From 1d3bffd18b903aba95e5590b3c8444334d21a656 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 4 May 2020 21:48:45 +0900 Subject: [PATCH] Use service credential parameters to define keystone v3 auth Change-Id: I67ac8b41365e1d6f90b8982659b9fd52744d2ad7 --- examples/site.pp | 17 ++- manifests/api.pp | 25 +--- manifests/api/service_credentials.pp | 71 +++++++++++ manifests/conductor.pp | 9 +- manifests/conductor/service_credentials.pp | 71 +++++++++++ manifests/guestagent.pp | 34 ++---- manifests/guestagent/service_credentials.pp | 65 ++++++++++ manifests/init.pp | 45 +++---- manifests/taskmanager.pp | 17 +-- manifests/taskmanager/service_credentials.pp | 71 +++++++++++ .../keystone-v3-auth-1572c6fe82f65b8b.yaml | 29 +++++ .../trove_api_service_credentials_spec.rb | 73 +++++++++++ spec/classes/trove_api_spec.rb | 115 +++++++++++------- ...rove_conductor_service_credentials_spec.rb | 73 +++++++++++ spec/classes/trove_conductor_spec.rb | 65 ++++++---- ...ove_guestagent_service_credentials_spec.rb | 70 +++++++++++ spec/classes/trove_guestagent_spec.rb | 38 ++++-- ...ve_taskmanager_service_credentials_spec.rb | 73 +++++++++++ spec/classes/trove_taskmanager_spec.rb | 108 ++++++++++------ 19 files changed, 877 insertions(+), 192 deletions(-) create mode 100644 manifests/api/service_credentials.pp create mode 100644 manifests/conductor/service_credentials.pp create mode 100644 manifests/guestagent/service_credentials.pp create mode 100644 manifests/taskmanager/service_credentials.pp create mode 100644 releasenotes/notes/keystone-v3-auth-1572c6fe82f65b8b.yaml create mode 100644 spec/classes/trove_api_service_credentials_spec.rb create mode 100644 spec/classes/trove_conductor_service_credentials_spec.rb create mode 100644 spec/classes/trove_guestagent_service_credentials_spec.rb create mode 100644 spec/classes/trove_taskmanager_service_credentials_spec.rb diff --git a/examples/site.pp b/examples/site.pp index 0034405c..f2fa3f0e 100644 --- a/examples/site.pp +++ b/examples/site.pp @@ -19,7 +19,22 @@ class { 'trove::db::mysql': class { 'trove': database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', default_transport_url => 'rabbit://trove:an_even_bigger_secret@10.0.0.1:5672/trove', - nova_proxy_admin_pass => 'novapass', +} + +class { 'trove::api::service_credentials': + password => 'verysecrete', +} + +class { 'trove::conductor::service_credentials': + password => 'verysecrete', +} + +class { 'trove::task_manager::service_credentials': + password => 'verysecrete', +} + +class { 'trove::guestagent::service_credentials': + password => 'verysecrete', } class { 'trove::api': diff --git a/manifests/api.pp b/manifests/api.pp index d9e60c73..a7e2306a 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -119,16 +119,14 @@ class trove::api( include trove::db include trove::db::sync include trove::params + include trove::api::service_credentials # basic service config trove_config { - 'DEFAULT/bind_host': value => $bind_host; - 'DEFAULT/bind_port': value => $bind_port; - 'DEFAULT/backlog': value => $backlog; - 'DEFAULT/trove_api_workers': value => $workers; - 'DEFAULT/nova_proxy_admin_user': value => $::trove::nova_proxy_admin_user; - 'DEFAULT/nova_proxy_admin_pass': value => $::trove::nova_proxy_admin_pass; - 'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name; + 'DEFAULT/bind_host': value => $bind_host; + 'DEFAULT/bind_port': value => $bind_port; + 'DEFAULT/backlog': value => $backlog; + 'DEFAULT/trove_api_workers': value => $workers; } if $::trove::single_tenant_mode { @@ -154,11 +152,6 @@ class trove::api( if $auth_strategy == 'keystone' { include trove::keystone::authtoken - - $trove_auth_url = "${regsubst($::trove::keystone::authtoken::www_authenticate_uri, '(\/v3$|\/v2.0$|\/$)', '')}/v3" - trove_config { - 'DEFAULT/trove_auth_url' : value => $trove_auth_url; - } } # SSL Options @@ -203,14 +196,6 @@ class trove::api( purge => $purge_config, } - # region name - if $::trove::os_region_name { - trove_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name } - } - else { - trove_config {'DEFAULT/os_region_name': ensure => absent } - } - # services type trove_config { 'DEFAULT/nova_compute_service_type': value => $::trove::nova_compute_service_type; diff --git a/manifests/api/service_credentials.pp b/manifests/api/service_credentials.pp new file mode 100644 index 00000000..f4b21fca --- /dev/null +++ b/manifests/api/service_credentials.pp @@ -0,0 +1,71 @@ +# The trove::api::service_credentials class helps configure auth settings +# +# == Parameters +# [*auth_url*] +# (optional) the keystone public endpoint +# Defaults to undef +# +# [*region_name*] +# (optional) the keystone region of this node +# Optional. Defaults to 'RegionOne' +# +# [*username*] +# (optional) the keystone user for trove services +# Defaults to 'trove' +# +# [*password*] +# (required) the keystone password for trove services +# +# [*project_name*] +# (optional) the keystone tenant name for trove services +# Defaults to 'services' +# +# [*project_domain_name*] +# (optional) the keystone project domain name for trove services +# Defaults to 'Default' +# +# [*user_domain_name*] +# (optional) the keystone user domain name for trove services +# Defaults to 'Default' +# +class trove::api::service_credentials ( + $password = $::os_service_default, + $auth_url = undef, + $region_name = 'RegionOne', + $username = 'trove', + $project_name = 'services', + $project_domain_name = 'Default', + $user_domain_name = 'Default', +) { + + include trove::deps + + if $auth_url == undef { + warning('The auto detection of auth_url from www_authenticate_uri will be \ +removed in a future release. Please set trove::api::service_credentials::auth_url .') + $auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3') + } else { + $auth_url_base = $auth_url + } + $auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3" + + $username_real = pick($::trove::nova_proxy_admin_user, $username) + $password_real = pick($::trove::nova_proxy_admin_pass, $password) + $project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name) + $region_name_real = pick($::trove::os_region_name, $region_name) + + if is_service_default($password_real) { + fail('trove::api::service_credentials::password should be set') + } + + trove_config { + 'service_credentials/auth_url': value => $auth_url_real; + 'service_credentials/username': value => $username_real; + 'service_credentials/password': value => $password_real, secret => true; + 'service_credentials/project_name': value => $project_name_real; + 'service_credentials/project_domain_name': value => $project_domain_name; + 'service_credentials/user_domain_name': value => $user_domain_name; + 'service_credentials/region_name': value => $region_name_real; + } + +} diff --git a/manifests/conductor.pp b/manifests/conductor.pp index 4431d022..aba8d2b1 100644 --- a/manifests/conductor.pp +++ b/manifests/conductor.pp @@ -76,6 +76,7 @@ class trove::conductor( include trove::deps include trove::params + include trove::conductor::service_credentials if $::trove::database_connection { if($::trove::database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) { @@ -95,14 +96,10 @@ class trove::conductor( } # basic service config - $trove_auth_url = "${regsubst($auth_url, '(\/v3$|\/v2.0$|\/$)', '')}/v3" trove_conductor_config { - 'DEFAULT/trove_auth_url': value => $trove_auth_url; - 'DEFAULT/nova_proxy_admin_user': value => $::trove::nova_proxy_admin_user; - 'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name; - 'DEFAULT/nova_proxy_admin_pass': value => $::trove::nova_proxy_admin_pass; - 'DEFAULT/trove_conductor_workers': value => $workers; + 'DEFAULT/trove_conductor_workers': value => $workers; } + # profiler config trove_conductor_config { 'profiler/enabled': value => $enable_profiler; diff --git a/manifests/conductor/service_credentials.pp b/manifests/conductor/service_credentials.pp new file mode 100644 index 00000000..077f82e1 --- /dev/null +++ b/manifests/conductor/service_credentials.pp @@ -0,0 +1,71 @@ +# The trove::conductor::service_credentials class helps configure auth settings +# +# == Parameters +# [*auth_url*] +# (optional) the keystone public endpoint +# Defaults to undef +# +# [*region_name*] +# (optional) the keystone region of this node +# Optional. Defaults to 'RegionOne' +# +# [*username*] +# (optional) the keystone user for trove services +# Defaults to 'trove' +# +# [*password*] +# (required) the keystone password for trove services +# +# [*project_name*] +# (optional) the keystone tenant name for trove services +# Defaults to 'services' +# +# [*project_domain_name*] +# (optional) the keystone project domain name for trove services +# Defaults to 'Default' +# +# [*user_domain_name*] +# (optional) the keystone user domain name for trove services +# Defaults to 'Default' +# +class trove::conductor::service_credentials ( + $password = $::os_service_default, + $auth_url = undef, + $region_name = 'RegionOne', + $username = 'trove', + $project_name = 'services', + $project_domain_name = 'Default', + $user_domain_name = 'Default', +) { + + include trove::deps + + if $auth_url == undef { + warning('The auto detection of auth_url from www_authenticate_uri will be \ +removed in a future release. Please set trove::conductor::service_credentials::auth_url .') + $auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3') + } else { + $auth_url_base = $auth_url + } + $auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3" + + $username_real = pick($::trove::nova_proxy_admin_user, $username) + $password_real = pick($::trove::nova_proxy_admin_pass, $password) + $project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name) + $region_name_real = pick($::trove::os_region_name, $region_name) + + if is_service_default(password_real) { + fail('trove::conductor::service_credentials::password should be set') + } + + trove_conductor_config { + 'service_credentials/auth_url': value => $auth_url_real; + 'service_credentials/username': value => $username_real; + 'service_credentials/password': value => $password_real, secret => true; + 'service_credentials/project_name': value => $project_name_real; + 'service_credentials/project_domain_name': value => $project_domain_name; + 'service_credentials/user_domain_name': value => $user_domain_name; + 'service_credentials/region_name': value => $region_name_real; + } + +} diff --git a/manifests/guestagent.pp b/manifests/guestagent.pp index b7b3fda5..56acad96 100644 --- a/manifests/guestagent.pp +++ b/manifests/guestagent.pp @@ -38,10 +38,6 @@ # (optional) Syslog facility to receive log lines. # Defaults to 'LOG_USER'. # -# [*auth_url*] -# (optional) Authentication URL. -# Defaults to 'http://localhost:5000/v3'. -# # [*swift_url*] # (optional) Swift URL. If this is unset in the class, Trove will # lookup the URL using the Keystone catalog. @@ -64,12 +60,6 @@ # guests need to talk to the rabbit cluster via # a different ssl connection option. # -# [*backup_aes_cbc_key*] -# (optional) Default OpenSSL aes_cbc key -# Defaults to $::os_service_default. -# -# DEPRECATED PARAMETERS -# # [*root_grant*] # (optional) Permissions to grant "root" user. # Defaults to $::os_service_default. @@ -82,10 +72,20 @@ # (optional) Default password Length for root password. # Defaults to $::os_service_default. # +# [*backup_aes_cbc_key*] +# (optional) Default OpenSSL aes_cbc key +# Defaults to $::os_service_default. +# +# DEPRECATED PARAMETERS +# # [*control_exchange*] # (Optional) Moved to init.pp. The default exchange to scope topics. # Defaults to undef. # +# [*auth_url*] +# (optional) Authentication URL. +# Defaults to undef. +# class trove::guestagent( $enabled = true, $manage_service = true, @@ -95,7 +95,6 @@ class trove::guestagent( $log_dir = '/var/log/trove', $use_syslog = $::os_service_default, $log_facility = $::os_service_default, - $auth_url = 'http://localhost:5000/v3', $swift_url = $::os_service_default, $swift_service_type = $::os_service_default, $default_transport_url = $::trove::default_transport_url, @@ -106,21 +105,20 @@ class trove::guestagent( $backup_aes_cbc_key = $::os_service_default, #Deprecated $control_exchange = undef, + $auth_url = undef, ) inherits trove { include trove::deps include trove::params + include trove::guestagent::service_credentials if $control_exchange { warning("control_exchange parameter is deprecated. Please use \ trove::control_exchange instead.") } - $trove_auth_url = "${regsubst($auth_url, '(\/v3$|\/v2.0$|\/$)', '')}/v3" - # basic service config trove_guestagent_config { - 'DEFAULT/trove_auth_url': value => $trove_auth_url; 'DEFAULT/swift_url': value => $swift_url; 'DEFAULT/swift_service_type': value => $swift_service_type; 'DEFAULT/root_grant': value => $root_grant; @@ -135,14 +133,6 @@ trove::control_exchange instead.") rpc_response_timeout => $::trove::rpc_response_timeout, } - # region name - if $::trove::os_region_name { - trove_guestagent_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name } - } - else { - trove_guestagent_config { 'DEFAULT/os_region_name': ensure => absent } - } - oslo::messaging::notifications { 'trove_guestagent_config': transport_url => $::trove::notification_transport_url, driver => $::trove::notification_driver, diff --git a/manifests/guestagent/service_credentials.pp b/manifests/guestagent/service_credentials.pp new file mode 100644 index 00000000..5a53322f --- /dev/null +++ b/manifests/guestagent/service_credentials.pp @@ -0,0 +1,65 @@ +# The trove::guestagent::service_credentials class helps configure auth settings +# +# == Parameters +# [*auth_url*] +# (optional) the keystone public endpoint +# Defaults to undef +# +# [*region_name*] +# (optional) the keystone region of this node +# Optional. Defaults to 'RegionOne' +# +# [*username*] +# (optional) the keystone user for trove services +# Defaults to 'trove' +# +# [*password*] +# (required) the keystone password for trove services +# +# [*project_name*] +# (optional) the keystone tenant name for trove services +# Defaults to 'services' +# +# [*project_domain_name*] +# (optional) the keystone project domain name for trove services +# Defaults to 'Default' +# +# [*user_domain_name*] +# (optional) the keystone user domain name for trove services +# Defaults to 'Default' +# +class trove::guestagent::service_credentials ( + $password = $::os_service_default, + $auth_url = 'http://127.0.0.1:5000/v3', + $region_name = 'RegionOne', + $username = 'trove', + $project_name = 'services', + $project_domain_name = 'Default', + $user_domain_name = 'Default', +) { + + include trove::deps + + $auth_url_base = pick($::trove::guestagent::auth_url, $auth_url) + $auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3" + + $username_real = pick($::trove::nova_proxy_admin_user, $username) + $password_real = pick($::trove::nova_proxy_admin_pass, $password) + $project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name) + $region_name_real = pick($::trove::os_region_name, $region_name) + + if is_service_default(password_real) { + fail('trove::guestagent::service_credentials::password should be set') + } + + trove_guestagent_config { + 'service_credentials/auth_url': value => $auth_url_real; + 'service_credentials/username': value => $username_real; + 'service_credentials/password': value => $password_real, secret => true; + 'service_credentials/project_name': value => $project_name_real; + 'service_credentials/project_domain_name': value => $project_domain_name; + 'service_credentials/user_domain_name': value => $user_domain_name; + 'service_credentials/region_name': value => $region_name_real; + } + +} diff --git a/manifests/init.pp b/manifests/init.pp index 97ae457f..b7f36bdb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -196,17 +196,6 @@ # (optional) URL without the tenant segment. # Defaults to false. # -# [*nova_proxy_admin_user*] -# (optional) Admin username used to connect to nova. -# Defaults to 'admin' -# -# [*nova_proxy_admin_pass*] -# (required) Admin password used to connect to nova. -# -# [*nova_proxy_admin_tenant_name*] -# (optional) Admin tenant name used to connect to nova. -# Defaults to 'admin' -# # [*rpc_response_timeout*] # (Optional) Seconds to wait for a response from a call. # Defaults to $::os_service_default @@ -227,13 +216,6 @@ # (optional) Neutron URL without the tenant segment. # Defaults to false. # -# [*os_region_name*] -# (optional) Sets the os_region_name flag. For environments with -# more than one endpoint per service. If you don't set this and -# you have multiple endpoints, you will get Ambiguous Endpoint -# exceptions in the trove API service. -# Defaults to undef. -# # [*nova_compute_service_type*] # (optional) Nova service type to use when searching catalog. # Defaults to 'compute'. @@ -296,8 +278,26 @@ # (optional) Minimum number of SQL connections to keep open in a pool. # Defaults to: undef. # +# [*nova_proxy_admin_user*] +# (optional) Admin username used to connect to nova. +# Defaults to undef +# +# [*nova_proxy_admin_pass*] +# (optional) Admin password used to connect to nova. +# Defaults to undef +# +# [*nova_proxy_admin_tenant_name*] +# (optional) Admin tenant name used to connect to nova. +# Defaults to undef +# +# [*os_region_name*] +# (optional) Sets the os_region_name flag. For environments with +# more than one endpoint per service. If you don't set this and +# you have multiple endpoints, you will get Ambiguous Endpoint +# exceptions in the trove API service. +# Defaults to undef. +# class trove( - $nova_proxy_admin_pass, $default_transport_url = $::os_service_default, $notification_transport_url = $::os_service_default, $notification_driver = $::os_service_default, @@ -337,14 +337,11 @@ class trove( $database_max_overflow = undef, $single_tenant_mode = false, $nova_compute_url = false, - $nova_proxy_admin_user = 'admin', - $nova_proxy_admin_tenant_name = 'admin', $rpc_response_timeout = $::os_service_default, $control_exchange = 'trove', $cinder_url = false, $swift_url = false, $neutron_url = false, - $os_region_name = undef, $nova_compute_service_type = 'compute', $cinder_service_type = 'volumev2', $swift_service_type = 'object-store', @@ -361,6 +358,10 @@ class trove( $package_ensure = 'present', # DEPRECATED PARAMETERS $database_min_pool_size = undef, + $nova_proxy_admin_user = undef, + $nova_proxy_admin_pass = undef, + $nova_proxy_admin_tenant_name = undef, + $os_region_name = undef, ) { include trove::deps diff --git a/manifests/taskmanager.pp b/manifests/taskmanager.pp index b88e737d..a8b5c766 100644 --- a/manifests/taskmanager.pp +++ b/manifests/taskmanager.pp @@ -107,6 +107,7 @@ class trove::taskmanager( include trove::deps include trove::params + include trove::taskmanager::service_credentials if $default_neutron_networks { warning("trove::taskmanager::default_neutron_networks is deprecated and will be removed in \ @@ -135,23 +136,9 @@ the future release. Please use trove::default_neutron_networks instead.") } } - $trove_auth_url = "${regsubst($auth_url, '(\/v3$|\/v2.0$|\/$)', '')}/v3" - # basic service config trove_taskmanager_config { - 'DEFAULT/trove_auth_url': value => $trove_auth_url; - 'DEFAULT/nova_proxy_admin_user': value => $::trove::nova_proxy_admin_user; - 'DEFAULT/nova_proxy_admin_pass': value => $::trove::nova_proxy_admin_pass; - 'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name; - 'DEFAULT/taskmanager_manager': value => $taskmanager_manager; - } - - # region name - if $::trove::os_region_name { - trove_taskmanager_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name } - } - else { - trove_taskmanager_config {'DEFAULT/os_region_name': ensure => absent } + 'DEFAULT/taskmanager_manager': value => $taskmanager_manager; } # services type diff --git a/manifests/taskmanager/service_credentials.pp b/manifests/taskmanager/service_credentials.pp new file mode 100644 index 00000000..d5416b60 --- /dev/null +++ b/manifests/taskmanager/service_credentials.pp @@ -0,0 +1,71 @@ +# The trove::taskmanager::service_credentials class helps configure auth settings +# +# == Parameters +# [*auth_url*] +# (optional) the keystone public endpoint +# Defaults to undef +# +# [*region_name*] +# (optional) the keystone region of this node +# Optional. Defaults to 'RegionOne' +# +# [*username*] +# (optional) the keystone user for trove services +# Defaults to 'trove' +# +# [*password*] +# (required) the keystone password for trove services +# +# [*project_name*] +# (optional) the keystone tenant name for trove services +# Defaults to 'services' +# +# [*project_domain_name*] +# (optional) the keystone project domain name for trove services +# Defaults to 'Default' +# +# [*user_domain_name*] +# (optional) the keystone user domain name for trove services +# Defaults to 'Default' +# +class trove::taskmanager::service_credentials ( + $password = $::os_service_default, + $auth_url = undef, + $region_name = 'RegionOne', + $username = 'trove', + $project_name = 'services', + $project_domain_name = 'Default', + $user_domain_name = 'Default', +) { + + include trove::deps + + if $auth_url == undef { + warning('The auto detection of auth_url from www_authenticate_uri will be \ +removed in a future release. Please set trove::taskmanager::service_credentials::auth_url .') + $auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3') + } else { + $auth_url_base = $auth_url + } + $auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3" + + $username_real = pick($::trove::nova_proxy_admin_user, $username) + $password_real = pick($::trove::nova_proxy_admin_pass, $password) + $project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name) + $region_name_real = pick($::trove::os_region_name, $region_name) + + if is_service_default($password_real) { + fail('trove::taskmanager::service_credentials::password should be set') + } + + trove_taskmanager_config { + 'service_credentials/auth_url': value => $auth_url_real; + 'service_credentials/username': value => $username_real; + 'service_credentials/password': value => $password_real, secret => true; + 'service_credentials/project_name': value => $project_name_real; + 'service_credentials/project_domain_name': value => $project_domain_name; + 'service_credentials/user_domain_name': value => $user_domain_name; + 'service_credentials/region_name': value => $region_name_real; + } + +} diff --git a/releasenotes/notes/keystone-v3-auth-1572c6fe82f65b8b.yaml b/releasenotes/notes/keystone-v3-auth-1572c6fe82f65b8b.yaml new file mode 100644 index 00000000..2cddf682 --- /dev/null +++ b/releasenotes/notes/keystone-v3-auth-1572c6fe82f65b8b.yaml @@ -0,0 +1,29 @@ +--- +features: + - | + The following classes have been added to set parameters to define service + credentials. + + - ``trove::api::service_credentials`` + - ``trove::conductor::service_credentials`` + - ``trove::guestagent::service_credentials`` + - ``trove::taskmanager::service_credentials`` +deprecations: + - | + The following parameters in ``trove`` class has been deprecated and will + be removed in a future release. Use the parameters in ``trove::auth`` class + to set required parameters for keystone v3 auth. + + - ``nova_proxy_admin_user`` + - ``nova_proxy_admin_pass`` + - ``nova_proxy_admin_tenant_name`` + - ``os_region_name`` + + - | + The auto detection of auth_url parameter from www_authenticate_uri is + deprecated and will be removed in a future release. Please set + auth_url parameter before the detection is removed. + + - | + The ``trove::guestagent::auth_url`` parmaeter has been deprecated. Use + ``trove::taskmanager::service_credentials::auth_url`` instead. diff --git a/spec/classes/trove_api_service_credentials_spec.rb b/spec/classes/trove_api_service_credentials_spec.rb new file mode 100644 index 00000000..3241cf1c --- /dev/null +++ b/spec/classes/trove_api_service_credentials_spec.rb @@ -0,0 +1,73 @@ +# +# Copyright (C) 2020 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +require 'spec_helper' + +describe 'trove::api::service_credentials' do + + shared_examples 'trove::api::service_credentials' do + + context 'with default parameters' do + let :params do + { + :auth_url => 'http://127.0.0.1:5000/v3', + :password => 'verysecrete' + } + end + + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_config('service_credentials/username').with_value('trove') + is_expected.to contain_trove_config('service_credentials/password').with_value('verysecrete').with_secret(true) + is_expected.to contain_trove_config('service_credentials/project_name').with_value('services') + is_expected.to contain_trove_config('service_credentials/region_name').with_value('RegionOne') + is_expected.to contain_trove_config('service_credentials/user_domain_name').with_value('Default') + is_expected.to contain_trove_config('service_credentials/project_domain_name').with_value('Default') + end + end + + context 'when overriding defaults' do + let :params do + { + :auth_url => 'http://127.0.0.1:5000/v3', + :password => 'verysecrete', + :username => 'trove2', + :project_name => 'services2', + :region_name => 'RegionTwo', + :user_domain_name => 'MyDomain', + :project_domain_name => 'MyDomain', + } + end + + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_config('service_credentials/username').with_value('trove2') + is_expected.to contain_trove_config('service_credentials/project_name').with_value('services2') + is_expected.to contain_trove_config('service_credentials/region_name').with_value('RegionTwo') + is_expected.to contain_trove_config('service_credentials/user_domain_name').with_value('MyDomain') + is_expected.to contain_trove_config('service_credentials/project_domain_name').with_value('MyDomain') + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + it_configures 'trove::api::service_credentials' + end + end + +end diff --git a/spec/classes/trove_api_spec.rb b/spec/classes/trove_api_spec.rb index b6ccfa1e..1ce7149a 100644 --- a/spec/classes/trove_api_spec.rb +++ b/spec/classes/trove_api_spec.rb @@ -31,25 +31,34 @@ describe 'trove::api' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - os_region_name => 'RegionOne', - nova_compute_service_type => 'compute', - cinder_service_type => 'volume', - swift_service_type => 'object-store', - neutron_service_type => 'network', - glance_service_type => 'image', - nova_compute_endpoint_type => '', - cinder_endpoint_type => '', - swift_endpoint_type => '', - trove_endpoint_type => '', - glance_endpoint_type => '', - neutron_endpoint_type => '', + nova_compute_service_type => 'compute', + cinder_service_type => 'volume', + swift_service_type => 'object-store', + neutron_service_type => 'network', + glance_service_type => 'image', + nova_compute_endpoint_type => '', + cinder_endpoint_type => '', + swift_endpoint_type => '', + trove_endpoint_type => '', + glance_endpoint_type => '', + neutron_endpoint_type => '', + } + class { 'trove::api::service_credentials': + password => 'verysectrete', } class { 'trove::keystone::authtoken': password => 'a_big_secret', }" end + it 'includes required classes' do + is_expected.to contain_class('trove::deps') + is_expected.to contain_class('trove::db') + is_expected.to contain_class('trove::db::sync') + is_expected.to contain_class('trove::params') + is_expected.to contain_class('trove::api::service_credentials') + end + it 'installs trove-api package and service' do is_expected.to contain_service('trove-api').with( :name => platform_params[:api_service_name], @@ -69,13 +78,8 @@ describe 'trove::api' do is_expected.to contain_trove_config('DEFAULT/bind_port').with_value('8779') is_expected.to contain_trove_config('DEFAULT/backlog').with_value('4096') is_expected.to contain_trove_config('DEFAULT/trove_api_workers').with_value('8') - is_expected.to contain_trove_config('DEFAULT/trove_auth_url').with_value('http://localhost:5000/v3') - is_expected.to contain_trove_config('DEFAULT/nova_proxy_admin_user').with_value('admin') - is_expected.to contain_trove_config('DEFAULT/nova_proxy_admin_pass').with_value('verysecrete') - is_expected.to contain_trove_config('DEFAULT/nova_proxy_admin_tenant_name').with_value('admin') is_expected.to contain_trove_config('DEFAULT/default_neutron_networks').with_value('') is_expected.to contain_trove_config('DEFAULT/control_exchange').with_value('trove') - is_expected.to contain_trove_config('DEFAULT/os_region_name').with_value('RegionOne') is_expected.to contain_trove_config('DEFAULT/nova_compute_service_type').with_value('compute') is_expected.to contain_trove_config('DEFAULT/cinder_service_type').with_value('volume') is_expected.to contain_trove_config('DEFAULT/swift_service_type').with_value('object-store') @@ -152,8 +156,11 @@ describe 'trove::api' do context 'with single tenant mode enabled' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - single_tenant_mode => 'true'} + single_tenant_mode => 'true' + } + class { 'trove::api::service_credentials': + password => 'verysecrete', + } class { 'trove::keystone::authtoken': password => 'a_big_secret', }" @@ -167,8 +174,9 @@ describe 'trove::api' do context 'when using a single RabbitMQ server' do let :pre_condition do - "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', + "class { 'trove': } + class { 'trove::api::service_credentials': + password => 'verysecrete', } class { 'trove::keystone::authtoken': password => 'a_big_secret', @@ -183,13 +191,15 @@ describe 'trove::api' do context 'when using a single RabbitMQ server with enable ha options' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_ha_queues => 'true', - amqp_durable_queues => 'true', + rabbit_ha_queues => 'true', + amqp_durable_queues => 'true', } - class { 'trove::keystone::authtoken': - password => 'a_big_secret', - }" + class { 'trove::api::service_credentials': + password => 'verysecrete', + } + class { 'trove::keystone::authtoken': + password => 'a_big_secret', + }" end it 'configures trove-api with RabbitMQ' do is_expected.to contain_trove_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value('true') @@ -200,8 +210,10 @@ describe 'trove::api' do context 'when using multiple RabbitMQ servers' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_ha_queues => 'true', + rabbit_ha_queues => 'true', + } + class { 'trove::api::service_credentials': + password => 'verysecrete', } class { 'trove::keystone::authtoken': password => 'a_big_secret', @@ -215,10 +227,12 @@ describe 'trove::api' do context 'when using Neutron' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', use_neutron => true, default_neutron_networks => 'trove_service', } + class { 'trove::api::service_credentials': + password => 'verysecrete', + } class { 'trove::keystone::authtoken': password => 'a_big_secret', }" @@ -237,8 +251,10 @@ describe 'trove::api' do context 'when using Nova Network' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - use_neutron => false + use_neutron => false + } + class { 'trove::api::service_credentials': + password => 'verysecrete', } class { 'trove::keystone::authtoken': password => 'a_big_secret', @@ -260,12 +276,15 @@ describe 'trove::api' do context 'with SSL enabled with kombu' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', rabbit_use_ssl => true, kombu_ssl_ca_certs => '/path/to/ssl/ca/certs', kombu_ssl_certfile => '/path/to/ssl/cert/file', kombu_ssl_keyfile => '/path/to/ssl/keyfile', - kombu_ssl_version => 'TLSv1'} + kombu_ssl_version => 'TLSv1' + } + class { 'trove::api::service_credentials': + password => 'verysecrete', + } class { 'trove::keystone::authtoken': password => 'a_big_secret', }" @@ -285,8 +304,11 @@ describe 'trove::api' do context 'with SSL enabled without kombu' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_use_ssl => true} + rabbit_use_ssl => true + } + class { 'trove::api::service_credentials': + password => 'verysecrete', + } class { 'trove::keystone::authtoken': password => 'a_big_secret', }" @@ -306,8 +328,11 @@ describe 'trove::api' do context 'with SSL disabled' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_use_ssl => false} + rabbit_use_ssl => false + } + class { 'trove::api::service_credentials': + password => 'verysecrete', + } class { 'trove::keystone::authtoken': password => 'a_big_secret', }" @@ -327,11 +352,14 @@ describe 'trove::api' do context 'with transport_url entries' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', default_transport_url => 'rabbit://rabbit_user:password@localhost:5673', rpc_response_timeout => '120', control_exchange => 'openstack', - notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' } + notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' + } + class { 'trove::api::service_credentials': + password => 'verysecrete', + } class { 'trove::keystone::authtoken': password => 'a_big_secret', }" @@ -347,8 +375,9 @@ describe 'trove::api' do context 'with amqp rpc' do let :pre_condition do - "class { 'trove' : - nova_proxy_admin_pass => 'verysecrete', + "class { 'trove': } + class { 'trove::api::service_credentials': + password => 'verysecrete', } class { 'trove::keystone::authtoken': password => 'a_big_secret', diff --git a/spec/classes/trove_conductor_service_credentials_spec.rb b/spec/classes/trove_conductor_service_credentials_spec.rb new file mode 100644 index 00000000..089cd069 --- /dev/null +++ b/spec/classes/trove_conductor_service_credentials_spec.rb @@ -0,0 +1,73 @@ +# +# Copyright (C) 2020 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +require 'spec_helper' + +describe 'trove::conductor::service_credentials' do + + shared_examples 'trove::conductor::service_credentials' do + + context 'with default parameters' do + let :params do + { + :auth_url => 'http://127.0.0.1:5000/v3', + :password => 'verysecrete' + } + end + + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_conductor_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_conductor_config('service_credentials/username').with_value('trove') + is_expected.to contain_trove_conductor_config('service_credentials/password').with_value('verysecrete').with_secret(true) + is_expected.to contain_trove_conductor_config('service_credentials/project_name').with_value('services') + is_expected.to contain_trove_conductor_config('service_credentials/region_name').with_value('RegionOne') + is_expected.to contain_trove_conductor_config('service_credentials/user_domain_name').with_value('Default') + is_expected.to contain_trove_conductor_config('service_credentials/project_domain_name').with_value('Default') + end + end + + context 'when overriding defaults' do + let :params do + { + :auth_url => 'http://127.0.0.1:5000/v3', + :password => 'verysecrete', + :username => 'trove2', + :project_name => 'services2', + :region_name => 'RegionTwo', + :user_domain_name => 'MyDomain', + :project_domain_name => 'MyDomain', + } + end + + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_conductor_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_conductor_config('service_credentials/username').with_value('trove2') + is_expected.to contain_trove_conductor_config('service_credentials/project_name').with_value('services2') + is_expected.to contain_trove_conductor_config('service_credentials/region_name').with_value('RegionTwo') + is_expected.to contain_trove_conductor_config('service_credentials/user_domain_name').with_value('MyDomain') + is_expected.to contain_trove_conductor_config('service_credentials/project_domain_name').with_value('MyDomain') + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + it_configures 'trove::conductor::service_credentials' + end + end + +end diff --git a/spec/classes/trove_conductor_spec.rb b/spec/classes/trove_conductor_spec.rb index ace382b6..d8d14046 100644 --- a/spec/classes/trove_conductor_spec.rb +++ b/spec/classes/trove_conductor_spec.rb @@ -7,8 +7,16 @@ describe 'trove::conductor' do context 'with default parameters' do let :pre_condition do - "class { 'trove': - nova_proxy_admin_pass => 'verysecrete'}" + "class { 'trove': } + class { 'trove::conductor::service_credentials': + password => 'verysecrete', + }" + end + + it 'includes required classes' do + is_expected.to contain_class('trove::deps') + is_expected.to contain_class('trove::params') + is_expected.to contain_class('trove::conductor::service_credentials') end it 'installs trove-conductor package and service' do @@ -26,9 +34,6 @@ describe 'trove::conductor' do end it 'configures trove-conductor with default parameters' do - is_expected.to contain_trove_conductor_config('DEFAULT/nova_proxy_admin_user').with_value('admin') - is_expected.to contain_trove_conductor_config('DEFAULT/nova_proxy_admin_pass').with_value('verysecrete') - is_expected.to contain_trove_conductor_config('DEFAULT/nova_proxy_admin_tenant_name').with_value('admin') is_expected.to contain_trove_conductor_config('DEFAULT/transport_url').with_value('') is_expected.to contain_trove_conductor_config('DEFAULT/rpc_response_timeout').with_value('') is_expected.to contain_trove_conductor_config('DEFAULT/control_exchange').with_value('trove') @@ -60,8 +65,10 @@ describe 'trove::conductor' do context 'with single tenant mode enabled' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', single_tenant_mode => 'true'} + class { 'trove::conductor::service_credentials': + password => 'verysecrete', + } class { 'trove::keystone::authtoken': password => 'a_big_secret', }" @@ -75,8 +82,9 @@ describe 'trove::conductor' do context 'when using a single RabbitMQ server' do let :pre_condition do - "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', + "class { 'trove': } + class { 'trove::conductor::service_credentials': + password => 'verysecrete', }" end it 'configures trove-conductor with RabbitMQ' do @@ -88,9 +96,11 @@ describe 'trove::conductor' do context 'when using a single RabbitMQ server with enable ha options' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_ha_queues => 'true', - amqp_durable_queues => 'true', + rabbit_ha_queues => 'true', + amqp_durable_queues => 'true', + } + class { 'trove::conductor::service_credentials': + password => 'verysecrete', }" end it 'configures trove-api with RabbitMQ' do @@ -102,8 +112,10 @@ describe 'trove::conductor' do context 'when using multiple RabbitMQ servers' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_ha_queues => true, + rabbit_ha_queues => true, + } + class { 'trove::conductor::service_credentials': + password => 'verysecrete', }" end it 'configures trove-conductor with RabbitMQ' do @@ -114,8 +126,11 @@ describe 'trove::conductor' do context 'when using MySQL' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - database_connection => 'mysql://trove:pass@10.0.0.1/trove'}" + database_connection => 'mysql://trove:pass@10.0.0.1/trove' + } + class { 'trove::conductor::service_credentials': + password => 'verysecrete', + }" end it 'configures trove-conductor with RabbitMQ' do is_expected.to contain_trove_conductor_config('database/connection').with_value('mysql://trove:pass@10.0.0.1/trove') @@ -148,8 +163,11 @@ describe 'trove::conductor' do context 'with SSL enabled without kombu' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_use_ssl => true}" + rabbit_use_ssl => true + } + class { 'trove::conductor::service_credentials': + password => 'verysecrete', + }" end it do @@ -166,8 +184,11 @@ describe 'trove::conductor' do context 'with SSL disabled' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_use_ssl => false}" + rabbit_use_ssl => false + } + class { 'trove::conductor::service_credentials': + password => 'verysecrete', + }" end it do @@ -201,8 +222,10 @@ describe 'trove::conductor' do context 'with amqp messaging' do let :pre_condition do - "class { 'trove' : - nova_proxy_admin_pass => 'verysecrete'}" + "class { 'trove' : } + class { 'trove::conductor::service_credentials': + password => 'verysecrete', + }" end it do diff --git a/spec/classes/trove_guestagent_service_credentials_spec.rb b/spec/classes/trove_guestagent_service_credentials_spec.rb new file mode 100644 index 00000000..8f9a6333 --- /dev/null +++ b/spec/classes/trove_guestagent_service_credentials_spec.rb @@ -0,0 +1,70 @@ +# +# Copyright (C) 2020 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +require 'spec_helper' + +describe 'trove::guestagent::service_credentials' do + + shared_examples 'trove::guestagent::service_credentials' do + + context 'with default parameters' do + let :params do + { :password => 'verysecrete' } + end + + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove') + is_expected.to contain_trove_guestagent_config('service_credentials/password').with_value('verysecrete').with_secret(true) + is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services') + is_expected.to contain_trove_guestagent_config('service_credentials/region_name').with_value('RegionOne') + is_expected.to contain_trove_guestagent_config('service_credentials/user_domain_name').with_value('Default') + is_expected.to contain_trove_guestagent_config('service_credentials/project_domain_name').with_value('Default') + end + end + + context 'when overriding defaults' do + let :params do + { + :auth_url => 'http://127.0.0.1:5000/v3', + :password => 'verysecrete', + :username => 'trove2', + :project_name => 'services2', + :region_name => 'RegionTwo', + :user_domain_name => 'MyDomain', + :project_domain_name => 'MyDomain', + } + end + + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove2') + is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services2') + is_expected.to contain_trove_guestagent_config('service_credentials/region_name').with_value('RegionTwo') + is_expected.to contain_trove_guestagent_config('service_credentials/user_domain_name').with_value('MyDomain') + is_expected.to contain_trove_guestagent_config('service_credentials/project_domain_name').with_value('MyDomain') + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + it_configures 'trove::guestagent::service_credentials' + end + end + +end diff --git a/spec/classes/trove_guestagent_spec.rb b/spec/classes/trove_guestagent_spec.rb index 5cc5f87a..6835ec4e 100644 --- a/spec/classes/trove_guestagent_spec.rb +++ b/spec/classes/trove_guestagent_spec.rb @@ -8,8 +8,17 @@ describe 'trove::guestagent' do let :pre_condition do "class { 'trove': - os_region_name => 'RegionOne', - nova_proxy_admin_pass => 'verysecrete'}" + nova_proxy_admin_pass => 'verysecrete' + } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', + }" + end + + it 'includes required classes' do + is_expected.to contain_class('trove::deps') + is_expected.to contain_class('trove::params') + is_expected.to contain_class('trove::guestagent::service_credentials') end it 'installs trove-guestagent package and service' do @@ -27,7 +36,6 @@ describe 'trove::guestagent' do end it 'configures trove-guestagent with default parameters' do - is_expected.to contain_trove_guestagent_config('DEFAULT/os_region_name').with_value('RegionOne') is_expected.to contain_trove_guestagent_config('DEFAULT/control_exchange').with_value('trove') is_expected.to contain_trove_guestagent_config('DEFAULT/transport_url').with_value('') is_expected.to contain_trove_guestagent_config('DEFAULT/rpc_response_timeout').with_value('') @@ -64,6 +72,9 @@ describe 'trove::guestagent' do let :pre_condition do "class { 'trove': nova_proxy_admin_pass => 'verysecrete', + } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', }" end it 'configures trove-guestagent with RabbitMQ' do @@ -78,6 +89,9 @@ describe 'trove::guestagent' do rabbit_ha_queues => 'true', rabbit_heartbeat_in_pthread => 'true', amqp_durable_queues => 'true', + } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', }" end it 'configures trove-api with RabbitMQ' do @@ -92,6 +106,9 @@ describe 'trove::guestagent' do "class { 'trove': nova_proxy_admin_pass => 'verysecrete', rabbit_ha_queues => true, + } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', }" end it 'configures trove-guestagent with RabbitMQ' do @@ -105,7 +122,11 @@ describe 'trove::guestagent' do nova_proxy_admin_pass => 'verysecrete', default_transport_url => 'rabbit://user:pass@host:1234/virt', rpc_response_timeout => '120', - control_exchange => 'openstack',}" + control_exchange => 'openstack', + } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', + }" end it 'configures trove-guestagent with DEFAULT/transport_url' do is_expected.to contain_trove_guestagent_config('DEFAULT/transport_url').with_value('rabbit://user:pass@host:1234/virt') @@ -119,18 +140,21 @@ describe 'trove::guestagent' do context 'with custom parameters' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete'}" + nova_proxy_admin_pass => 'verysecrete' + } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', + }" end let :params do - { :auth_url => "http://10.0.0.1:5000/", + { :swift_url => "http://10.0.0.1:8080/v1/AUTH_", :swift_service_type => 'object-store', :rabbit_use_ssl => 'true' } end it 'configures trove-guestagent with custom parameters' do - is_expected.to contain_trove_guestagent_config('DEFAULT/trove_auth_url').with_value('http://10.0.0.1:5000/v3') is_expected.to contain_trove_guestagent_config('DEFAULT/swift_url').with_value('http://10.0.0.1:8080/v1/AUTH_') is_expected.to contain_trove_guestagent_config('DEFAULT/swift_service_type').with_value('object-store') is_expected.to contain_oslo__messaging__rabbit('trove_guestagent_config').with( diff --git a/spec/classes/trove_taskmanager_service_credentials_spec.rb b/spec/classes/trove_taskmanager_service_credentials_spec.rb new file mode 100644 index 00000000..7db30048 --- /dev/null +++ b/spec/classes/trove_taskmanager_service_credentials_spec.rb @@ -0,0 +1,73 @@ +# +# Copyright (C) 2020 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +require 'spec_helper' + +describe 'trove::taskmanager::service_credentials' do + + shared_examples 'trove::taskmanager::service_credentials' do + + context 'with default parameters' do + let :params do + { + :auth_url => 'http://127.0.0.1:5000/v3', + :password => 'verysecrete' + } + end + + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_taskmanager_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_taskmanager_config('service_credentials/username').with_value('trove') + is_expected.to contain_trove_taskmanager_config('service_credentials/password').with_value('verysecrete').with_secret(true) + is_expected.to contain_trove_taskmanager_config('service_credentials/project_name').with_value('services') + is_expected.to contain_trove_taskmanager_config('service_credentials/region_name').with_value('RegionOne') + is_expected.to contain_trove_taskmanager_config('service_credentials/user_domain_name').with_value('Default') + is_expected.to contain_trove_taskmanager_config('service_credentials/project_domain_name').with_value('Default') + end + end + + context 'when overriding defaults' do + let :params do + { + :auth_url => 'http://127.0.0.1:5000/v3', + :password => 'verysecrete', + :username => 'trove2', + :project_name => 'services2', + :region_name => 'RegionTwo', + :user_domain_name => 'MyDomain', + :project_domain_name => 'MyDomain', + } + end + + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_taskmanager_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_taskmanager_config('service_credentials/username').with_value('trove2') + is_expected.to contain_trove_taskmanager_config('service_credentials/project_name').with_value('services2') + is_expected.to contain_trove_taskmanager_config('service_credentials/region_name').with_value('RegionTwo') + is_expected.to contain_trove_taskmanager_config('service_credentials/user_domain_name').with_value('MyDomain') + is_expected.to contain_trove_taskmanager_config('service_credentials/project_domain_name').with_value('MyDomain') + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + it_configures 'trove::taskmanager::service_credentials' + end + end + +end diff --git a/spec/classes/trove_taskmanager_spec.rb b/spec/classes/trove_taskmanager_spec.rb index 39663262..7b260b6a 100644 --- a/spec/classes/trove_taskmanager_spec.rb +++ b/spec/classes/trove_taskmanager_spec.rb @@ -27,8 +27,6 @@ describe 'trove::taskmanager' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - os_region_name => 'RegionOne', nova_compute_service_type => 'compute', cinder_service_type => 'volume', swift_service_type => 'object-store', @@ -40,9 +38,19 @@ describe 'trove::taskmanager' do trove_endpoint_type => '', glance_endpoint_type => '', neutron_endpoint_type => '', + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + region_name => 'RegionOne', }" end + it 'includes required classes' do + is_expected.to contain_class('trove::deps') + is_expected.to contain_class('trove::params') + is_expected.to contain_class('trove::taskmanager::service_credentials') + end + it 'installs trove-taskmanager package and service' do is_expected.to contain_service('trove-taskmanager').with( :name => platform_params[:taskmanager_service_name], @@ -58,11 +66,7 @@ describe 'trove::taskmanager' do end it 'configures trove-taskmanager with default parameters' do - is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_proxy_admin_user').with_value('admin') - is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_proxy_admin_pass').with_value('verysecrete') - is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_proxy_admin_tenant_name').with_value('admin') is_expected.to contain_trove_taskmanager_config('DEFAULT/default_neutron_networks').with_value('') - is_expected.to contain_trove_taskmanager_config('DEFAULT/os_region_name').with_value('RegionOne') is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_compute_service_type').with_value('compute') is_expected.to contain_trove_taskmanager_config('DEFAULT/cinder_service_type').with_value('volume') is_expected.to contain_trove_taskmanager_config('DEFAULT/swift_service_type').with_value('object-store') @@ -105,10 +109,13 @@ describe 'trove::taskmanager' do context 'when set use_guestagent_template to false' do let :pre_condition do - "class { 'trove': - nova_proxy_admin_pass => 'verysecrete',} - class { 'trove::taskmanager': - use_guestagent_template => false,}" + "class { 'trove': } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + } + class { 'trove::taskmanager': + use_guestagent_template => false, + }" end it 'configures trove-taskmanager with trove::guestagent' do is_expected.to contain_class('trove::guestagent').with( @@ -121,8 +128,11 @@ describe 'trove::taskmanager' do context 'with single tenant mode enabled' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - single_tenant_mode => 'true'} + single_tenant_mode => 'true' + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + } class { 'trove::keystone::authtoken': password => 'a_big_secret', }" @@ -136,8 +146,9 @@ describe 'trove::taskmanager' do context 'when using a single RabbitMQ server' do let :pre_condition do - "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', + "class { 'trove': } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', } " end @@ -153,9 +164,11 @@ describe 'trove::taskmanager' do context 'when using a single RabbitMQ server with enable rabbbit ha options' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_ha_queues => 'true', - amqp_durable_queues => 'true', + rabbit_ha_queues => 'true', + amqp_durable_queues => 'true', + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', }" end it 'configures trove-api with RabbitMQ' do @@ -171,8 +184,10 @@ describe 'trove::taskmanager' do context 'when using multiple RabbitMQ servers' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_ha_queues => 'true', + rabbit_ha_queues => 'true', + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', }" end it 'configures trove-taskmanager with RabbitMQ' do @@ -186,8 +201,11 @@ describe 'trove::taskmanager' do context 'when using MySQL' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - database_connection => 'mysql://trove:pass@10.0.0.1/trove'}" + database_connection => 'mysql://trove:pass@10.0.0.1/trove' + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + }" end it 'configures trove-taskmanager with RabbitMQ' do is_expected.to contain_trove_taskmanager_config('database/connection').with_value('mysql://trove:pass@10.0.0.1/trove') @@ -197,8 +215,11 @@ describe 'trove::taskmanager' do context 'when using Neutron' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - use_neutron => true} + use_neutron => true + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + } class { 'trove::taskmanager': default_neutron_networks => 'trove_service', } @@ -220,8 +241,11 @@ describe 'trove::taskmanager' do context 'when using Nova Network' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - use_neutron => false}" + use_neutron => false + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + }" end @@ -238,12 +262,15 @@ describe 'trove::taskmanager' do context 'with SSL enabled with kombu' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', rabbit_use_ssl => true, kombu_ssl_ca_certs => '/path/to/ssl/ca/certs', kombu_ssl_certfile => '/path/to/ssl/cert/file', kombu_ssl_keyfile => '/path/to/ssl/keyfile', - kombu_ssl_version => 'TLSv1'}" + kombu_ssl_version => 'TLSv1' + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + }" end it do @@ -260,8 +287,11 @@ describe 'trove::taskmanager' do context 'with SSL enabled without kombu' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_use_ssl => true}" + rabbit_use_ssl => true + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + }" end it do @@ -278,8 +308,11 @@ describe 'trove::taskmanager' do context 'with SSL disabled' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_use_ssl => false}" + rabbit_use_ssl => false + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + }" end it do @@ -296,11 +329,14 @@ describe 'trove::taskmanager' do context 'with transport_url entries' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', default_transport_url => 'rabbit://rabbit_user:password@localhost:5673', rpc_response_timeout => '120', control_exchange => 'openstack', - notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' }" + notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' + } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + }" end it do @@ -313,8 +349,10 @@ describe 'trove::taskmanager' do context 'with amqp messaging' do let :pre_condition do - "class { 'trove' : - nova_proxy_admin_pass => 'verysecrete'}" + "class { 'trove' : } + class { 'trove::taskmanager::service_credentials': + password => 'verysecrete', + }" end it do