Fix use of deprecated "api_class" key manager option

Deprecate the keymgr_api_class input parameter and replace with new keymgr_backend option. This mimics an equivalent set of changes in puppet-cinder and puppet-nova, which were driven by a similar change in Castellan's key manager options. The deprecated value is still supported for backward compatibility. Closes-Bug: #1732998 Change-Id: I5036c8de9a429f22e1828b4e37735f4aa47bd858
2017-11-17 16:09:50 -05:00 · 2017-11-17 16:09:50 -05:00 · bcc8ccccb1
parent 648c5a91b3
commit bcc8ccccb1
6 changed files with 85 additions and 18 deletions
--- a/manifests/profile/base/cinder/api.pp
+++ b/manifests/profile/base/cinder/api.pp
@ -43,24 +43,34 @@
 #   (Optional) Whether TLS in the internal network is enabled or not.
 #   Defaults to hiera('enable_internal_tls', false)
 #
-# [*keymgr_api_class*]
-#   (Optional) The encryption key manager API class. The default value
+# [*keymgr_backend*]
+#   (Optional) The encryption key manager backend. The default value
 #   ensures Cinder's legacy key manager is enabled when no hiera value is
 #   specified.
-#   Defaults to hiera('cinder::api::keymgr_api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager')
+#   Defaults to hiera('cinder::api::keymgr_backend', 'cinder.keymgr.conf_key_mgr.ConfKeyManager')
 #
 # [*step*]
 #   (Optional) The current step in deployment. See tripleo-heat-templates
 #   for more details.
 #   Defaults to hiera('step')
 #
+# DEPRECATED PARAMETERS
+#
+# [*keymgr_api_class*]
+#   (Optional) Deprecated. The encryption key manager API class. The default value
+#   ensures Cinder's legacy key manager is enabled when no hiera value is
+#   specified.
+#   Defaults to undef.
+#
 class tripleo::profile::base::cinder::api (
  $bootstrap_node                = hiera('bootstrap_nodeid', undef),
  $certificates_specs            = hiera('apache_certificates_specs', {}),
  $cinder_api_network            = hiera('cinder_api_network', undef),
  $enable_internal_tls           = hiera('enable_internal_tls', false),
-  $keymgr_api_class              = hiera('cinder::api::keymgr_api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager'),
+  $keymgr_backend                = hiera('cinder::api::keymgr_backend', 'cinder.keymgr.conf_key_mgr.ConfKeyManager'),
  $step                          = Integer(hiera('step')),
+  # DEPRECATED PARAMETERS
+  $keymgr_api_class              = undef,
 ) {
  if $::hostname == downcase($bootstrap_node) {
    $sync_db = true
@ -82,8 +92,15 @@ class tripleo::profile::base::cinder::api (
  }

  if $step >= 4 or ($step >= 3 and $sync_db) {
+    if $keymgr_api_class {
+      warning('The keymgr_api_class parameter is deprecated, use keymgr_backend')
+      $keymgr_backend_real = $keymgr_api_class
+    } else {
+      $keymgr_backend_real = $keymgr_backend
+    }
+
    class { '::cinder::api':
-      keymgr_api_class => $keymgr_api_class,
+      keymgr_backend => $keymgr_backend_real,
    }
    include ::tripleo::profile::base::apache
    class { '::cinder::wsgi::apache':
--- a/manifests/profile/base/nova/compute.pp
+++ b/manifests/profile/base/nova/compute.pp
@ -27,25 +27,42 @@
 #   (Optional) Whether or not Cinder is backed by NFS.
 #   Defaults to hiera('cinder_enable_nfs_backend', false)
 #
-# [*keymgr_api_class*]
-#   (Optional) The encryption key manager API class. The default value
+# [*keymgr_backend*]
+#   (Optional) The encryption key manager backend. The default value
 #   ensures Nova's legacy key manager is enabled when no hiera value is
 #   specified.
-#   Defaults to hiera('nova::compute::keymgr_api_class', 'nova.keymgr.conf_key_mgr.ConfKeyManager')
+#   Defaults to hiera('nova::compute::keymgr_backend', 'nova.keymgr.conf_key_mgr.ConfKeyManager')
+#
+# DEPRECATED PARAMETERS
+#
+# [*keymgr_api_class*]
+#   (Optional) Deprecated. The encryption key manager API class. The default value
+#   ensures Nova's legacy key manager is enabled when no hiera value is
+#   specified.
+#   Defaults to undef.
 #
 class tripleo::profile::base::nova::compute (
  $step               = Integer(hiera('step')),
  $cinder_nfs_backend = hiera('cinder_enable_nfs_backend', false),
-  $keymgr_api_class   = hiera('nova::compute::keymgr_api_class', 'nova.keymgr.conf_key_mgr.ConfKeyManager'),
+  $keymgr_backend     = hiera('nova::compute::keymgr_backend', 'nova.keymgr.conf_key_mgr.ConfKeyManager'),
+  # DEPRECATED PARAMETERS
+  $keymgr_api_class   = undef,
 ) {

  if $step >= 4 {
    # deploy basic bits for nova
    include ::tripleo::profile::base::nova

+    if $keymgr_api_class {
+      warning('The keymgr_api_class parameter is deprecated, use keymgr_backend')
+      $keymgr_backend_real = $keymgr_api_class
+    } else {
+      $keymgr_backend_real = $keymgr_backend
+    }
+
    # deploy basic bits for nova-compute
    class { '::nova::compute':
-      keymgr_api_class => $keymgr_api_class,
+      keymgr_backend => $keymgr_backend_real,
    }
    # If Service['nova-conductor'] is in catalog, make sure we start it
    # before nova-compute.
--- a/releasenotes/notes/key-manager-backend-e8bd95b728bb0d0e.yaml
+++ b/releasenotes/notes/key-manager-backend-e8bd95b728bb0d0e.yaml
@ -0,0 +1,6 @@
+---
+deprecations:
+  - |
+    The keymgr_api_class parameter is deprecated in favor of an equivalent
+    keymgr_backend option. The deprecated keymgr_api_class is still supported
+    for backward compatibility.
--- a/spec/classes/tripleo_profile_base_cinder_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_api_spec.rb
@ -46,7 +46,7 @@ describe 'tripleo::profile::base::cinder::api' do
      it 'should trigger complete configuration' do
        is_expected.to contain_class('cinder::api').with(
          # Verify legacy key manager is enabled when none is set in hiera.
-          :keymgr_api_class => 'cinder.keymgr.conf_key_mgr.ConfKeyManager',
+          :keymgr_backend => 'cinder.keymgr.conf_key_mgr.ConfKeyManager',
        )
        is_expected.to contain_class('cinder::ceilometer')
      end
@ -72,13 +72,25 @@ describe 'tripleo::profile::base::cinder::api' do
      it 'should trigger complete configuration' do
        is_expected.to contain_class('cinder::api').with(
          # Verify proper key manager is enabled when value is set in hiera.
-          :keymgr_api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
+          :keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
        )
        is_expected.to contain_class('cinder::ceilometer')
      end
    end
-  end

+    context 'with deprecated keymgr parameters' do
+      let(:params) { {
+        :step             => 4,
+        :keymgr_api_class => 'some.other.key_manager',
+      } }
+
+      it 'should use deprecated keymgr parameters' do
+        is_expected.to contain_class('cinder::api').with(
+          :keymgr_backend => 'some.other.key_manager',
+        )
+      end
+    end
+  end

  on_supported_os.each do |os, facts|
    context "on #{os}" do
--- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
@ -28,7 +28,7 @@ describe 'tripleo::profile::base::nova::compute' do
      it {
        is_expected.to contain_class('tripleo::profile::base::nova::compute').with(
          # Verify legacy key manager is enabled when none is set in hiera.
-          :keymgr_api_class => 'nova.keymgr.conf_key_mgr.ConfKeyManager',
+          :keymgr_backend => 'nova.keymgr.conf_key_mgr.ConfKeyManager',
        )

        is_expected.to_not contain_class('tripleo::profile::base::nova')
@ -59,16 +59,31 @@ eos
        it {
          is_expected.to contain_class('tripleo::profile::base::nova::compute').with(
            # Verify proper key manager is enabled when value is set in hiera.
-            :keymgr_api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
+            :keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
          )
          is_expected.to contain_class('tripleo::profile::base::nova')
          is_expected.to contain_class('tripleo::profile::base::nova')
-          is_expected.to contain_class('nova::compute')
+          is_expected.to contain_class('nova::compute').with(
+            :keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
+          )
          is_expected.to contain_class('nova::network::neutron')
          is_expected.to_not contain_package('nfs-utils')
        }
      end

+      context 'with deprecated keymgr parameters' do
+        let(:params) { {
+          :step             => 4,
+          :keymgr_api_class => 'some.other.key_manager',
+        } }
+
+        it 'should use deprecated keymgr parameters' do
+          is_expected.to contain_class('nova::compute').with(
+            :keymgr_backend => 'some.other.key_manager',
+          )
+        end
+      end
+
      context 'cinder nfs backend' do
        let(:params) { { :step => 4, :cinder_nfs_backend => true } }

--- a/spec/fixtures/hieradata/step4.yaml
+++ b/spec/fixtures/hieradata/step4.yaml
@ -1,7 +1,7 @@
 ---
 step: 4
-cinder::api::keymgr_api_class: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
-nova::compute::keymgr_api_class: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
+cinder::api::keymgr_backend: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
+nova::compute::keymgr_backend: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
 # items needed for tripleo::profile::base::cinder::volume
 tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: '127.0.0.1'
 tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: