Refactor how key manager backend is set

This change refactors current implementation to determine key manager backend for cinder and nova, based on the following two points. - keymgr_api_class was deprecated a while ago. We can remove this parameter now. - We don't have to redefine the parameter in puppet-tripleo layer but we can use the parameter implemented in puppet-nova or puppet-cinder directly. Change-Id: I265ac3762823ea8930cc43150dc7b317f337f709
2021-01-24 13:36:32 +09:00 · 2021-01-24 13:36:32 +09:00 · c376d64e5f
commit c376d64e5f
parent dddf1b5751
5 changed files with 53 additions and 51 deletions
--- a/manifests/profile/base/cinder/api.pp
+++ b/manifests/profile/base/cinder/api.pp
@ -43,12 +43,6 @@
 #   (Optional) Whether TLS in the internal network is enabled or not.
 #   Defaults to hiera('enable_internal_tls', false)
 #
-# [*keymgr_backend*]
-#   (Optional) The encryption key manager backend. The default value
-#   ensures Cinder's legacy key manager is enabled when no hiera value is
-#   specified.
-#   Defaults to hiera('cinder::api::keymgr_backend', 'cinder.keymgr.conf_key_mgr.ConfKeyManager')
-#
 # [*default_volume_type*]
 #   (Optional) The name of the default volume type.
 #   Defaults to hiera('cinder::api::default_volume_type', '')
@ -58,14 +52,23 @@
 #   for more details.
 #   Defaults to hiera('step')
 #
+# DEPRECATED PARAMETERS
+#
+# [*keymgr_backend*]
+#   (Optional) The encryption key manager backend. The default value
+#   ensures Cinder's legacy key manager is enabled when no hiera value is
+#   specified.
+#   Defaults to undef
+#
 class tripleo::profile::base::cinder::api (
  $bootstrap_node                = hiera('cinder_api_short_bootstrap_node_name', undef),
  $certificates_specs            = hiera('apache_certificates_specs', {}),
  $cinder_api_network            = hiera('cinder_api_network', undef),
  $enable_internal_tls           = hiera('enable_internal_tls', false),
-  $keymgr_backend                = hiera('cinder::api::keymgr_backend', 'cinder.keymgr.conf_key_mgr.ConfKeyManager'),
  $default_volume_type           = hiera('cinder::api::default_volume_type', ''),
  $step                          = Integer(hiera('step')),
+  # DEPRECATED PARAMETERS
+  $keymgr_backend                = undef,
 ) {
  if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
    $sync_db = true
@ -88,9 +91,16 @@ class tripleo::profile::base::cinder::api (
  }

  if $step >= 4 or ($step >= 3 and $sync_db) {
-    class { 'cinder::api':
-      sync_db        => $sync_db,
-      keymgr_backend => $keymgr_backend,
+    if keymgr_backend != undef {
+      warning('The keymgr_backend parameter has been deprecated')
+      class { 'cinder::api':
+        sync_db        => $sync_db,
+        keymgr_backend => $keymgr_backend,
+      }
+    } else {
+      class { 'cinder::api':
+        sync_db => $sync_db,
+      }
    }
    include tripleo::profile::base::apache
    class { 'cinder::wsgi::apache':
--- a/manifests/profile/base/nova/compute.pp
+++ b/manifests/profile/base/nova/compute.pp
@ -31,16 +31,10 @@
 #   (Optional) Whether or not Nova is backed by NFS.
 #   Defaults to false
 #
-# [*keymgr_backend*]
-#   (Optional) The encryption key manager backend. The default value
-#   ensures Nova's legacy key manager is enabled when no hiera value is
-#   specified.
-#   Defaults to hiera('nova::compute::keymgr_backend', 'nova.keymgr.conf_key_mgr.ConfKeyManager')
-#
 # DEPRECATED PARAMETERS
 #
-# [*keymgr_api_class*]
-#   (Optional) Deprecated. The encryption key manager API class. The default value
+# [*keymgr_backend*]
+#   (Optional) The encryption key manager backend. The default value
 #   ensures Nova's legacy key manager is enabled when no hiera value is
 #   specified.
 #   Defaults to undef.
@ -49,9 +43,8 @@ class tripleo::profile::base::nova::compute (
  $step               = Integer(hiera('step')),
  $cinder_nfs_backend = hiera('cinder_enable_nfs_backend', false),
  $nova_nfs_enabled   = hiera('nova_nfs_enabled', false),
-  $keymgr_backend     = hiera('nova::compute::keymgr_backend', 'nova.keymgr.conf_key_mgr.ConfKeyManager'),
  # DEPRECATED PARAMETERS
-  $keymgr_api_class   = undef,
+  $keymgr_backend     = undef
 ) {

  if $step >= 4 {
@ -61,17 +54,16 @@ class tripleo::profile::base::nova::compute (
    include nova::vendordata
    include nova::glance

-    if $keymgr_api_class {
-      warning('The keymgr_api_class parameter is deprecated, use keymgr_backend')
-      $keymgr_backend_real = $keymgr_api_class
+    # deploy basic bits for nova-compute
+    if keymgr_backend != undef {
+      warning('The keymgr_backend parameter has been deprecated')
+      class { 'nova::compute':
+        keymgr_backend => $keymgr_backend
+      }
    } else {
-      $keymgr_backend_real = $keymgr_backend
+      class { 'nova::compute': }
    }

-    # deploy basic bits for nova-compute
-    class { 'nova::compute':
-      keymgr_backend => $keymgr_backend_real,
-    }
    include nova::compute::pci
    # If Service['nova-conductor'] is in catalog, make sure we start it
    # before nova-compute.
--- a/spec/classes/tripleo_profile_base_cinder_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_api_spec.rb
@ -49,9 +49,7 @@ describe 'tripleo::profile::base::cinder::api' do
        is_expected.to contain_class('tripleo::profile::base::cinder')
        is_expected.to contain_class('tripleo::profile::base::cinder::authtoken')
        is_expected.to contain_class('cinder::api').with(
-          :sync_db        => true,
-          # Verify legacy key manager is enabled when none is set in hiera.
-          :keymgr_backend => 'cinder.keymgr.conf_key_mgr.ConfKeyManager',
+          :sync_db => true,
        )
        is_expected.to contain_class('tripleo::profile::base::apache')
      end
@ -83,8 +81,7 @@ describe 'tripleo::profile::base::cinder::api' do
        is_expected.to contain_class('tripleo::profile::base::cinder')
        is_expected.to contain_class('tripleo::profile::base::cinder::authtoken')
        is_expected.to contain_class('cinder::api').with(
-          :sync_db        => true,
-          :keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
+          :sync_db => true,
        )
        is_expected.to contain_class('tripleo::profile::base::apache')
      end
@ -101,12 +98,26 @@ describe 'tripleo::profile::base::cinder::api' do
        is_expected.to contain_class('tripleo::profile::base::cinder')
        is_expected.to contain_class('tripleo::profile::base::cinder::authtoken')
        is_expected.to contain_class('cinder::api').with(
-          :sync_db        => false,
-          :keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
+          :sync_db => false,
        )
        is_expected.to contain_class('tripleo::profile::base::apache')
      end
    end
+
+    context 'with step 4 and deprecated keymgr parameters' do
+      let(:params) { {
+        :step           => 4,
+        :bootstrap_node => 'other.example.com',
+        :keymgr_backend => 'some.other.key_manager',
+      } }
+
+      it 'should set keymgr_backend' do
+        is_expected.to contain_class('cinder::api').with(
+          :sync_db        => false,
+          :keymgr_backend => 'some.other.key_manager',
+        )
+      end
+    end
  end

  on_supported_os.each do |os, facts|
--- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
@ -26,11 +26,7 @@ describe 'tripleo::profile::base::nova::compute' do
      let(:params) { { :step => 1, } }

      it {
-        is_expected.to contain_class('tripleo::profile::base::nova::compute').with(
-          # Verify legacy key manager is enabled when none is set in hiera.
-          :keymgr_backend => 'nova.keymgr.conf_key_mgr.ConfKeyManager',
-        )
-
+        is_expected.to contain_class('tripleo::profile::base::nova::compute')
        is_expected.to_not contain_class('tripleo::profile::base::nova')
        is_expected.to_not contain_class('nova::cinder')
        is_expected.to_not contain_class('nova::vendordata')
@ -59,16 +55,11 @@ eos
        let(:params) { { :step => 4, } }

        it {
-          is_expected.to contain_class('tripleo::profile::base::nova::compute').with(
-            # Verify proper key manager is enabled when value is set in hiera.
-            :keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
-          )
+          is_expected.to contain_class('tripleo::profile::base::nova::compute')
          is_expected.to contain_class('tripleo::profile::base::nova')
          is_expected.to contain_class('nova::cinder')
          is_expected.to contain_class('nova::vendordata')
-          is_expected.to contain_class('nova::compute').with(
-            :keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
-          )
+          is_expected.to contain_class('nova::compute')
          is_expected.to contain_class('nova::network::neutron')
          is_expected.to_not contain_package('nfs-utils')
        }
@ -76,8 +67,8 @@ eos

      context 'with deprecated keymgr parameters' do
        let(:params) { {
-          :step             => 4,
-          :keymgr_api_class => 'some.other.key_manager',
+          :step           => 4,
+          :keymgr_backend => 'some.other.key_manager',
        } }

        it 'should use deprecated keymgr parameters' do
--- a/spec/fixtures/hieradata/step4.yaml
+++ b/spec/fixtures/hieradata/step4.yaml
@ -1,8 +1,6 @@
 ---
 step: 4
 cinder::api::default_volume_type: 'tripleo'
-cinder::api::keymgr_backend: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
-nova::compute::keymgr_backend: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
 # items needed for tripleo::profile::base::cinder::volume
 tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: '127.0.0.1'
 tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: