From f87e43e8a80ebf1e8bf9bb0a50160dfc6d735153 Mon Sep 17 00:00:00 2001 From: David Moreau Simard Date: Thu, 11 Jun 2015 17:52:18 -0400 Subject: [PATCH] Introduce public_url(_s3), internal_url(_s3) and admin_url(_s3) This change deprecates the following parameters: - endpoint_prefix: replaced by public/internal/admin_url - port: replaced by public/internal/admin_url(_s3) - public_port: replaced by public_url(_s3) - public_protocol: replaced by public_url(_s3) - public_address: replaced by public_url(_s3) - public_port: replaced by public_url - internal_protocol: replaced by internal_url - internal_address: replaced by internal_url - admin_protocol: replaced by admin_url - admin_address: replaced by admin_url Add deprecation warnings if any of those values are provided while maintaining full backward compatibility. Co-Authored-By: David Moreau Simard Co-Authored-By: Richard Raseley Closes-bug: #1274979 Change-Id: Ie4afc21ac6e9539edd70635de7f3db957a22467e --- manifests/keystone/auth.pp | 266 +++++++++++++++++------ spec/classes/swift_keystone_auth_spec.rb | 118 ++++++---- 2 files changed, 277 insertions(+), 107 deletions(-) diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp index b3b3709f..f1899918 100644 --- a/manifests/keystone/auth.pp +++ b/manifests/keystone/auth.pp @@ -15,14 +15,6 @@ # String. The user's password. # Optional. Defaults to 'swift_password'. # -# [*port*] -# (Optional) Port for endpoint. -# Defaults to '8080'. -# -# [*public_port*] -# (Optional) Port for endpoint. -# Defaults to '8080'. -# # [*tenant*] # (Optional) The tenant to use for the swift service user # Defaults to 'services' @@ -39,29 +31,6 @@ # (Optional) Array of strings. List of roles Swift considers as admin. # Defaults to '['admin', 'SwiftOperator']' # -# [*public_protocol*] -# (Optional) Protocol to use for the public endpoint. Can be http or https. -# Defaults to 'http' -# -# [*public_address*] -# (Optional) Public address for endpoint. -# Defaults to '127.0.0.1'. -# -# [*admin_protocol*] -# (Optional) Protocol for admin endpoints. -# Defaults to 'http'. -# -# [*admin_address*] -# (Optional) Admin address for endpoint. -# Defaults to '127.0.0.1'. -# -# [*internal_protocol*] -# Protocol for internal endpoints. Defaults to 'http'. -# -# [*internal_address*] -# (Optional) Internal address for endpoint. -# Defaults to '127.0.0.1'. -# # [*configure_endpoint*] # (optional) Whether to create the endpoint. # Defaults to true @@ -70,10 +39,6 @@ # (optional) Whether to create the S3 endpoint. # Defaults to true # -# [*endpoint_prefix*] -# (optional) The prefix endpoint, used for endpoint URL. -# Defaults to 'AUTH' -# # [*service_name*] # (optional) Name of the service. # Defaults to the value of auth_name, but must differ from the value @@ -84,27 +49,212 @@ # Defaults to the value of auth_name_s3, but must differ from the value # of service_name. # +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s') +# This url should *not* contain any trailing '/'. +# +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8080') +# This url should *not* contain any trailing '/'. +# +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s') +# This url should *not* contain any trailing '/'. +# +# [*public_url_s3*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8080') +# This url should *not* contain any trailing '/'. +# +# [*admin_url_s3*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8080') +# This url should *not* contain any trailing '/'. +# +# [*internal_url_s3*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8080') +# This url should *not* contain any trailing '/'. +# +# [*endpoint_prefix*] +# (optional) DEPRECATED: Use public_url, internal_url and admin_url instead. +# The prefix endpoint, used for endpoint URL. (Defaults to 'AUTH') +# Setting this parameter overrides public_url, internal_url and admin_url parameters. +# +# [*port*] +# (optional) DEPRECATED: Use public_url(_s3), internal_url(_s3) and admin_url(_s3) instead. +# Default port for endpoints. (Defaults to 8080) +# Setting this parameter overrides public_url(_s3), internal_url(_s3) and admin_url(_s3) parameters. +# +# [*public_port*] +# (optional) DEPRECATED: Use public_url(_s3) instead. +# Default port for endpoints. (Defaults to $port) +# Setting this parameter overrides public_url(_s3) parameter. +# +# [*public_protocol*] +# (optional) DEPRECATED: Use public_url instead. +# Protocol for public endpoint. (Defaults to 'http') +# Setting this parameter overrides public_url parameter. +# +# [*public_address*] +# (optional) DEPRECATED: Use public_url instead. +# Public address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides public_url parameter. +# +# [*internal_protocol*] +# (optional) DEPRECATED: Use internal_url instead. +# Protocol for internal endpoint. (Defaults to 'http') +# Setting this parameter overrides internal_url parameter. +# +# [*internal_address*] +# (optional) DEPRECATED: Use internal_url instead. +# Internal address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides internal_url parameter. +# +# [*admin_protocol*] +# (optional) DEPRECATED: Use admin_url instead. +# Protocol for admin endpoint. (Defaults to 'http') +# Setting this parameter overrides admin_url parameter. +# +# [*admin_address*] +# (optional) DEPRECATED: Use admin_url instead. +# Admin address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides admin_url parameter. +# +# === Deprecation notes +# +# If any value is provided for public_protocol, public_address or port parameters, +# public_url will be completely ignored. The same applies for internal and admin parameters. +# +# === Examples +# +# class { 'swift::keystone::auth': +# public_url => 'https://10.0.0.10:8080/v1/AUTH_%(tenant_id)s', +# internal_url => 'https://10.0.0.11:8080/v1/AUTH_%(tenant_id)s', +# admin_url => 'https://10.0.0.11:8080', +# public_url_s3 => 'https://10.0.0.10:8080', +# internal_url_s3 => 'https://10.0.0.11:8080', +# admin_url_s3 => 'https://10.0.0.11:8080', +# } +# class swift::keystone::auth( $auth_name = 'swift', $password = 'swift_password', - $port = '8080', $tenant = 'services', $email = 'swift@localhost', $region = 'RegionOne', $operator_roles = ['admin', 'SwiftOperator'], $service_name = undef, $service_name_s3 = undef, - $public_protocol = 'http', - $public_address = '127.0.0.1', - $public_port = undef, - $admin_protocol = 'http', - $admin_address = undef, - $internal_protocol = 'http', - $internal_address = undef, $configure_endpoint = true, $configure_s3_endpoint = true, - $endpoint_prefix = 'AUTH', + $public_url = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s', + $admin_url = 'http://127.0.0.1:8080', + $internal_url = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s', + $public_url_s3 = 'http://127.0.0.1:8080', + $admin_url_s3 = 'http://127.0.0.1:8080', + $internal_url_s3 = 'http://127.0.0.1:8080', + # DEPRECATED PARAMETERS + $endpoint_prefix = undef, + $port = undef, + $public_port = undef, + $public_protocol = undef, + $public_address = undef, + $internal_protocol = undef, + $internal_address = undef, + $admin_protocol = undef, + $admin_address = undef, ) { + + if $endpoint_prefix { + warning('The endpoint_prefix parameter is deprecated, use public_url, internal_url and admin_url instead.') + } + + if $port { + warning('The port parameter is deprecated, use public_url, internal_url, admin_url, public_url_s3, internal_url_s3 and admin_url_s3 instead.') + } + + if $public_port { + warning('The public_port parameter is deprecated, use public_url and public_url_s3 instead.') + } + + if $public_protocol { + warning('The public_protocol parameter is deprecated, use public_url and public_url_s3 instead.') + } + + if $internal_protocol { + warning('The internal_protocol parameter is deprecated, use internal_url and internal_url_s3 instead.') + } + + if $admin_protocol { + warning('The admin_protocol parameter is deprecated, use admin_url and admin_url_s3 instead.') + } + + if $public_address { + warning('The public_address parameter is deprecated, use public_url and public_url_s3 instead.') + } + + if $internal_address { + warning('The internal_address parameter is deprecated, use internal_url and internal_url_s3 instead.') + } + + if $admin_address { + warning('The admin_address parameter is deprecated, use admin_url and admin_url_s3 instead.') + } + + if ($public_protocol or $public_address or $port or $public_port or $endpoint_prefix) { + $public_url_real = sprintf('%s://%s:%s/v1/%s_%%(tenant_id)s', + pick($public_protocol, 'http'), + pick($public_address, '127.0.0.1'), + pick($public_port, $port, '8080'), + pick($endpoint_prefix, 'AUTH')) + } else { + $public_url_real = $public_url + } + + if ($admin_protocol or $admin_address or $public_address or $port) { + $admin_url_real = sprintf('%s://%s:%s', + pick($admin_protocol, 'http'), + pick($admin_address, $public_address, '127.0.0.1'), + pick($port, '8080')) + } else { + $admin_url_real = $admin_url + } + + if ($internal_protocol or $internal_address or $public_address or $port or $endpoint_prefix) { + $internal_url_real = sprintf('%s://%s:%s/v1/%s_%%(tenant_id)s', + pick($internal_protocol, 'http'), + pick($internal_address, $public_address, '127.0.0.1'), + pick($port, '8080'), + pick($endpoint_prefix, 'AUTH')) + } else { + $internal_url_real = $internal_url + } + + if ($public_protocol or $public_address or $port or $public_port) { + $public_url_s3_real = sprintf('%s://%s:%s', + pick($public_protocol, 'http'), + pick($public_address, '127.0.0.1'), + pick($public_port, $port, '8080')) + } else { + $public_url_s3_real = $public_url_s3 + } + + if ($admin_protocol or $admin_address or $public_address or $port) { + $admin_url_s3_real = sprintf('%s://%s:%s', + pick($admin_protocol, 'http'), + pick($admin_address, $public_address, '127.0.0.1'), + pick($port, '8080')) + } else { + $admin_url_s3_real = $admin_url_s3 + } + + if ($internal_protocol or $internal_address or $public_address or $port) { + $internal_url_s3_real = sprintf('%s://%s:%s', + pick($internal_protocol, 'http'), + pick($internal_address, $public_address, '127.0.0.1'), + pick($port, '8080')) + } else { + $internal_url_s3_real = $internal_url_s3 + } + $real_service_name = pick($service_name, $auth_name) $real_service_name_s3 = pick($service_name_s3, "${auth_name}_s3") @@ -112,22 +262,6 @@ class swift::keystone::auth( fail('cinder::keystone::auth parameters service_name and service_name_s3 must be different.') } - if ! $public_port { - $real_public_port = $port - } else { - $real_public_port = $public_port - } - if ! $admin_address { - $real_admin_address = $public_address - } else { - $real_admin_address = $admin_address - } - if ! $internal_address { - $real_internal_address = $public_address - } else { - $real_internal_address = $internal_address - } - keystone::resource::service_identity { 'swift': configure_endpoint => $configure_endpoint, service_name => $real_service_name, @@ -138,9 +272,9 @@ class swift::keystone::auth( password => $password, email => $email, tenant => $tenant, - public_url => "${public_protocol}://${public_address}:${real_public_port}/v1/${endpoint_prefix}_%(tenant_id)s", - admin_url => "${admin_protocol}://${real_admin_address}:${port}/", - internal_url => "${internal_protocol}://${real_internal_address}:${port}/v1/${endpoint_prefix}_%(tenant_id)s", + public_url => $public_url_real, + admin_url => $admin_url_real, + internal_url => $internal_url_real, } keystone::resource::service_identity { 'swift_s3': @@ -152,9 +286,9 @@ class swift::keystone::auth( service_type => 's3', service_description => 'Openstack S3 Service', region => $region, - public_url => "${public_protocol}://${public_address}:${real_public_port}", - admin_url => "${admin_protocol}://${real_admin_address}:${port}", - internal_url => "${internal_protocol}://${real_internal_address}:${port}", + public_url => $public_url_s3_real, + admin_url => $admin_url_s3_real, + internal_url => $internal_url_s3_real, } if $operator_roles { diff --git a/spec/classes/swift_keystone_auth_spec.rb b/spec/classes/swift_keystone_auth_spec.rb index 5a487b8d..7fc3c0e6 100644 --- a/spec/classes/swift_keystone_auth_spec.rb +++ b/spec/classes/swift_keystone_auth_spec.rb @@ -15,13 +15,12 @@ describe 'swift::keystone::auth' do :email => 'swift@localhost', :region => 'RegionOne', :operator_roles => ['admin', 'SwiftOperator'], - :public_protocol => 'http', - :public_address => '127.0.0.1', - :admin_protocol => 'http', - :admin_address => '127.0.0.1', - :internal_protocol => 'http', - :internal_address => '127.0.0.1', - :endpoint_prefix => 'AUTH', + :public_url => 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s', + :admin_url => 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s', + :internal_url => 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s', + :public_url_s3 => 'http://127.0.0.1:8080', + :admin_url_s3 => 'http://127.0.0.1:8080', + :internal_url_s3 => 'http://127.0.0.1:8080', } end @@ -34,7 +33,63 @@ describe 'swift::keystone::auth' do end end - context 'with custom class parameters' do + context 'with custom parameters' do + before do + params.merge!({ + :auth_name => 'object_store', + :password => 'passw0rd', + :tenant => 'admin', + :email => 'object_store@localhost', + :region => 'RegionTwo', + :operator_roles => ['admin', 'SwiftOperator', 'Gopher'], + :public_url => 'https://10.0.0.10:8080/v1/AUTH_%(tenant_id)s', + :internal_url => 'https://10.0.0.11:8080/v1/AUTH_%(tenant_id)s', + :admin_url => 'https://10.0.0.11:8080/v1/AUTH_%(tenant_id)s', + :public_url_s3 => 'https://10.0.0.10:8080', + :internal_url_s3 => 'https://10.0.0.11:8080', + :admin_url_s3 => 'https://10.0.0.11:8080', + }) + end + + it_configures 'keystone auth configuration' + + ['admin', 'SwiftOperator', 'Gopher'].each do |role_name| + it { is_expected.to contain_keystone_role(role_name).with_ensure('present') } + end + + it { is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}").with( + :ensure => 'present', + :public_url => params[:public_url], + :admin_url => params[:admin_url], + :internal_url => params[:internal_url], + )} + + it { is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}_s3").with( + :ensure => 'present', + :public_url => params[:public_url_s3], + :admin_url => params[:admin_url_s3], + :internal_url => params[:internal_url_s3], + )} + + context 'when disabling endpoint configuration' do + before do + params.merge!(:configure_endpoint => false) + end + + it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift') } + end + + context 'when disabling S3 endpoint' do + before do + params.merge!(:configure_s3_endpoint => false) + end + + it { is_expected.to_not contain_keystone_service('swift_s3') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift_s3') } + end + end + + context 'with deprecated endpoint parameters' do before do params.merge!({ :auth_name => 'object_store', @@ -55,28 +110,23 @@ describe 'swift::keystone::auth' do }) end - it_configures 'keystone auth configuration' - - ['admin', 'SwiftOperator', 'Gopher'].each do |role_name| - it { is_expected.to contain_keystone_role(role_name).with_ensure('present') } - end - end - - context 'when disabling endpoint configuration' do - before do - params.merge!(:configure_endpoint => false) + let :p do + default_params.merge( params ) end - it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift') } - end + it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}").with( + :ensure => 'present', + :public_url => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:public_port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s", + :admin_url => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}", + :internal_url => "#{p[:internal_protocol]}://#{p[:internal_address]}:#{p[:port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s" + )} - context 'when disabling S3 endpoint' do - before do - params.merge!(:configure_s3_endpoint => false) - end - - it { is_expected.to_not contain_keystone_service('swift_s3') } - it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift_s3') } + it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}_s3").with( + :ensure => 'present', + :public_url => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:port]}", + :admin_url => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}", + :internal_url => "#{p[:internal_protocol]}://#{p[:internal_address]}:#{p[:port]}" + )} end end @@ -102,25 +152,11 @@ describe 'swift::keystone::auth' do :description => 'Openstack Object-Store Service' )} - it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}").with( - :ensure => 'present', - :public_url => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s", - :admin_url => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}/", - :internal_url => "#{p[:internal_protocol]}://#{p[:internal_address]}:#{p[:port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s" - )} - it { is_expected.to contain_keystone_service("#{p[:auth_name]}_s3").with( :ensure => 'present', :type => 's3', :description => 'Openstack S3 Service' )} - - it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}_s3").with( - :ensure => 'present', - :public_url => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:port]}", - :admin_url => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}", - :internal_url => "#{p[:internal_protocol]}://#{p[:internal_address]}:#{p[:port]}" - )} end context 'on Debian platforms' do