Use service credential parameters to define keystone v3 auth

Change-Id: I67ac8b41365e1d6f90b8982659b9fd52744d2ad7
2020-05-04 21:48:45 +09:00 · 2020-05-04 21:48:45 +09:00 · 1d3bffd18b
commit 1d3bffd18b
parent 431016708a
19 changed files with 877 additions and 192 deletions
--- a/examples/site.pp
+++ b/examples/site.pp
@ -19,7 +19,22 @@ class { 'trove::db::mysql':
 class { 'trove':
  database_connection   => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8',
  default_transport_url => 'rabbit://trove:an_even_bigger_secret@10.0.0.1:5672/trove',
-  nova_proxy_admin_pass => 'novapass',
+}
 class { 'trove::api::service_credentials':
  password => 'verysecrete',
 }
 class { 'trove::conductor::service_credentials':
  password => 'verysecrete',
 }
 class { 'trove::task_manager::service_credentials':
  password => 'verysecrete',
 }
 class { 'trove::guestagent::service_credentials':
  password => 'verysecrete',
 }
 class { 'trove::api':
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -119,16 +119,14 @@ class trove::api(
  include trove::db
  include trove::db::sync
  include trove::params
  include trove::api::service_credentials
  # basic service config
  trove_config {
-    'DEFAULT/bind_host':                    value => $bind_host;
+    'DEFAULT/bind_host':         value => $bind_host;
-    'DEFAULT/bind_port':                    value => $bind_port;
+    'DEFAULT/bind_port':         value => $bind_port;
-    'DEFAULT/backlog':                      value => $backlog;
+    'DEFAULT/backlog':           value => $backlog;
-    'DEFAULT/trove_api_workers':            value => $workers;
+    'DEFAULT/trove_api_workers': value => $workers;
    'DEFAULT/nova_proxy_admin_user':        value => $::trove::nova_proxy_admin_user;
    'DEFAULT/nova_proxy_admin_pass':        value => $::trove::nova_proxy_admin_pass;
    'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name;
  }
  if $::trove::single_tenant_mode {
@ -154,11 +152,6 @@ class trove::api(
  if $auth_strategy == 'keystone' {
    include trove::keystone::authtoken
    $trove_auth_url = "${regsubst($::trove::keystone::authtoken::www_authenticate_uri, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
    trove_config {
      'DEFAULT/trove_auth_url' : value => $trove_auth_url;
    }
  }
  # SSL Options
@ -203,14 +196,6 @@ class trove::api(
    purge => $purge_config,
  }
  # region name
  if $::trove::os_region_name {
    trove_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name }
  }
  else {
    trove_config {'DEFAULT/os_region_name': ensure => absent }
  }
  # services type
  trove_config {
    'DEFAULT/nova_compute_service_type': value => $::trove::nova_compute_service_type;
--- a/manifests/api/service_credentials.pp
+++ b/manifests/api/service_credentials.pp
@ -0,0 +1,71 @@
 # The trove::api::service_credentials class helps configure auth settings
 #
 # == Parameters
 # [*auth_url*]
 #   (optional) the keystone public endpoint
 #   Defaults to undef
 #
 # [*region_name*]
 #   (optional) the keystone region of this node
 #   Optional. Defaults to 'RegionOne'
 #
 # [*username*]
 #   (optional) the keystone user for trove services
 #   Defaults to 'trove'
 #
 # [*password*]
 #   (required) the keystone password for trove services
 #
 # [*project_name*]
 #   (optional) the keystone tenant name for trove services
 #   Defaults to 'services'
 #
 # [*project_domain_name*]
 #   (optional) the keystone project domain name for trove services
 #   Defaults to 'Default'
 #
 #  [*user_domain_name*]
 #   (optional) the keystone user domain name for trove services
 #   Defaults to 'Default'
 #
 class trove::api::service_credentials (
  $password            = $::os_service_default,
  $auth_url            = undef,
  $region_name         = 'RegionOne',
  $username            = 'trove',
  $project_name        = 'services',
  $project_domain_name = 'Default',
  $user_domain_name    = 'Default',
 ) {
  include trove::deps
  if $auth_url == undef {
    warning('The auto detection of auth_url from www_authenticate_uri will be \
 removed in a future release. Please set trove::api::service_credentials::auth_url .')
    $auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3')
  } else {
    $auth_url_base = $auth_url
  }
  $auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
  $username_real      = pick($::trove::nova_proxy_admin_user, $username)
  $password_real      = pick($::trove::nova_proxy_admin_pass, $password)
  $project_name_real  = pick($::trove::nova_proxy_tenant_name, $project_name)
  $region_name_real   = pick($::trove::os_region_name, $region_name)
  if is_service_default($password_real) {
    fail('trove::api::service_credentials::password should be set')
  }
  trove_config {
    'service_credentials/auth_url':            value => $auth_url_real;
    'service_credentials/username':            value => $username_real;
    'service_credentials/password':            value => $password_real, secret => true;
    'service_credentials/project_name':        value => $project_name_real;
    'service_credentials/project_domain_name': value => $project_domain_name;
    'service_credentials/user_domain_name':    value => $user_domain_name;
    'service_credentials/region_name':         value => $region_name_real;
  }
 }
--- a/manifests/conductor.pp
+++ b/manifests/conductor.pp
@ -76,6 +76,7 @@ class trove::conductor(
  include trove::deps
  include trove::params
  include trove::conductor::service_credentials
  if $::trove::database_connection {
    if($::trove::database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
@ -95,14 +96,10 @@ class trove::conductor(
  }
  # basic service config
  $trove_auth_url = "${regsubst($auth_url, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
  trove_conductor_config {
-    'DEFAULT/trove_auth_url':               value => $trove_auth_url;
+    'DEFAULT/trove_conductor_workers': value => $workers;
    'DEFAULT/nova_proxy_admin_user':        value => $::trove::nova_proxy_admin_user;
    'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name;
    'DEFAULT/nova_proxy_admin_pass':        value => $::trove::nova_proxy_admin_pass;
    'DEFAULT/trove_conductor_workers':      value => $workers;
  }
  # profiler config
  trove_conductor_config {
    'profiler/enabled':          value => $enable_profiler;
--- a/manifests/conductor/service_credentials.pp
+++ b/manifests/conductor/service_credentials.pp
@ -0,0 +1,71 @@
 # The trove::conductor::service_credentials class helps configure auth settings
 #
 # == Parameters
 # [*auth_url*]
 #   (optional) the keystone public endpoint
 #   Defaults to undef
 #
 # [*region_name*]
 #   (optional) the keystone region of this node
 #   Optional. Defaults to 'RegionOne'
 #
 # [*username*]
 #   (optional) the keystone user for trove services
 #   Defaults to 'trove'
 #
 # [*password*]
 #   (required) the keystone password for trove services
 #
 # [*project_name*]
 #   (optional) the keystone tenant name for trove services
 #   Defaults to 'services'
 #
 # [*project_domain_name*]
 #   (optional) the keystone project domain name for trove services
 #   Defaults to 'Default'
 #
 #  [*user_domain_name*]
 #   (optional) the keystone user domain name for trove services
 #   Defaults to 'Default'
 #
 class trove::conductor::service_credentials (
  $password            = $::os_service_default,
  $auth_url            = undef,
  $region_name         = 'RegionOne',
  $username            = 'trove',
  $project_name        = 'services',
  $project_domain_name = 'Default',
  $user_domain_name    = 'Default',
 ) {
  include trove::deps
  if $auth_url == undef {
    warning('The auto detection of auth_url from www_authenticate_uri will be \
 removed in a future release. Please set trove::conductor::service_credentials::auth_url .')
    $auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3')
  } else {
    $auth_url_base = $auth_url
  }
  $auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
  $username_real      = pick($::trove::nova_proxy_admin_user, $username)
  $password_real      = pick($::trove::nova_proxy_admin_pass, $password)
  $project_name_real  = pick($::trove::nova_proxy_tenant_name, $project_name)
  $region_name_real   = pick($::trove::os_region_name, $region_name)
  if is_service_default(password_real) {
    fail('trove::conductor::service_credentials::password should be set')
  }
  trove_conductor_config {
    'service_credentials/auth_url':            value => $auth_url_real;
    'service_credentials/username':            value => $username_real;
    'service_credentials/password':            value => $password_real, secret => true;
    'service_credentials/project_name':        value => $project_name_real;
    'service_credentials/project_domain_name': value => $project_domain_name;
    'service_credentials/user_domain_name':    value => $user_domain_name;
    'service_credentials/region_name':         value => $region_name_real;
  }
 }
--- a/manifests/guestagent.pp
+++ b/manifests/guestagent.pp
@ -38,10 +38,6 @@
 #   (optional) Syslog facility to receive log lines.
 #   Defaults to 'LOG_USER'.
 #
 # [*auth_url*]
 #   (optional) Authentication URL.
 #   Defaults to 'http://localhost:5000/v3'.
 #
 # [*swift_url*]
 #   (optional) Swift URL. If this is unset in the class, Trove will
 #   lookup the URL using the Keystone catalog.
@ -64,12 +60,6 @@
 #   guests need to talk to the rabbit cluster via
 #   a different ssl connection option.
 #
 # [*backup_aes_cbc_key*]
 #   (optional) Default OpenSSL aes_cbc key
 #   Defaults to $::os_service_default.
 #
 #  DEPRECATED PARAMETERS
 #
 # [*root_grant*]
 #   (optional) Permissions to grant "root" user.
 #   Defaults to $::os_service_default.
@ -82,10 +72,20 @@
 #   (optional) Default password Length for root password.
 #   Defaults to $::os_service_default.
 #
 # [*backup_aes_cbc_key*]
 #   (optional) Default OpenSSL aes_cbc key
 #   Defaults to $::os_service_default.
 #
 #  DEPRECATED PARAMETERS
 #
 # [*control_exchange*]
 #   (Optional) Moved to init.pp. The default exchange to scope topics.
 #   Defaults to undef.
 #
 # [*auth_url*]
 #   (optional) Authentication URL.
 #   Defaults to undef.
 #
 class trove::guestagent(
  $enabled                 = true,
  $manage_service          = true,
@ -95,7 +95,6 @@ class trove::guestagent(
  $log_dir                 = '/var/log/trove',
  $use_syslog              = $::os_service_default,
  $log_facility            = $::os_service_default,
  $auth_url                = 'http://localhost:5000/v3',
  $swift_url               = $::os_service_default,
  $swift_service_type      = $::os_service_default,
  $default_transport_url   = $::trove::default_transport_url,
@ -106,21 +105,20 @@ class trove::guestagent(
  $backup_aes_cbc_key      = $::os_service_default,
  #Deprecated
  $control_exchange        = undef,
  $auth_url                = undef,
 ) inherits trove {
  include trove::deps
  include trove::params
  include trove::guestagent::service_credentials
  if $control_exchange {
    warning("control_exchange parameter is deprecated. Please use \
 trove::control_exchange instead.")
  }
  $trove_auth_url = "${regsubst($auth_url, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
  # basic service config
  trove_guestagent_config {
    'DEFAULT/trove_auth_url':          value => $trove_auth_url;
    'DEFAULT/swift_url':               value => $swift_url;
    'DEFAULT/swift_service_type':      value => $swift_service_type;
    'DEFAULT/root_grant':              value => $root_grant;
@ -135,14 +133,6 @@ trove::control_exchange instead.")
    rpc_response_timeout => $::trove::rpc_response_timeout,
  }
  # region name
  if $::trove::os_region_name {
    trove_guestagent_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name }
  }
  else {
    trove_guestagent_config { 'DEFAULT/os_region_name': ensure => absent }
  }
  oslo::messaging::notifications { 'trove_guestagent_config':
    transport_url => $::trove::notification_transport_url,
    driver        => $::trove::notification_driver,
--- a/manifests/guestagent/service_credentials.pp
+++ b/manifests/guestagent/service_credentials.pp
@ -0,0 +1,65 @@
 # The trove::guestagent::service_credentials class helps configure auth settings
 #
 # == Parameters
 # [*auth_url*]
 #   (optional) the keystone public endpoint
 #   Defaults to undef
 #
 # [*region_name*]
 #   (optional) the keystone region of this node
 #   Optional. Defaults to 'RegionOne'
 #
 # [*username*]
 #   (optional) the keystone user for trove services
 #   Defaults to 'trove'
 #
 # [*password*]
 #   (required) the keystone password for trove services
 #
 # [*project_name*]
 #   (optional) the keystone tenant name for trove services
 #   Defaults to 'services'
 #
 # [*project_domain_name*]
 #   (optional) the keystone project domain name for trove services
 #   Defaults to 'Default'
 #
 #  [*user_domain_name*]
 #   (optional) the keystone user domain name for trove services
 #   Defaults to 'Default'
 #
 class trove::guestagent::service_credentials (
  $password            = $::os_service_default,
  $auth_url            = 'http://127.0.0.1:5000/v3',
  $region_name         = 'RegionOne',
  $username            = 'trove',
  $project_name        = 'services',
  $project_domain_name = 'Default',
  $user_domain_name    = 'Default',
 ) {
  include trove::deps
  $auth_url_base      = pick($::trove::guestagent::auth_url, $auth_url)
  $auth_url_real      = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
  $username_real      = pick($::trove::nova_proxy_admin_user, $username)
  $password_real      = pick($::trove::nova_proxy_admin_pass, $password)
  $project_name_real  = pick($::trove::nova_proxy_tenant_name, $project_name)
  $region_name_real   = pick($::trove::os_region_name, $region_name)
  if is_service_default(password_real) {
    fail('trove::guestagent::service_credentials::password should be set')
  }
  trove_guestagent_config {
    'service_credentials/auth_url':            value => $auth_url_real;
    'service_credentials/username':            value => $username_real;
    'service_credentials/password':            value => $password_real, secret => true;
    'service_credentials/project_name':        value => $project_name_real;
    'service_credentials/project_domain_name': value => $project_domain_name;
    'service_credentials/user_domain_name':    value => $user_domain_name;
    'service_credentials/region_name':         value => $region_name_real;
  }
 }
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -196,17 +196,6 @@
 #   (optional) URL without the tenant segment.
 #   Defaults to false.
 #
 # [*nova_proxy_admin_user*]
 #   (optional) Admin username used to connect to nova.
 #   Defaults to 'admin'
 #
 # [*nova_proxy_admin_pass*]
 #   (required) Admin password used to connect to nova.
 #
 # [*nova_proxy_admin_tenant_name*]
 #   (optional) Admin tenant name used to connect to nova.
 #   Defaults to 'admin'
 #
 # [*rpc_response_timeout*]
 #  (Optional) Seconds to wait for a response from a call.
 #  Defaults to $::os_service_default
@ -227,13 +216,6 @@
 #   (optional) Neutron URL without the tenant segment.
 #   Defaults to false.
 #
 # [*os_region_name*]
 #   (optional) Sets the os_region_name flag. For environments with
 #   more than one endpoint per service. If you don't set this and
 #   you have multiple endpoints, you will get Ambiguous Endpoint
 #   exceptions in the trove API service.
 #   Defaults to undef.
 #
 # [*nova_compute_service_type*]
 #   (optional) Nova service type to use when searching catalog.
 #   Defaults to 'compute'.
@ -296,8 +278,26 @@
 #   (optional) Minimum number of SQL connections to keep open in a pool.
 #   Defaults to: undef.
 #
 # [*nova_proxy_admin_user*]
 #   (optional) Admin username used to connect to nova.
 #   Defaults to undef
 #
 # [*nova_proxy_admin_pass*]
 #   (optional) Admin password used to connect to nova.
 #   Defaults to undef
 #
 # [*nova_proxy_admin_tenant_name*]
 #   (optional) Admin tenant name used to connect to nova.
 #   Defaults to undef
 #
 # [*os_region_name*]
 #   (optional) Sets the os_region_name flag. For environments with
 #   more than one endpoint per service. If you don't set this and
 #   you have multiple endpoints, you will get Ambiguous Endpoint
 #   exceptions in the trove API service.
 #   Defaults to undef.
 #
 class trove(
  $nova_proxy_admin_pass,
  $default_transport_url        = $::os_service_default,
  $notification_transport_url   = $::os_service_default,
  $notification_driver          = $::os_service_default,
@ -337,14 +337,11 @@ class trove(
  $database_max_overflow        = undef,
  $single_tenant_mode           = false,
  $nova_compute_url             = false,
  $nova_proxy_admin_user        = 'admin',
  $nova_proxy_admin_tenant_name = 'admin',
  $rpc_response_timeout         = $::os_service_default,
  $control_exchange             = 'trove',
  $cinder_url                   = false,
  $swift_url                    = false,
  $neutron_url                  = false,
  $os_region_name               = undef,
  $nova_compute_service_type    = 'compute',
  $cinder_service_type          = 'volumev2',
  $swift_service_type           = 'object-store',
@ -361,6 +358,10 @@ class trove(
  $package_ensure               = 'present',
  # DEPRECATED PARAMETERS
  $database_min_pool_size       = undef,
  $nova_proxy_admin_user        = undef,
  $nova_proxy_admin_pass        = undef,
  $nova_proxy_admin_tenant_name = undef,
  $os_region_name               = undef,
 ) {
  include trove::deps
--- a/manifests/taskmanager.pp
+++ b/manifests/taskmanager.pp
@ -107,6 +107,7 @@ class trove::taskmanager(
  include trove::deps
  include trove::params
  include trove::taskmanager::service_credentials
  if $default_neutron_networks {
    warning("trove::taskmanager::default_neutron_networks is deprecated and will be removed in \
@ -135,23 +136,9 @@ the future release. Please use trove::default_neutron_networks instead.")
    }
  }
  $trove_auth_url = "${regsubst($auth_url, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
  # basic service config
  trove_taskmanager_config {
-    'DEFAULT/trove_auth_url':               value => $trove_auth_url;
+    'DEFAULT/taskmanager_manager': value => $taskmanager_manager;
    'DEFAULT/nova_proxy_admin_user':        value => $::trove::nova_proxy_admin_user;
    'DEFAULT/nova_proxy_admin_pass':        value => $::trove::nova_proxy_admin_pass;
    'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name;
    'DEFAULT/taskmanager_manager':          value => $taskmanager_manager;
  }
  # region name
  if $::trove::os_region_name {
    trove_taskmanager_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name }
  }
  else {
    trove_taskmanager_config {'DEFAULT/os_region_name': ensure => absent }
  }
  # services type
--- a/manifests/taskmanager/service_credentials.pp
+++ b/manifests/taskmanager/service_credentials.pp
@ -0,0 +1,71 @@
 # The trove::taskmanager::service_credentials class helps configure auth settings
 #
 # == Parameters
 # [*auth_url*]
 #   (optional) the keystone public endpoint
 #   Defaults to undef
 #
 # [*region_name*]
 #   (optional) the keystone region of this node
 #   Optional. Defaults to 'RegionOne'
 #
 # [*username*]
 #   (optional) the keystone user for trove services
 #   Defaults to 'trove'
 #
 # [*password*]
 #   (required) the keystone password for trove services
 #
 # [*project_name*]
 #   (optional) the keystone tenant name for trove services
 #   Defaults to 'services'
 #
 # [*project_domain_name*]
 #   (optional) the keystone project domain name for trove services
 #   Defaults to 'Default'
 #
 #  [*user_domain_name*]
 #   (optional) the keystone user domain name for trove services
 #   Defaults to 'Default'
 #
 class trove::taskmanager::service_credentials (
  $password            = $::os_service_default,
  $auth_url            = undef,
  $region_name         = 'RegionOne',
  $username            = 'trove',
  $project_name        = 'services',
  $project_domain_name = 'Default',
  $user_domain_name    = 'Default',
 ) {
  include trove::deps
  if $auth_url == undef {
    warning('The auto detection of auth_url from www_authenticate_uri will be \
 removed in a future release. Please set trove::taskmanager::service_credentials::auth_url .')
    $auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3')
  } else {
    $auth_url_base = $auth_url
  }
  $auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
  $username_real      = pick($::trove::nova_proxy_admin_user, $username)
  $password_real      = pick($::trove::nova_proxy_admin_pass, $password)
  $project_name_real  = pick($::trove::nova_proxy_tenant_name, $project_name)
  $region_name_real   = pick($::trove::os_region_name, $region_name)
  if is_service_default($password_real) {
    fail('trove::taskmanager::service_credentials::password should be set')
  }
  trove_taskmanager_config {
    'service_credentials/auth_url':            value => $auth_url_real;
    'service_credentials/username':            value => $username_real;
    'service_credentials/password':            value => $password_real, secret => true;
    'service_credentials/project_name':        value => $project_name_real;
    'service_credentials/project_domain_name': value => $project_domain_name;
    'service_credentials/user_domain_name':    value => $user_domain_name;
    'service_credentials/region_name':         value => $region_name_real;
  }
 }
--- a/releasenotes/notes/keystone-v3-auth-1572c6fe82f65b8b.yaml
+++ b/releasenotes/notes/keystone-v3-auth-1572c6fe82f65b8b.yaml
@ -0,0 +1,29 @@
 ---
 features:
  - |
    The following classes have been added to set parameters to define service
    credentials.
    - ``trove::api::service_credentials``
    - ``trove::conductor::service_credentials``
    - ``trove::guestagent::service_credentials``
    - ``trove::taskmanager::service_credentials``
 deprecations:
  - |
    The following parameters in ``trove`` class has been deprecated and will
    be removed in a future release. Use the parameters in ``trove::auth`` class
    to set required parameters for keystone v3 auth.
    - ``nova_proxy_admin_user``
    - ``nova_proxy_admin_pass``
    - ``nova_proxy_admin_tenant_name``
    - ``os_region_name``
  - |
    The auto detection of auth_url parameter from www_authenticate_uri is
    deprecated and will be removed in a future release. Please set
    auth_url parameter before the detection is removed.
  - |
    The ``trove::guestagent::auth_url`` parmaeter has been deprecated. Use
    ``trove::taskmanager::service_credentials::auth_url`` instead.
--- a/spec/classes/trove_api_service_credentials_spec.rb
+++ b/spec/classes/trove_api_service_credentials_spec.rb
@ -0,0 +1,73 @@
 #
 # Copyright (C) 2020 Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 #
 require 'spec_helper'
 describe 'trove::api::service_credentials' do
  shared_examples 'trove::api::service_credentials' do
    context 'with default parameters' do
      let :params do
        {
          :auth_url => 'http://127.0.0.1:5000/v3',
          :password => 'verysecrete'
        }
      end
      it 'configures service credentials with default parameters' do
        is_expected.to contain_trove_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
        is_expected.to contain_trove_config('service_credentials/username').with_value('trove')
        is_expected.to contain_trove_config('service_credentials/password').with_value('verysecrete').with_secret(true)
        is_expected.to contain_trove_config('service_credentials/project_name').with_value('services')
        is_expected.to contain_trove_config('service_credentials/region_name').with_value('RegionOne')
        is_expected.to contain_trove_config('service_credentials/user_domain_name').with_value('Default')
        is_expected.to contain_trove_config('service_credentials/project_domain_name').with_value('Default')
      end
    end
    context 'when overriding defaults' do
      let :params do
        {
          :auth_url            => 'http://127.0.0.1:5000/v3',
          :password            => 'verysecrete',
          :username            => 'trove2',
          :project_name        => 'services2',
          :region_name         => 'RegionTwo',
          :user_domain_name    => 'MyDomain',
          :project_domain_name => 'MyDomain',
        }
      end
      it 'configures service credentials with default parameters' do
        is_expected.to contain_trove_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
        is_expected.to contain_trove_config('service_credentials/username').with_value('trove2')
        is_expected.to contain_trove_config('service_credentials/project_name').with_value('services2')
        is_expected.to contain_trove_config('service_credentials/region_name').with_value('RegionTwo')
        is_expected.to contain_trove_config('service_credentials/user_domain_name').with_value('MyDomain')
        is_expected.to contain_trove_config('service_credentials/project_domain_name').with_value('MyDomain')
      end
    end
  end
  on_supported_os({
    :supported_os   => OSDefaults.get_supported_os
  }).each do |os,facts|
    context "on #{os}" do
      it_configures 'trove::api::service_credentials'
    end
  end
 end
--- a/spec/classes/trove_api_spec.rb
+++ b/spec/classes/trove_api_spec.rb
@ -31,25 +31,34 @@ describe 'trove::api' do
      let :pre_condition do
        "class { 'trove':
-         nova_proxy_admin_pass      => 'verysecrete',
+           nova_compute_service_type  => 'compute',
-         os_region_name             => 'RegionOne',
+           cinder_service_type        => 'volume',
-         nova_compute_service_type  => 'compute',
+           swift_service_type         => 'object-store',
-         cinder_service_type        => 'volume',
+           neutron_service_type       => 'network',
-         swift_service_type         => 'object-store',
+           glance_service_type        => 'image',
-         neutron_service_type       => 'network',
+           nova_compute_endpoint_type => '<SERVICE DEFAULT>',
-         glance_service_type        => 'image',
+           cinder_endpoint_type       => '<SERVICE DEFAULT>',
-         nova_compute_endpoint_type => '<SERVICE DEFAULT>',
+           swift_endpoint_type        => '<SERVICE DEFAULT>',
-         cinder_endpoint_type       => '<SERVICE DEFAULT>',
+           trove_endpoint_type        => '<SERVICE DEFAULT>',
-         swift_endpoint_type        => '<SERVICE DEFAULT>',
+           glance_endpoint_type       => '<SERVICE DEFAULT>',
-         trove_endpoint_type        => '<SERVICE DEFAULT>',
+           neutron_endpoint_type      => '<SERVICE DEFAULT>',
-         glance_endpoint_type       => '<SERVICE DEFAULT>',
+         }
-         neutron_endpoint_type      => '<SERVICE DEFAULT>',
+         class { 'trove::api::service_credentials':
           password => 'verysectrete',
         }
         class { 'trove::keystone::authtoken':
           password => 'a_big_secret',
         }"
      end
      it 'includes required classes' do
        is_expected.to contain_class('trove::deps')
        is_expected.to contain_class('trove::db')
        is_expected.to contain_class('trove::db::sync')
        is_expected.to contain_class('trove::params')
        is_expected.to contain_class('trove::api::service_credentials')
      end
      it 'installs trove-api package and service' do
        is_expected.to contain_service('trove-api').with(
          :name      => platform_params[:api_service_name],
@ -69,13 +78,8 @@ describe 'trove::api' do
        is_expected.to contain_trove_config('DEFAULT/bind_port').with_value('8779')
        is_expected.to contain_trove_config('DEFAULT/backlog').with_value('4096')
        is_expected.to contain_trove_config('DEFAULT/trove_api_workers').with_value('8')
        is_expected.to contain_trove_config('DEFAULT/trove_auth_url').with_value('http://localhost:5000/v3')
        is_expected.to contain_trove_config('DEFAULT/nova_proxy_admin_user').with_value('admin')
        is_expected.to contain_trove_config('DEFAULT/nova_proxy_admin_pass').with_value('verysecrete')
        is_expected.to contain_trove_config('DEFAULT/nova_proxy_admin_tenant_name').with_value('admin')
        is_expected.to contain_trove_config('DEFAULT/default_neutron_networks').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_config('DEFAULT/control_exchange').with_value('trove')
        is_expected.to contain_trove_config('DEFAULT/os_region_name').with_value('RegionOne')
        is_expected.to contain_trove_config('DEFAULT/nova_compute_service_type').with_value('compute')
        is_expected.to contain_trove_config('DEFAULT/cinder_service_type').with_value('volume')
        is_expected.to contain_trove_config('DEFAULT/swift_service_type').with_value('object-store')
@ -152,8 +156,11 @@ describe 'trove::api' do
      context 'with single tenant mode enabled' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             single_tenant_mode => 'true'
-             single_tenant_mode    => 'true'}
+           }
           class { 'trove::api::service_credentials':
             password => 'verysecrete',
           }
           class { 'trove::keystone::authtoken':
             password => 'a_big_secret',
           }"
@ -167,8 +174,9 @@ describe 'trove::api' do
      context 'when using a single RabbitMQ server' do
        let :pre_condition do
-          "class { 'trove':
+          "class { 'trove': }
-             nova_proxy_admin_pass => 'verysecrete',
+           class { 'trove::api::service_credentials':
             password => 'verysecrete',
           }
           class { 'trove::keystone::authtoken':
             password => 'a_big_secret',
@ -183,13 +191,15 @@ describe 'trove::api' do
      context 'when using a single RabbitMQ server with enable ha options' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             rabbit_ha_queues    => 'true',
-             rabbit_ha_queues      => 'true',
+             amqp_durable_queues => 'true',
             amqp_durable_queues   => 'true',
           }
-            class { 'trove::keystone::authtoken':
+           class { 'trove::api::service_credentials':
-              password => 'a_big_secret',
+             password => 'verysecrete',
-            }"
+           }
           class { 'trove::keystone::authtoken':
             password => 'a_big_secret',
           }"
        end
        it 'configures trove-api with RabbitMQ' do
          is_expected.to contain_trove_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value('true')
@ -200,8 +210,10 @@ describe 'trove::api' do
      context 'when using multiple RabbitMQ servers' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             rabbit_ha_queues => 'true',
-             rabbit_ha_queues      => 'true',
+           }
           class { 'trove::api::service_credentials':
             password => 'verysecrete',
           }
           class { 'trove::keystone::authtoken':
             password => 'a_big_secret',
@ -215,10 +227,12 @@ describe 'trove::api' do
      context 'when using Neutron' do
        let :pre_condition do
          "class { 'trove':
             nova_proxy_admin_pass    => 'verysecrete',
             use_neutron              => true,
             default_neutron_networks => 'trove_service',
           }
           class { 'trove::api::service_credentials':
             password => 'verysecrete',
           }
           class { 'trove::keystone::authtoken':
             password => 'a_big_secret',
           }"
@ -237,8 +251,10 @@ describe 'trove::api' do
      context 'when using Nova Network' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             use_neutron => false
-             use_neutron           => false
+           }
           class { 'trove::api::service_credentials':
             password => 'verysecrete',
           }
           class { 'trove::keystone::authtoken':
             password => 'a_big_secret',
@ -260,12 +276,15 @@ describe 'trove::api' do
    context 'with SSL enabled with kombu' do
      let :pre_condition do
        "class { 'trove':
           nova_proxy_admin_pass => 'verysecrete',
           rabbit_use_ssl     => true,
           kombu_ssl_ca_certs => '/path/to/ssl/ca/certs',
           kombu_ssl_certfile => '/path/to/ssl/cert/file',
           kombu_ssl_keyfile  => '/path/to/ssl/keyfile',
-           kombu_ssl_version  => 'TLSv1'}
+           kombu_ssl_version  => 'TLSv1'
         }
         class { 'trove::api::service_credentials':
           password => 'verysecrete',
         }
         class { 'trove::keystone::authtoken':
           password => 'a_big_secret',
         }"
@ -285,8 +304,11 @@ describe 'trove::api' do
    context 'with SSL enabled without kombu' do
      let :pre_condition do
        "class { 'trove':
-           nova_proxy_admin_pass => 'verysecrete',
+           rabbit_use_ssl => true
-           rabbit_use_ssl     => true}
+         }
         class { 'trove::api::service_credentials':
           password => 'verysecrete',
         }
         class { 'trove::keystone::authtoken':
           password => 'a_big_secret',
         }"
@ -306,8 +328,11 @@ describe 'trove::api' do
    context 'with SSL disabled' do
      let :pre_condition do
        "class { 'trove':
-           nova_proxy_admin_pass => 'verysecrete',
+           rabbit_use_ssl => false
-           rabbit_use_ssl        => false}
+         }
         class { 'trove::api::service_credentials':
           password => 'verysecrete',
         }
         class { 'trove::keystone::authtoken':
           password => 'a_big_secret',
         }"
@ -327,11 +352,14 @@ describe 'trove::api' do
    context 'with transport_url entries' do
      let :pre_condition do
        "class { 'trove':
           nova_proxy_admin_pass      => 'verysecrete',
           default_transport_url      => 'rabbit://rabbit_user:password@localhost:5673',
           rpc_response_timeout       => '120',
           control_exchange           => 'openstack',
-           notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' }
+           notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673'
         }
         class { 'trove::api::service_credentials':
           password => 'verysecrete',
         }
         class { 'trove::keystone::authtoken':
           password => 'a_big_secret',
         }"
@ -347,8 +375,9 @@ describe 'trove::api' do
    context 'with amqp rpc' do
      let :pre_condition do
-        "class { 'trove' :
+        "class { 'trove': }
-           nova_proxy_admin_pass => 'verysecrete',
+         class { 'trove::api::service_credentials':
           password => 'verysecrete',
         }
         class { 'trove::keystone::authtoken':
           password => 'a_big_secret',
--- a/spec/classes/trove_conductor_service_credentials_spec.rb
+++ b/spec/classes/trove_conductor_service_credentials_spec.rb
@ -0,0 +1,73 @@
 #
 # Copyright (C) 2020 Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 #
 require 'spec_helper'
 describe 'trove::conductor::service_credentials' do
  shared_examples 'trove::conductor::service_credentials' do
    context 'with default parameters' do
      let :params do
        {
          :auth_url => 'http://127.0.0.1:5000/v3',
          :password => 'verysecrete'
        }
      end
      it 'configures service credentials with default parameters' do
        is_expected.to contain_trove_conductor_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
        is_expected.to contain_trove_conductor_config('service_credentials/username').with_value('trove')
        is_expected.to contain_trove_conductor_config('service_credentials/password').with_value('verysecrete').with_secret(true)
        is_expected.to contain_trove_conductor_config('service_credentials/project_name').with_value('services')
        is_expected.to contain_trove_conductor_config('service_credentials/region_name').with_value('RegionOne')
        is_expected.to contain_trove_conductor_config('service_credentials/user_domain_name').with_value('Default')
        is_expected.to contain_trove_conductor_config('service_credentials/project_domain_name').with_value('Default')
      end
    end
    context 'when overriding defaults' do
      let :params do
        {
          :auth_url            => 'http://127.0.0.1:5000/v3',
          :password            => 'verysecrete',
          :username            => 'trove2',
          :project_name        => 'services2',
          :region_name         => 'RegionTwo',
          :user_domain_name    => 'MyDomain',
          :project_domain_name => 'MyDomain',
        }
      end
      it 'configures service credentials with default parameters' do
        is_expected.to contain_trove_conductor_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
        is_expected.to contain_trove_conductor_config('service_credentials/username').with_value('trove2')
        is_expected.to contain_trove_conductor_config('service_credentials/project_name').with_value('services2')
        is_expected.to contain_trove_conductor_config('service_credentials/region_name').with_value('RegionTwo')
        is_expected.to contain_trove_conductor_config('service_credentials/user_domain_name').with_value('MyDomain')
        is_expected.to contain_trove_conductor_config('service_credentials/project_domain_name').with_value('MyDomain')
      end
    end
  end
  on_supported_os({
    :supported_os   => OSDefaults.get_supported_os
  }).each do |os,facts|
    context "on #{os}" do
      it_configures 'trove::conductor::service_credentials'
    end
  end
 end
--- a/spec/classes/trove_conductor_spec.rb
+++ b/spec/classes/trove_conductor_spec.rb
@ -7,8 +7,16 @@ describe 'trove::conductor' do
    context 'with default parameters' do
      let :pre_condition do
-        "class { 'trove':
+        "class { 'trove': }
-         nova_proxy_admin_pass => 'verysecrete'}"
+         class { 'trove::conductor::service_credentials':
           password => 'verysecrete',
         }"
      end
      it 'includes required classes' do
        is_expected.to contain_class('trove::deps')
        is_expected.to contain_class('trove::params')
        is_expected.to contain_class('trove::conductor::service_credentials')
      end
      it 'installs trove-conductor package and service' do
@ -26,9 +34,6 @@ describe 'trove::conductor' do
      end
      it 'configures trove-conductor with default parameters' do
        is_expected.to contain_trove_conductor_config('DEFAULT/nova_proxy_admin_user').with_value('admin')
        is_expected.to contain_trove_conductor_config('DEFAULT/nova_proxy_admin_pass').with_value('verysecrete')
        is_expected.to contain_trove_conductor_config('DEFAULT/nova_proxy_admin_tenant_name').with_value('admin')
        is_expected.to contain_trove_conductor_config('DEFAULT/transport_url').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_conductor_config('DEFAULT/rpc_response_timeout').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_conductor_config('DEFAULT/control_exchange').with_value('trove')
@ -60,8 +65,10 @@ describe 'trove::conductor' do
      context 'with single tenant mode enabled' do
        let :pre_condition do
          "class { 'trove':
             nova_proxy_admin_pass => 'verysecrete',
             single_tenant_mode    => 'true'}
           class { 'trove::conductor::service_credentials':
             password => 'verysecrete',
           }
           class { 'trove::keystone::authtoken':
             password => 'a_big_secret',
           }"
@ -75,8 +82,9 @@ describe 'trove::conductor' do
      context 'when using a single RabbitMQ server' do
        let :pre_condition do
-          "class { 'trove':
+          "class { 'trove': }
-             nova_proxy_admin_pass => 'verysecrete',
+           class { 'trove::conductor::service_credentials':
             password => 'verysecrete',
           }"
        end
        it 'configures trove-conductor with RabbitMQ' do
@ -88,9 +96,11 @@ describe 'trove::conductor' do
      context 'when using a single RabbitMQ server with enable ha options' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             rabbit_ha_queues    => 'true',
-             rabbit_ha_queues      => 'true',
+             amqp_durable_queues => 'true',
-             amqp_durable_queues   => 'true',
+           }
           class { 'trove::conductor::service_credentials':
             password => 'verysecrete',
           }"
        end
        it 'configures trove-api with RabbitMQ' do
@ -102,8 +112,10 @@ describe 'trove::conductor' do
      context 'when using multiple RabbitMQ servers' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             rabbit_ha_queues => true,
-             rabbit_ha_queues      => true,
+           }
           class { 'trove::conductor::service_credentials':
             password => 'verysecrete',
           }"
        end
        it 'configures trove-conductor with RabbitMQ' do
@ -114,8 +126,11 @@ describe 'trove::conductor' do
      context 'when using MySQL' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             database_connection => 'mysql://trove:pass@10.0.0.1/trove'
-             database_connection   => 'mysql://trove:pass@10.0.0.1/trove'}"
+           }
           class { 'trove::conductor::service_credentials':
             password => 'verysecrete',
           }"
        end
        it 'configures trove-conductor with RabbitMQ' do
          is_expected.to contain_trove_conductor_config('database/connection').with_value('mysql://trove:pass@10.0.0.1/trove')
@ -148,8 +163,11 @@ describe 'trove::conductor' do
    context 'with SSL enabled without kombu' do
      let :pre_condition do
        "class { 'trove':
-           nova_proxy_admin_pass => 'verysecrete',
+           rabbit_use_ssl        => true
-           rabbit_use_ssl        => true}"
+         }
         class { 'trove::conductor::service_credentials':
           password => 'verysecrete',
         }"
      end
      it do
@ -166,8 +184,11 @@ describe 'trove::conductor' do
    context 'with SSL disabled' do
      let :pre_condition do
        "class { 'trove':
-           nova_proxy_admin_pass => 'verysecrete',
+           rabbit_use_ssl        => false
-           rabbit_use_ssl        => false}"
+         }
         class { 'trove::conductor::service_credentials':
           password => 'verysecrete',
         }"
      end
      it do
@ -201,8 +222,10 @@ describe 'trove::conductor' do
    context 'with amqp messaging' do
      let :pre_condition do
-        "class { 'trove' :
+        "class { 'trove' : }
-           nova_proxy_admin_pass => 'verysecrete'}"
+         class { 'trove::conductor::service_credentials':
           password => 'verysecrete',
         }"
      end
      it do
--- a/spec/classes/trove_guestagent_service_credentials_spec.rb
+++ b/spec/classes/trove_guestagent_service_credentials_spec.rb
@ -0,0 +1,70 @@
 #
 # Copyright (C) 2020 Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 #
 require 'spec_helper'
 describe 'trove::guestagent::service_credentials' do
  shared_examples 'trove::guestagent::service_credentials' do
    context 'with default parameters' do
      let :params do
        { :password => 'verysecrete' }
      end
      it 'configures service credentials with default parameters' do
        is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
        is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove')
        is_expected.to contain_trove_guestagent_config('service_credentials/password').with_value('verysecrete').with_secret(true)
        is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services')
        is_expected.to contain_trove_guestagent_config('service_credentials/region_name').with_value('RegionOne')
        is_expected.to contain_trove_guestagent_config('service_credentials/user_domain_name').with_value('Default')
        is_expected.to contain_trove_guestagent_config('service_credentials/project_domain_name').with_value('Default')
      end
    end
    context 'when overriding defaults' do
      let :params do
        {
          :auth_url            => 'http://127.0.0.1:5000/v3',
          :password            => 'verysecrete',
          :username            => 'trove2',
          :project_name        => 'services2',
          :region_name         => 'RegionTwo',
          :user_domain_name    => 'MyDomain',
          :project_domain_name => 'MyDomain',
        }
      end
      it 'configures service credentials with default parameters' do
        is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
        is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove2')
        is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services2')
        is_expected.to contain_trove_guestagent_config('service_credentials/region_name').with_value('RegionTwo')
        is_expected.to contain_trove_guestagent_config('service_credentials/user_domain_name').with_value('MyDomain')
        is_expected.to contain_trove_guestagent_config('service_credentials/project_domain_name').with_value('MyDomain')
      end
    end
  end
  on_supported_os({
    :supported_os   => OSDefaults.get_supported_os
  }).each do |os,facts|
    context "on #{os}" do
      it_configures 'trove::guestagent::service_credentials'
    end
  end
 end
--- a/spec/classes/trove_guestagent_spec.rb
+++ b/spec/classes/trove_guestagent_spec.rb
@ -8,8 +8,17 @@ describe 'trove::guestagent' do
      let :pre_condition do
        "class { 'trove':
-         os_region_name        => 'RegionOne',
+           nova_proxy_admin_pass => 'verysecrete'
-         nova_proxy_admin_pass => 'verysecrete'}"
+         }
         class { 'trove::guestagent::service_credentials':
           password => 'verysectrete',
         }"
      end
      it 'includes required classes' do
        is_expected.to contain_class('trove::deps')
        is_expected.to contain_class('trove::params')
        is_expected.to contain_class('trove::guestagent::service_credentials')
      end
      it 'installs trove-guestagent package and service' do
@ -27,7 +36,6 @@ describe 'trove::guestagent' do
      end
      it 'configures trove-guestagent with default parameters' do
        is_expected.to contain_trove_guestagent_config('DEFAULT/os_region_name').with_value('RegionOne')
        is_expected.to contain_trove_guestagent_config('DEFAULT/control_exchange').with_value('trove')
        is_expected.to contain_trove_guestagent_config('DEFAULT/transport_url').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_guestagent_config('DEFAULT/rpc_response_timeout').with_value('<SERVICE DEFAULT>')
@ -64,6 +72,9 @@ describe 'trove::guestagent' do
        let :pre_condition do
          "class { 'trove':
             nova_proxy_admin_pass => 'verysecrete',
           }
           class { 'trove::guestagent::service_credentials':
             password => 'verysectrete',
           }"
        end
        it 'configures trove-guestagent with RabbitMQ' do
@ -78,6 +89,9 @@ describe 'trove::guestagent' do
             rabbit_ha_queues            => 'true',
             rabbit_heartbeat_in_pthread => 'true',
             amqp_durable_queues         => 'true',
           }
           class { 'trove::guestagent::service_credentials':
             password => 'verysectrete',
           }"
        end
        it 'configures trove-api with RabbitMQ' do
@ -92,6 +106,9 @@ describe 'trove::guestagent' do
          "class { 'trove':
             nova_proxy_admin_pass => 'verysecrete',
             rabbit_ha_queues      => true,
           }
           class { 'trove::guestagent::service_credentials':
             password => 'verysectrete',
           }"
        end
        it 'configures trove-guestagent with RabbitMQ' do
@ -105,7 +122,11 @@ describe 'trove::guestagent' do
             nova_proxy_admin_pass => 'verysecrete',
             default_transport_url => 'rabbit://user:pass@host:1234/virt',
             rpc_response_timeout  => '120',
-             control_exchange      => 'openstack',}"
+             control_exchange      => 'openstack',
           }
           class { 'trove::guestagent::service_credentials':
             password => 'verysectrete',
           }"
        end
        it 'configures trove-guestagent with DEFAULT/transport_url' do
          is_expected.to contain_trove_guestagent_config('DEFAULT/transport_url').with_value('rabbit://user:pass@host:1234/virt')
@ -119,18 +140,21 @@ describe 'trove::guestagent' do
    context 'with custom parameters' do
      let :pre_condition do
        "class { 'trove':
-         nova_proxy_admin_pass => 'verysecrete'}"
+           nova_proxy_admin_pass => 'verysecrete'
         }
         class { 'trove::guestagent::service_credentials':
          password => 'verysectrete',
         }"
      end
      let :params do
-        { :auth_url           => "http://10.0.0.1:5000/",
+        {
          :swift_url          => "http://10.0.0.1:8080/v1/AUTH_",
          :swift_service_type => 'object-store',
          :rabbit_use_ssl     => 'true'
        }
      end
      it 'configures trove-guestagent with custom parameters' do
        is_expected.to contain_trove_guestagent_config('DEFAULT/trove_auth_url').with_value('http://10.0.0.1:5000/v3')
        is_expected.to contain_trove_guestagent_config('DEFAULT/swift_url').with_value('http://10.0.0.1:8080/v1/AUTH_')
        is_expected.to contain_trove_guestagent_config('DEFAULT/swift_service_type').with_value('object-store')
        is_expected.to contain_oslo__messaging__rabbit('trove_guestagent_config').with(
--- a/spec/classes/trove_taskmanager_service_credentials_spec.rb
+++ b/spec/classes/trove_taskmanager_service_credentials_spec.rb
@ -0,0 +1,73 @@
 #
 # Copyright (C) 2020 Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 #
 require 'spec_helper'
 describe 'trove::taskmanager::service_credentials' do
  shared_examples 'trove::taskmanager::service_credentials' do
    context 'with default parameters' do
      let :params do
        {
          :auth_url => 'http://127.0.0.1:5000/v3',
          :password => 'verysecrete'
        }
      end
      it 'configures service credentials with default parameters' do
        is_expected.to contain_trove_taskmanager_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
        is_expected.to contain_trove_taskmanager_config('service_credentials/username').with_value('trove')
        is_expected.to contain_trove_taskmanager_config('service_credentials/password').with_value('verysecrete').with_secret(true)
        is_expected.to contain_trove_taskmanager_config('service_credentials/project_name').with_value('services')
        is_expected.to contain_trove_taskmanager_config('service_credentials/region_name').with_value('RegionOne')
        is_expected.to contain_trove_taskmanager_config('service_credentials/user_domain_name').with_value('Default')
        is_expected.to contain_trove_taskmanager_config('service_credentials/project_domain_name').with_value('Default')
      end
    end
    context 'when overriding defaults' do
      let :params do
        {
          :auth_url            => 'http://127.0.0.1:5000/v3',
          :password            => 'verysecrete',
          :username            => 'trove2',
          :project_name        => 'services2',
          :region_name         => 'RegionTwo',
          :user_domain_name    => 'MyDomain',
          :project_domain_name => 'MyDomain',
        }
      end
      it 'configures service credentials with default parameters' do
        is_expected.to contain_trove_taskmanager_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
        is_expected.to contain_trove_taskmanager_config('service_credentials/username').with_value('trove2')
        is_expected.to contain_trove_taskmanager_config('service_credentials/project_name').with_value('services2')
        is_expected.to contain_trove_taskmanager_config('service_credentials/region_name').with_value('RegionTwo')
        is_expected.to contain_trove_taskmanager_config('service_credentials/user_domain_name').with_value('MyDomain')
        is_expected.to contain_trove_taskmanager_config('service_credentials/project_domain_name').with_value('MyDomain')
      end
    end
  end
  on_supported_os({
    :supported_os   => OSDefaults.get_supported_os
  }).each do |os,facts|
    context "on #{os}" do
      it_configures 'trove::taskmanager::service_credentials'
    end
  end
 end
--- a/spec/classes/trove_taskmanager_spec.rb
+++ b/spec/classes/trove_taskmanager_spec.rb
@ -27,8 +27,6 @@ describe 'trove::taskmanager' do
      let :pre_condition do
        "class { 'trove':
         nova_proxy_admin_pass      => 'verysecrete',
         os_region_name             => 'RegionOne',
         nova_compute_service_type  => 'compute',
         cinder_service_type        => 'volume',
         swift_service_type         => 'object-store',
@ -40,9 +38,19 @@ describe 'trove::taskmanager' do
         trove_endpoint_type        => '<SERVICE DEFAULT>',
         glance_endpoint_type       => '<SERVICE DEFAULT>',
         neutron_endpoint_type      => '<SERVICE DEFAULT>',
         }
         class { 'trove::taskmanager::service_credentials':
           password    => 'verysecrete',
           region_name => 'RegionOne',
         }"
      end
      it 'includes required classes' do
        is_expected.to contain_class('trove::deps')
        is_expected.to contain_class('trove::params')
        is_expected.to contain_class('trove::taskmanager::service_credentials')
      end
      it 'installs trove-taskmanager package and service' do
        is_expected.to contain_service('trove-taskmanager').with(
          :name      => platform_params[:taskmanager_service_name],
@ -58,11 +66,7 @@ describe 'trove::taskmanager' do
      end
      it 'configures trove-taskmanager with default parameters' do
        is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_proxy_admin_user').with_value('admin')
        is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_proxy_admin_pass').with_value('verysecrete')
        is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_proxy_admin_tenant_name').with_value('admin')
        is_expected.to contain_trove_taskmanager_config('DEFAULT/default_neutron_networks').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_taskmanager_config('DEFAULT/os_region_name').with_value('RegionOne')
        is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_compute_service_type').with_value('compute')
        is_expected.to contain_trove_taskmanager_config('DEFAULT/cinder_service_type').with_value('volume')
        is_expected.to contain_trove_taskmanager_config('DEFAULT/swift_service_type').with_value('object-store')
@ -105,10 +109,13 @@ describe 'trove::taskmanager' do
      context 'when set use_guestagent_template to false' do
        let :pre_condition do
-           "class { 'trove':
+          "class { 'trove': }
-              nova_proxy_admin_pass => 'verysecrete',}
+           class { 'trove::taskmanager::service_credentials':
-            class { 'trove::taskmanager':
+             password => 'verysecrete',
-              use_guestagent_template => false,}"
+           }
           class { 'trove::taskmanager':
             use_guestagent_template => false,
           }"
        end
        it 'configures trove-taskmanager with trove::guestagent' do
          is_expected.to contain_class('trove::guestagent').with(
@ -121,8 +128,11 @@ describe 'trove::taskmanager' do
      context 'with single tenant mode enabled' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             single_tenant_mode    => 'true'
-             single_tenant_mode    => 'true'}
+           }
           class { 'trove::taskmanager::service_credentials':
             password => 'verysecrete',
           }
           class { 'trove::keystone::authtoken':
             password => 'a_big_secret',
           }"
@ -136,8 +146,9 @@ describe 'trove::taskmanager' do
      context 'when using a single RabbitMQ server' do
        let :pre_condition do
-          "class { 'trove':
+          "class { 'trove': }
-             nova_proxy_admin_pass => 'verysecrete',
+           class { 'trove::taskmanager::service_credentials':
             password => 'verysecrete',
           }
          "
        end
@ -153,9 +164,11 @@ describe 'trove::taskmanager' do
      context 'when using a single RabbitMQ server with enable rabbbit ha options' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             rabbit_ha_queues    => 'true',
-             rabbit_ha_queues      => 'true',
+             amqp_durable_queues => 'true',
-             amqp_durable_queues   => 'true',
+           }
           class { 'trove::taskmanager::service_credentials':
             password => 'verysecrete',
           }"
        end
        it 'configures trove-api with RabbitMQ' do
@ -171,8 +184,10 @@ describe 'trove::taskmanager' do
      context 'when using multiple RabbitMQ servers' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             rabbit_ha_queues => 'true',
-             rabbit_ha_queues      => 'true',
+           }
           class { 'trove::taskmanager::service_credentials':
             password => 'verysecrete',
           }"
        end
        it 'configures trove-taskmanager with RabbitMQ' do
@ -186,8 +201,11 @@ describe 'trove::taskmanager' do
      context 'when using MySQL' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             database_connection => 'mysql://trove:pass@10.0.0.1/trove'
-             database_connection   => 'mysql://trove:pass@10.0.0.1/trove'}"
+           }
           class { 'trove::taskmanager::service_credentials':
             password => 'verysecrete',
           }"
        end
        it 'configures trove-taskmanager with RabbitMQ' do
          is_expected.to contain_trove_taskmanager_config('database/connection').with_value('mysql://trove:pass@10.0.0.1/trove')
@ -197,8 +215,11 @@ describe 'trove::taskmanager' do
      context 'when using Neutron' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass    => 'verysecrete',
+             use_neutron => true
-             use_neutron              => true}
+           }
           class { 'trove::taskmanager::service_credentials':
             password => 'verysecrete',
           }
           class { 'trove::taskmanager':
             default_neutron_networks => 'trove_service',
           }
@ -220,8 +241,11 @@ describe 'trove::taskmanager' do
      context 'when using Nova Network' do
        let :pre_condition do
          "class { 'trove':
-             nova_proxy_admin_pass => 'verysecrete',
+             use_neutron           => false
-             use_neutron           => false}"
+           }
           class { 'trove::taskmanager::service_credentials':
             password => 'verysecrete',
           }"
        end
@ -238,12 +262,15 @@ describe 'trove::taskmanager' do
    context 'with SSL enabled with kombu' do
      let :pre_condition do
        "class { 'trove':
           nova_proxy_admin_pass => 'verysecrete',
           rabbit_use_ssl     => true,
           kombu_ssl_ca_certs => '/path/to/ssl/ca/certs',
           kombu_ssl_certfile => '/path/to/ssl/cert/file',
           kombu_ssl_keyfile  => '/path/to/ssl/keyfile',
-           kombu_ssl_version  => 'TLSv1'}"
+           kombu_ssl_version  => 'TLSv1'
         }
         class { 'trove::taskmanager::service_credentials':
           password => 'verysecrete',
         }"
      end
      it do
@ -260,8 +287,11 @@ describe 'trove::taskmanager' do
    context 'with SSL enabled without kombu' do
      let :pre_condition do
        "class { 'trove':
-           nova_proxy_admin_pass => 'verysecrete',
+           rabbit_use_ssl => true
-           rabbit_use_ssl        => true}"
+         }
         class { 'trove::taskmanager::service_credentials':
           password => 'verysecrete',
         }"
      end
      it do
@ -278,8 +308,11 @@ describe 'trove::taskmanager' do
    context 'with SSL disabled' do
      let :pre_condition do
        "class { 'trove':
-           nova_proxy_admin_pass => 'verysecrete',
+           rabbit_use_ssl  => false
-           rabbit_use_ssl        => false}"
+         }
         class { 'trove::taskmanager::service_credentials':
           password => 'verysecrete',
         }"
      end
      it do
@ -296,11 +329,14 @@ describe 'trove::taskmanager' do
    context 'with transport_url entries' do
      let :pre_condition do
        "class { 'trove':
           nova_proxy_admin_pass      => 'verysecrete',
           default_transport_url      => 'rabbit://rabbit_user:password@localhost:5673',
           rpc_response_timeout       => '120',
           control_exchange           => 'openstack',
-           notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' }"
+           notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673'
         }
         class { 'trove::taskmanager::service_credentials':
           password => 'verysecrete',
         }"
      end
      it do
@ -313,8 +349,10 @@ describe 'trove::taskmanager' do
    context 'with amqp messaging' do
      let :pre_condition do
-        "class { 'trove' :
+        "class { 'trove' : }
-           nova_proxy_admin_pass => 'verysecrete'}"
+         class { 'trove::taskmanager::service_credentials':
           password => 'verysecrete',
         }"
      end
      it do