Stop reading keystone_authtoken options

Using credentials in keystone_authtoken options for sahara_* resources was deprecated some cycles ago[1]. [1] 67d927581e Change-Id: I1d0e5bd29034daf70b8fc8ec531f071e8b640475
2023-11-16 15:34:53 +09:00 · 2023-11-16 15:34:53 +09:00 · 6da1886edc
commit 6da1886edc
parent 743331c9f4
3 changed files with 10 additions and 135 deletions
--- a/lib/puppet/provider/sahara.rb
+++ b/lib/puppet/provider/sahara.rb
@ -1,94 +1,10 @@
-require 'puppet/util/inifile'
 require 'puppet/provider/openstack'
 require 'puppet/provider/openstack/auth'
-require 'puppet/provider/openstack/credentials'

 class Puppet::Provider::Sahara < Puppet::Provider::Openstack

  extend Puppet::Provider::Openstack::Auth

-  def self.conf_filename
-    '/etc/sahara/sahara.conf'
-  end
-
-  def self.sahara_conf
-    return @sahara_conf if @sahara_conf
-    @sahara_conf = Puppet::Util::IniConfig::File.new
-    @sahara_conf.read(conf_filename)
-    @sahara_conf
-  end
-
-  def self.request(service, action, properties=nil)
-    begin
-      super
-    rescue Puppet::Error::OpenstackAuthInputError, Puppet::Error::OpenstackUnauthorizedError => error
-      sahara_request(service, action, error, properties)
-    end
-  end
-
-  def self.sahara_request(service, action, error, properties=nil)
-    warning('Usage of keystone_authtoken parameters is deprecated.')
-    properties ||= []
-    @credentials.username = sahara_credentials['username']
-    @credentials.password = sahara_credentials['password']
-    @credentials.project_name = sahara_credentials['project_name']
-    @credentials.auth_url = auth_endpoint
-    if sahara_credentials['region_name']
-      @credentials.region_name = sahara_credentials['region_name']
-    end
-    if @credentials.version == '3'
-      @credentials.user_domain_name = sahara_credentials['user_domain_name']
-      @credentials.project_domain_name = sahara_credentials['project_domain_name']
-    end
-    raise error unless @credentials.set?
-    Puppet::Provider::Openstack.request(service, action, properties, @credentials)
-  end
-
-  def self.sahara_credentials
-    @sahara_credentials ||= get_sahara_credentials
-  end
-
-  def sahara_credentials
-    self.class.sahara_credentials
-  end
-
-  def self.get_sahara_credentials
-    auth_keys = ['auth_url', 'project_name', 'username',
-                 'password']
-    conf = sahara_conf
-    if conf and conf['keystone_authtoken'] and
-        auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?}
-      creds = Hash[ auth_keys.map \
-                   { |k| [k, conf['keystone_authtoken'][k].strip] } ]
-      if conf['project_domain_name']
-        creds['project_domain_name'] = conf['project_domain_name']
-      else
-        creds['project_domain_name'] = 'Default'
-      end
-      if conf['user_domain_name']
-        creds['user_domain_name'] = conf['user_domain_name']
-      else
-        creds['user_domain_name'] = 'Default'
-      end
-      if conf['keystone_authtoken']['region_name']
-        creds['region_name'] = conf['keystone_authtoken']['region_name']
-      end
-      return creds
-    else
-      raise(Puppet::Error, "File: #{conf_filename} does not contain all " +
-            "required sections. Can not to authenticate Sahara.")
-    end
-  end
-
-  def self.get_auth_endpoint
-    q = sahara_credentials
-    "#{q['auth_url']}"
-  end
-
-  def self.auth_endpoint
-    @auth_endpoint ||= get_auth_endpoint
-  end
-
  def self.flavors_list
    unless @flavors_hash
      list = request('flavor', 'list')
@ -106,8 +22,7 @@ class Puppet::Provider::Sahara < Puppet::Provider::Openstack
  end

  def self.reset
-    @sahara_conf = nil
-    @sahara_credentials = nil
-    @auth_endpoint = nil
+    @flavors_hash = nil
+    @network_hash = nil
  end
 end
--- a/releasenotes/notes/stop-reading-authtoken-opts-d06097cb2053aa42.yaml
+++ b/releasenotes/notes/stop-reading-authtoken-opts-d06097cb2053aa42.yaml
@ -0,0 +1,8 @@
+---
+upgrade:
+  - |
+    The following resource types no longer attempts to load user credentials
+    from the ``[keystone_authtoken]`` section in ``sahara.conf``.
+
+    - ``sahara_cluster_template``
+    - ``sahara_node_group_template``
--- a/spec/unit/provider/sahara_spec.rb
+++ b/spec/unit/provider/sahara_spec.rb
@ -1,48 +0,0 @@
-require 'puppet'
-require 'spec_helper'
-require 'puppet/provider/sahara'
-require 'tempfile'
-
-klass = Puppet::Provider::Sahara
-
-describe Puppet::Provider::Sahara do
-
-  after :each do
-    klass.reset
-  end
-
-  describe 'when retrieving the auth credentials' do
-
-    it 'should fail if no auth params are passed and the glance config file does not have the expected contents' do
-      mock = {}
-      expect(Puppet::Util::IniConfig::File).to receive(:new).and_return(mock)
-      expect(mock).to receive(:read).with('/etc/sahara/sahara.conf')
-      expect do
-        klass.sahara_credentials
-      end.to raise_error(Puppet::Error, /Can not to authenticate Sahara/)
-    end
-
-    it 'should read conf file with all sections' do
-      creds_hash = {
-        'auth_url'            => 'https://192.168.56.210:5000/v3/',
-        'project_name'        => 'admin_tenant',
-        'username'            => 'admin',
-        'password'            => 'password',
-        'project_domain_name' => 'Default',
-        'user_domain_name'    => 'Default',
-      }
-      mock = {
-        'keystone_authtoken' => {
-          'auth_url'     => 'https://192.168.56.210:5000/v3/',
-          'project_name' => 'admin_tenant',
-          'username'     => 'admin',
-          'password'     => 'password',
-        }
-      }
-      expect(Puppet::Util::IniConfig::File).to receive(:new).and_return(mock)
-      expect(mock).to receive(:read).with('/etc/sahara/sahara.conf')
-      expect(klass.sahara_credentials).to eq(creds_hash)
-    end
-
-  end
-end