root/openrc' - - expect(File).to receive(:exist?).with("#{ENV['HOME']}/openrc").and_return(false) - expect(File).to receive(:exist?).with(filename).and_return(true) - expect(File).to receive(:open).with(filename).and_return(StringIO.new(content)) - - expect(klass.get_os_vars_from_rcfile("#{ENV['HOME']}/openrc")).to eq({ - 'OS_USERNAME' => 'user', - 'OS_PASSWORD' => 'secret', - 'OS_PROJECT_NAME' => 'project', - 'OS_AUTH_URL' => 'http://127.0.0.1:5000' - }) - end - end - end - before(:each) do class Puppet::Provider::Openstack::AuthTester @credentials = Puppet::Provider::Openstack::CredentialsV3.new @@ -267,58 +197,5 @@ describe Puppet::Provider::Openstack::Auth do }) end end - - context 'with a RC file containing user credentials' do - it 'is successful' do - # return incomplete creds from env - expect(klass).to receive(:get_os_vars_from_env) - .and_return({ 'OS_USERNAME' => 'incompleteusername', - 'OS_AUTH_URL' => 'incompleteauthurl' }) - content = "export OS_USERNAME='test'\nexport OS_PASSWORD='abc123'\nexport OS_PROJECT_NAME='test'\nexport OS_AUTH_URL='http://127.0.0.1:5000'\nexport OS_NOT_VALID='notvalid'" - expect(File).to receive(:exist?).with("/etc/openstack/puppet/clouds.yaml").and_return(false) - expect(File).to receive(:exist?).with("/etc/openstack/puppet/admin-clouds.yaml").and_return(false) - expect(File).to receive(:exist?).with("#{ENV['HOME']}/openrc").and_return(true) - expect(File).to receive(:open).with("#{ENV['HOME']}/openrc").and_return(StringIO.new(content)) - expect(klass).to receive(:openstack) - .with('project', 'list', '--quiet', '--format', 'csv', ['--long']) - .and_return('"ID","Name","Description","Enabled" -"1cb05cfed7c24279be884ba4f6520262","test","Test tenant",True -') - response = provider.class.request('project', 'list', ['--long']) - expect(response.first[:description]).to eq("Test tenant") - expect(klass.instance_variable_get(:@credentials).to_env).to eq({ - 'OS_USERNAME' => 'test', - 'OS_PASSWORD' => 'abc123', - 'OS_PROJECT_NAME' => 'test', - 'OS_AUTH_URL' => 'http://127.0.0.1:5000', - 'OS_IDENTITY_API_VERSION' => '3' - }) - end - end - - context 'with a RC file containing service token credentials' do - it 'is successful' do - # return incomplete creds from env - expect(klass).to receive(:get_os_vars_from_env) - .and_return({ 'OS_TOKEN' => 'incomplete' }) - content = "export OS_TOKEN='test'\nexport OS_ENDPOINT='abc123'\nexport OS_NOT_VALID='notvalid'\n" - expect(File).to receive(:exist?).with("/etc/openstack/puppet/clouds.yaml").and_return(false) - expect(File).to receive(:exist?).with("/etc/openstack/puppet/admin-clouds.yaml").and_return(false) - expect(File).to receive(:exist?).with("#{ENV['HOME']}/openrc").and_return(true) - expect(File).to receive(:open).with("#{ENV['HOME']}/openrc").and_return(StringIO.new(content)) - expect(klass).to receive(:openstack) - .with('project', 'list', '--quiet', '--format', 'csv', ['--long']) - .and_return('"ID","Name","Description","Enabled" -"1cb05cfed7c24279be884ba4f6520262","test","Test tenant",True -') - response = klass.request('project', 'list', ['--long']) - expect(response.first[:description]).to eq("Test tenant") - expect(klass.instance_variable_get(:@credentials).to_env).to eq({ - 'OS_IDENTITY_API_VERSION' => '3', - 'OS_TOKEN' => 'test', - 'OS_ENDPOINT' => 'abc123', - }) - end - end end end