Use memcached for token caching in authtoken for telemetry services

Use memcached to cache token in authtoken middleware for telemetry
services(gnocchi, aodh and panko), as in-process cache, which we
currently use, was already deprecated[1].

[1] Ied2b88c8cefe5655a88d0c2f334de04e588fa75a

Change-Id: Ib9a881ab52d44c77eeef1716cb4e9f6340735ebc

manifests/profile/base/aodh/api.pp

@@ -63,6 +63,7 @@ class tripleo::profile::base::aodh::api (
   }
 
   include ::tripleo::profile::base::aodh
+  include ::tripleo::profile::base::aodh::authtoken
 
   if $enable_internal_tls {
     if !$aodh_network {

manifests/profile/base/aodh/authtoken.pp

@@ -0,0 +1,44 @@
+# Copyright 2019 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::aodh::authtoken
+#
+# Aodh authtoken profile for TripleO
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+# [*memcached_ips*]
+#   (Optional) Array of ipv4 or ipv6 addresses for memcache.
+#   Defaults to hiera('memcached_node_ips')
+#
+class tripleo::profile::base::aodh::authtoken (
+  $step                = Integer(hiera('step')),
+  $memcached_ips       = hiera('memcached_node_ips'),
+) {
+
+  if $step >= 3 {
+    if is_ipv6_address($memcached_ips[0]) {
+      $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
+    } else {
+      $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
+    }
+
+    class { '::aodh::keystone::authtoken':
+      memcached_servers => $memcache_servers
+    }
+  }
+}

manifests/profile/base/gnocchi/api.pp

@@ -87,6 +87,7 @@ class tripleo::profile::base::gnocchi::api (
   }
 
   include ::tripleo::profile::base::gnocchi
+  include ::tripleo::profile::base::gnocchi::authtoken
 
   if $enable_internal_tls {
     if !$gnocchi_network {

manifests/profile/base/gnocchi/authtoken.pp

@@ -0,0 +1,44 @@
+# Copyright 2019 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::gnocchi::authtoken
+#
+# Gnocchi authtoken profile for TripleO
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+# [*memcached_ips*]
+#   (Optional) Array of ipv4 or ipv6 addresses for memcache.
+#   Defaults to hiera('memcached_node_ips')
+#
+class tripleo::profile::base::gnocchi::authtoken (
+  $step                = Integer(hiera('step')),
+  $memcached_ips       = hiera('memcached_node_ips'),
+) {
+
+  if $step >= 3 {
+    if is_ipv6_address($memcached_ips[0]) {
+      $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
+    } else {
+      $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
+    }
+
+    class { '::gnocchi::keystone::authtoken':
+      memcached_servers => $memcache_servers
+    }
+  }
+}

manifests/profile/base/panko/api.pp

@@ -67,6 +67,7 @@ class tripleo::profile::base::panko::api (
   }
 
   include ::tripleo::profile::base::panko
+  include ::tripleo::profile::base::panko::authtoken
 
   if $enable_internal_tls {
     if !$panko_network {

manifests/profile/base/panko/authtoken.pp

@@ -0,0 +1,44 @@
+# Copyright 2019 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::panko::authtoken
+#
+# Panko authtoken profile for TripleO
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+# [*memcached_ips*]
+#   (Optional) Array of ipv4 or ipv6 addresses for memcache.
+#   Defaults to hiera('memcached_node_ips')
+#
+class tripleo::profile::base::panko::authtoken (
+  $step                = Integer(hiera('step')),
+  $memcached_ips       = hiera('memcached_node_ips'),
+) {
+
+  if $step >= 3 {
+    if is_ipv6_address($memcached_ips[0]) {
+      $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
+    } else {
+      $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
+    }
+
+    class { '::panko::keystone::authtoken':
+      memcached_servers => $memcache_servers
+    }
+  }
+}

spec/classes/tripleo_profile_base_aodh_api_spec.rb

@@ -17,6 +17,11 @@
 require 'spec_helper'
 
 describe 'tripleo::profile::base::aodh::api' do
+
+  before :each do
+    facts.merge!({ :step => params[:step] })
+  end
+
   shared_examples_for 'tripleo::profile::base::aodh::api' do
     let(:pre_condition) do
       "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }"

spec/classes/tripleo_profile_base_aodh_authtoken_spec.rb

@@ -0,0 +1,70 @@
+#
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::aodh::authtoken' do
+  shared_examples_for 'tripleo::profile::base::aodh::authtoken' do
+    context 'with step less than 3' do
+      let(:params) { {
+        :step => 1,
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::aodh::authtoken')
+        is_expected.to_not contain_class('aodh::keystone::authtoken')
+      }
+    end
+
+    context 'with step 3' do
+      let(:params) { {
+        :step => 3,
+        :memcached_ips => '127.0.0.1',
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::aodh::authtoken')
+        is_expected.to contain_class('aodh::keystone::authtoken').with(
+            :memcached_servers => ['127.0.0.1:11211'])
+      }
+    end
+
+    context 'with step 3 with ipv6' do
+      let(:params) { {
+        :step     => 3,
+        :memcached_ips => '::1',
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::aodh::authtoken')
+        is_expected.to contain_class('aodh::keystone::authtoken').with(
+            :memcached_servers => ['[::1]:11211'])
+      }
+    end
+
+  end
+
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts.merge({ :hostname => 'node.example.com' })
+      end
+
+      it_behaves_like 'tripleo::profile::base::aodh::authtoken'
+    end
+  end
+end

spec/classes/tripleo_profile_base_gnocchi_api_spec.rb

@@ -17,6 +17,11 @@
 require 'spec_helper'
 
 describe 'tripleo::profile::base::gnocchi::api' do
+
+  before :each do
+    facts.merge!({ :step => params[:step] })
+  end
+
   shared_examples_for 'tripleo::profile::base::gnocchi::api' do
     let(:pre_condition) do
       "

spec/classes/tripleo_profile_base_gnocchi_authtoken_spec.rb

@@ -0,0 +1,70 @@
+#
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::gnocchi::authtoken' do
+  shared_examples_for 'tripleo::profile::base::gnocchi::authtoken' do
+    context 'with step less than 3' do
+      let(:params) { {
+        :step => 1,
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken')
+        is_expected.to_not contain_class('gnocchi::keystone::authtoken')
+      }
+    end
+
+    context 'with step 3' do
+      let(:params) { {
+        :step => 3,
+        :memcached_ips => '127.0.0.1',
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken')
+        is_expected.to contain_class('gnocchi::keystone::authtoken').with(
+            :memcached_servers => ['127.0.0.1:11211'])
+      }
+    end
+
+    context 'with step 3 with ipv6' do
+      let(:params) { {
+        :step     => 3,
+        :memcached_ips => '::1',
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken')
+        is_expected.to contain_class('gnocchi::keystone::authtoken').with(
+            :memcached_servers => ['[::1]:11211'])
+      }
+    end
+
+  end
+
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts.merge({ :hostname => 'node.example.com' })
+      end
+
+      it_behaves_like 'tripleo::profile::base::gnocchi::authtoken'
+    end
+  end
+end

spec/classes/tripleo_profile_base_panko_authtoken_spec.rb

@@ -0,0 +1,70 @@
+#
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::panko::authtoken' do
+  shared_examples_for 'tripleo::profile::base::panko::authtoken' do
+    context 'with step less than 3' do
+      let(:params) { {
+        :step => 1,
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::panko::authtoken')
+        is_expected.to_not contain_class('panko::keystone::authtoken')
+      }
+    end
+
+    context 'with step 3' do
+      let(:params) { {
+        :step => 3,
+        :memcached_ips => '127.0.0.1',
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::panko::authtoken')
+        is_expected.to contain_class('panko::keystone::authtoken').with(
+            :memcached_servers => ['127.0.0.1:11211'])
+      }
+    end
+
+    context 'with step 3 with ipv6' do
+      let(:params) { {
+        :step     => 3,
+        :memcached_ips => '::1',
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::panko::authtoken')
+        is_expected.to contain_class('panko::keystone::authtoken').with(
+            :memcached_servers => ['[::1]:11211'])
+      }
+    end
+
+  end
+
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts.merge({ :hostname => 'node.example.com' })
+      end
+
+      it_behaves_like 'tripleo::profile::base::panko::authtoken'
+    end
+  end
+end

spec/fixtures/hieradata/default.yaml

@@ -65,6 +65,8 @@ nova_placement_short_bootstrap_node_name: node
 nova::rabbit_password: 'password'
 nova::keystone::authtoken::password: 'password'
 nova::network::neutron::neutron_password: 'password'
+# panko related items
+panko::keystone::authtoken::password: 'password'
 # placement related items
 placement_api_short_bootstrap_node_name: node
 placement_short_bootstrap_node_name: node