openstack
/
puppet-trove
Code Issues Proposed changes

Use service credential parameters to define keystone v3 auth 

Change-Id: I67ac8b41365e1d6f90b8982659b9fd52744d2ad7
This commit is contained in:
Takashi Kajinami 2020-05-04 21:48:45 +09:00
parent 431016708a
commit 1d3bffd18b
19 changed files with 877 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
examples/site.pp
View File

@ -19,7 +19,22 @@ class { 'trove::db::mysql':
class { 'trove': class { 'trove':
database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8',
default_transport_url => 'rabbit://trove:an_even_bigger_secret@10.0.0.1:5672/trove', default_transport_url => 'rabbit://trove:an_even_bigger_secret@10.0.0.1:5672/trove',
nova_proxy_admin_pass => 'novapass', }
class { 'trove::api::service_credentials':
password => 'verysecrete',
}
class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}
class { 'trove::task_manager::service_credentials':
password => 'verysecrete',
}
class { 'trove::guestagent::service_credentials':
password => 'verysecrete',
} }
class { 'trove::api': class { 'trove::api':

25
manifests/api.pp
View File

@ -119,16 +119,14 @@ class trove::api(
include trove::db include trove::db
include trove::db::sync include trove::db::sync
include trove::params include trove::params
include trove::api::service_credentials
# basic service config # basic service config
trove_config { trove_config {
'DEFAULT/bind_host': value => $bind_host; 'DEFAULT/bind_host': value => $bind_host;
'DEFAULT/bind_port': value => $bind_port; 'DEFAULT/bind_port': value => $bind_port;
'DEFAULT/backlog': value => $backlog; 'DEFAULT/backlog': value => $backlog;
'DEFAULT/trove_api_workers': value => $workers; 'DEFAULT/trove_api_workers': value => $workers;
'DEFAULT/nova_proxy_admin_user': value => $::trove::nova_proxy_admin_user;
'DEFAULT/nova_proxy_admin_pass': value => $::trove::nova_proxy_admin_pass;
'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name;
} }
if $::trove::single_tenant_mode { if $::trove::single_tenant_mode {
@ -154,11 +152,6 @@ class trove::api(
if $auth_strategy == 'keystone' { if $auth_strategy == 'keystone' {
include trove::keystone::authtoken include trove::keystone::authtoken
$trove_auth_url = "${regsubst($::trove::keystone::authtoken::www_authenticate_uri, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
trove_config {
'DEFAULT/trove_auth_url' : value => $trove_auth_url;
}
} }
# SSL Options # SSL Options
@ -203,14 +196,6 @@ class trove::api(
purge => $purge_config, purge => $purge_config,
} }
# region name
if $::trove::os_region_name {
trove_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name }
}
else {
trove_config {'DEFAULT/os_region_name': ensure => absent }
}
# services type # services type
trove_config { trove_config {
'DEFAULT/nova_compute_service_type': value => $::trove::nova_compute_service_type; 'DEFAULT/nova_compute_service_type': value => $::trove::nova_compute_service_type;

71
manifests/api/service_credentials.pp Normal file
View File

@ -0,0 +1,71 @@
# The trove::api::service_credentials class helps configure auth settings
#
# == Parameters
# [*auth_url*]
# (optional) the keystone public endpoint
# Defaults to undef
#
# [*region_name*]
# (optional) the keystone region of this node
# Optional. Defaults to 'RegionOne'
#
# [*username*]
# (optional) the keystone user for trove services
# Defaults to 'trove'
#
# [*password*]
# (required) the keystone password for trove services
#
# [*project_name*]
# (optional) the keystone tenant name for trove services
# Defaults to 'services'
#
# [*project_domain_name*]
# (optional) the keystone project domain name for trove services
# Defaults to 'Default'
#
# [*user_domain_name*]
# (optional) the keystone user domain name for trove services
# Defaults to 'Default'
#
class trove::api::service_credentials (
$password = $::os_service_default,
$auth_url = undef,
$region_name = 'RegionOne',
$username = 'trove',
$project_name = 'services',
$project_domain_name = 'Default',
$user_domain_name = 'Default',
) {
include trove::deps
if $auth_url == undef {
warning('The auto detection of auth_url from www_authenticate_uri will be \
removed in a future release. Please set trove::api::service_credentials::auth_url .')
$auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3')
} else {
$auth_url_base = $auth_url
}
$auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
$username_real = pick($::trove::nova_proxy_admin_user, $username)
$password_real = pick($::trove::nova_proxy_admin_pass, $password)
$project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name)
$region_name_real = pick($::trove::os_region_name, $region_name)
if is_service_default($password_real) {
fail('trove::api::service_credentials::password should be set')
}
trove_config {
'service_credentials/auth_url': value => $auth_url_real;
'service_credentials/username': value => $username_real;
'service_credentials/password': value => $password_real, secret => true;
'service_credentials/project_name': value => $project_name_real;
'service_credentials/project_domain_name': value => $project_domain_name;
'service_credentials/user_domain_name': value => $user_domain_name;
'service_credentials/region_name': value => $region_name_real;
}
}

9
manifests/conductor.pp
View File

@ -76,6 +76,7 @@ class trove::conductor(
include trove::deps include trove::deps
include trove::params include trove::params
include trove::conductor::service_credentials
if $::trove::database_connection { if $::trove::database_connection {
if($::trove::database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) { if($::trove::database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
@ -95,14 +96,10 @@ class trove::conductor(
} }
# basic service config # basic service config
$trove_auth_url = "${regsubst($auth_url, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
trove_conductor_config { trove_conductor_config {
'DEFAULT/trove_auth_url': value => $trove_auth_url; 'DEFAULT/trove_conductor_workers': value => $workers;
'DEFAULT/nova_proxy_admin_user': value => $::trove::nova_proxy_admin_user;
'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name;
'DEFAULT/nova_proxy_admin_pass': value => $::trove::nova_proxy_admin_pass;
'DEFAULT/trove_conductor_workers': value => $workers;
} }
# profiler config # profiler config
trove_conductor_config { trove_conductor_config {
'profiler/enabled': value => $enable_profiler; 'profiler/enabled': value => $enable_profiler;

71
manifests/conductor/service_credentials.pp Normal file
View File

@ -0,0 +1,71 @@
# The trove::conductor::service_credentials class helps configure auth settings
#
# == Parameters
# [*auth_url*]
# (optional) the keystone public endpoint
# Defaults to undef
#
# [*region_name*]
# (optional) the keystone region of this node
# Optional. Defaults to 'RegionOne'
#
# [*username*]
# (optional) the keystone user for trove services
# Defaults to 'trove'
#
# [*password*]
# (required) the keystone password for trove services
#
# [*project_name*]
# (optional) the keystone tenant name for trove services
# Defaults to 'services'
#
# [*project_domain_name*]
# (optional) the keystone project domain name for trove services
# Defaults to 'Default'
#
# [*user_domain_name*]
# (optional) the keystone user domain name for trove services
# Defaults to 'Default'
#
class trove::conductor::service_credentials (
$password = $::os_service_default,
$auth_url = undef,
$region_name = 'RegionOne',
$username = 'trove',
$project_name = 'services',
$project_domain_name = 'Default',
$user_domain_name = 'Default',
) {
include trove::deps
if $auth_url == undef {
warning('The auto detection of auth_url from www_authenticate_uri will be \
removed in a future release. Please set trove::conductor::service_credentials::auth_url .')
$auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3')
} else {
$auth_url_base = $auth_url
}
$auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
$username_real = pick($::trove::nova_proxy_admin_user, $username)
$password_real = pick($::trove::nova_proxy_admin_pass, $password)
$project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name)
$region_name_real = pick($::trove::os_region_name, $region_name)
if is_service_default(password_real) {
fail('trove::conductor::service_credentials::password should be set')
}
trove_conductor_config {
'service_credentials/auth_url': value => $auth_url_real;
'service_credentials/username': value => $username_real;
'service_credentials/password': value => $password_real, secret => true;
'service_credentials/project_name': value => $project_name_real;
'service_credentials/project_domain_name': value => $project_domain_name;
'service_credentials/user_domain_name': value => $user_domain_name;
'service_credentials/region_name': value => $region_name_real;
}
}

34
manifests/guestagent.pp
View File

@ -38,10 +38,6 @@
# (optional) Syslog facility to receive log lines. # (optional) Syslog facility to receive log lines.
# Defaults to 'LOG_USER'. # Defaults to 'LOG_USER'.
# #
# [*auth_url*]
# (optional) Authentication URL.
# Defaults to 'http://localhost:5000/v3'.
#
# [*swift_url*] # [*swift_url*]
# (optional) Swift URL. If this is unset in the class, Trove will # (optional) Swift URL. If this is unset in the class, Trove will
# lookup the URL using the Keystone catalog. # lookup the URL using the Keystone catalog.
@ -64,12 +60,6 @@
# guests need to talk to the rabbit cluster via # guests need to talk to the rabbit cluster via
# a different ssl connection option. # a different ssl connection option.
# #
# [*backup_aes_cbc_key*]
# (optional) Default OpenSSL aes_cbc key
# Defaults to $::os_service_default.
#
# DEPRECATED PARAMETERS
#
# [*root_grant*] # [*root_grant*]
# (optional) Permissions to grant "root" user. # (optional) Permissions to grant "root" user.
# Defaults to $::os_service_default. # Defaults to $::os_service_default.
@ -82,10 +72,20 @@
# (optional) Default password Length for root password. # (optional) Default password Length for root password.
# Defaults to $::os_service_default. # Defaults to $::os_service_default.
# #
# [*backup_aes_cbc_key*]
# (optional) Default OpenSSL aes_cbc key
# Defaults to $::os_service_default.
#
# DEPRECATED PARAMETERS
#
# [*control_exchange*] # [*control_exchange*]
# (Optional) Moved to init.pp. The default exchange to scope topics. # (Optional) Moved to init.pp. The default exchange to scope topics.
# Defaults to undef. # Defaults to undef.
# #
# [*auth_url*]
# (optional) Authentication URL.
# Defaults to undef.
#
class trove::guestagent( class trove::guestagent(
$enabled = true, $enabled = true,
$manage_service = true, $manage_service = true,
@ -95,7 +95,6 @@ class trove::guestagent(
$log_dir = '/var/log/trove', $log_dir = '/var/log/trove',
$use_syslog = $::os_service_default, $use_syslog = $::os_service_default,
$log_facility = $::os_service_default, $log_facility = $::os_service_default,
$auth_url = 'http://localhost:5000/v3',
$swift_url = $::os_service_default, $swift_url = $::os_service_default,
$swift_service_type = $::os_service_default, $swift_service_type = $::os_service_default,
$default_transport_url = $::trove::default_transport_url, $default_transport_url = $::trove::default_transport_url,
@ -106,21 +105,20 @@ class trove::guestagent(
$backup_aes_cbc_key = $::os_service_default, $backup_aes_cbc_key = $::os_service_default,
#Deprecated #Deprecated
$control_exchange = undef, $control_exchange = undef,
$auth_url = undef,
) inherits trove { ) inherits trove {
include trove::deps include trove::deps
include trove::params include trove::params
include trove::guestagent::service_credentials
if $control_exchange { if $control_exchange {
warning("control_exchange parameter is deprecated. Please use \ warning("control_exchange parameter is deprecated. Please use \
trove::control_exchange instead.") trove::control_exchange instead.")
} }
$trove_auth_url = "${regsubst($auth_url, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
# basic service config # basic service config
trove_guestagent_config { trove_guestagent_config {
'DEFAULT/trove_auth_url': value => $trove_auth_url;
'DEFAULT/swift_url': value => $swift_url; 'DEFAULT/swift_url': value => $swift_url;
'DEFAULT/swift_service_type': value => $swift_service_type; 'DEFAULT/swift_service_type': value => $swift_service_type;
'DEFAULT/root_grant': value => $root_grant; 'DEFAULT/root_grant': value => $root_grant;
@ -135,14 +133,6 @@ trove::control_exchange instead.")
rpc_response_timeout => $::trove::rpc_response_timeout, rpc_response_timeout => $::trove::rpc_response_timeout,
} }
# region name
if $::trove::os_region_name {
trove_guestagent_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name }
}
else {
trove_guestagent_config { 'DEFAULT/os_region_name': ensure => absent }
}
oslo::messaging::notifications { 'trove_guestagent_config': oslo::messaging::notifications { 'trove_guestagent_config':
transport_url => $::trove::notification_transport_url, transport_url => $::trove::notification_transport_url,
driver => $::trove::notification_driver, driver => $::trove::notification_driver,

65
manifests/guestagent/service_credentials.pp Normal file
View File

@ -0,0 +1,65 @@
# The trove::guestagent::service_credentials class helps configure auth settings
#
# == Parameters
# [*auth_url*]
# (optional) the keystone public endpoint
# Defaults to undef
#
# [*region_name*]
# (optional) the keystone region of this node
# Optional. Defaults to 'RegionOne'
#
# [*username*]
# (optional) the keystone user for trove services
# Defaults to 'trove'
#
# [*password*]
# (required) the keystone password for trove services
#
# [*project_name*]
# (optional) the keystone tenant name for trove services
# Defaults to 'services'
#
# [*project_domain_name*]
# (optional) the keystone project domain name for trove services
# Defaults to 'Default'
#
# [*user_domain_name*]
# (optional) the keystone user domain name for trove services
# Defaults to 'Default'
#
class trove::guestagent::service_credentials (
$password = $::os_service_default,
$auth_url = 'http://127.0.0.1:5000/v3',
$region_name = 'RegionOne',
$username = 'trove',
$project_name = 'services',
$project_domain_name = 'Default',
$user_domain_name = 'Default',
) {
include trove::deps
$auth_url_base = pick($::trove::guestagent::auth_url, $auth_url)
$auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
$username_real = pick($::trove::nova_proxy_admin_user, $username)
$password_real = pick($::trove::nova_proxy_admin_pass, $password)
$project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name)
$region_name_real = pick($::trove::os_region_name, $region_name)
if is_service_default(password_real) {
fail('trove::guestagent::service_credentials::password should be set')
}
trove_guestagent_config {
'service_credentials/auth_url': value => $auth_url_real;
'service_credentials/username': value => $username_real;
'service_credentials/password': value => $password_real, secret => true;
'service_credentials/project_name': value => $project_name_real;
'service_credentials/project_domain_name': value => $project_domain_name;
'service_credentials/user_domain_name': value => $user_domain_name;
'service_credentials/region_name': value => $region_name_real;
}
}

45
manifests/init.pp
View File

@ -196,17 +196,6 @@
# (optional) URL without the tenant segment. # (optional) URL without the tenant segment.
# Defaults to false. # Defaults to false.
# #
# [*nova_proxy_admin_user*]
# (optional) Admin username used to connect to nova.
# Defaults to 'admin'
#
# [*nova_proxy_admin_pass*]
# (required) Admin password used to connect to nova.
#
# [*nova_proxy_admin_tenant_name*]
# (optional) Admin tenant name used to connect to nova.
# Defaults to 'admin'
#
# [*rpc_response_timeout*] # [*rpc_response_timeout*]
# (Optional) Seconds to wait for a response from a call. # (Optional) Seconds to wait for a response from a call.
# Defaults to $::os_service_default # Defaults to $::os_service_default
@ -227,13 +216,6 @@
# (optional) Neutron URL without the tenant segment. # (optional) Neutron URL without the tenant segment.
# Defaults to false. # Defaults to false.
# #
# [*os_region_name*]
# (optional) Sets the os_region_name flag. For environments with
# more than one endpoint per service. If you don't set this and
# you have multiple endpoints, you will get Ambiguous Endpoint
# exceptions in the trove API service.
# Defaults to undef.
#
# [*nova_compute_service_type*] # [*nova_compute_service_type*]
# (optional) Nova service type to use when searching catalog. # (optional) Nova service type to use when searching catalog.
# Defaults to 'compute'. # Defaults to 'compute'.
@ -296,8 +278,26 @@
# (optional) Minimum number of SQL connections to keep open in a pool. # (optional) Minimum number of SQL connections to keep open in a pool.
# Defaults to: undef. # Defaults to: undef.
# #
# [*nova_proxy_admin_user*]
# (optional) Admin username used to connect to nova.
# Defaults to undef
#
# [*nova_proxy_admin_pass*]
# (optional) Admin password used to connect to nova.
# Defaults to undef
#
# [*nova_proxy_admin_tenant_name*]
# (optional) Admin tenant name used to connect to nova.
# Defaults to undef
#
# [*os_region_name*]
# (optional) Sets the os_region_name flag. For environments with
# more than one endpoint per service. If you don't set this and
# you have multiple endpoints, you will get Ambiguous Endpoint
# exceptions in the trove API service.
# Defaults to undef.
#
class trove( class trove(
$nova_proxy_admin_pass,
$default_transport_url = $::os_service_default, $default_transport_url = $::os_service_default,
$notification_transport_url = $::os_service_default, $notification_transport_url = $::os_service_default,
$notification_driver = $::os_service_default, $notification_driver = $::os_service_default,
@ -337,14 +337,11 @@ class trove(
$database_max_overflow = undef, $database_max_overflow = undef,
$single_tenant_mode = false, $single_tenant_mode = false,
$nova_compute_url = false, $nova_compute_url = false,
$nova_proxy_admin_user = 'admin',
$nova_proxy_admin_tenant_name = 'admin',
$rpc_response_timeout = $::os_service_default, $rpc_response_timeout = $::os_service_default,
$control_exchange = 'trove', $control_exchange = 'trove',
$cinder_url = false, $cinder_url = false,
$swift_url = false, $swift_url = false,
$neutron_url = false, $neutron_url = false,
$os_region_name = undef,
$nova_compute_service_type = 'compute', $nova_compute_service_type = 'compute',
$cinder_service_type = 'volumev2', $cinder_service_type = 'volumev2',
$swift_service_type = 'object-store', $swift_service_type = 'object-store',
@ -361,6 +358,10 @@ class trove(
$package_ensure = 'present', $package_ensure = 'present',
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
$database_min_pool_size = undef, $database_min_pool_size = undef,
$nova_proxy_admin_user = undef,
$nova_proxy_admin_pass = undef,
$nova_proxy_admin_tenant_name = undef,
$os_region_name = undef,
) { ) {
include trove::deps include trove::deps

17
manifests/taskmanager.pp
View File

@ -107,6 +107,7 @@ class trove::taskmanager(
include trove::deps include trove::deps
include trove::params include trove::params
include trove::taskmanager::service_credentials
if $default_neutron_networks { if $default_neutron_networks {
warning("trove::taskmanager::default_neutron_networks is deprecated and will be removed in \ warning("trove::taskmanager::default_neutron_networks is deprecated and will be removed in \
@ -135,23 +136,9 @@ the future release. Please use trove::default_neutron_networks instead.")
} }
} }
$trove_auth_url = "${regsubst($auth_url, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
# basic service config # basic service config
trove_taskmanager_config { trove_taskmanager_config {
'DEFAULT/trove_auth_url': value => $trove_auth_url; 'DEFAULT/taskmanager_manager': value => $taskmanager_manager;
'DEFAULT/nova_proxy_admin_user': value => $::trove::nova_proxy_admin_user;
'DEFAULT/nova_proxy_admin_pass': value => $::trove::nova_proxy_admin_pass;
'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name;
'DEFAULT/taskmanager_manager': value => $taskmanager_manager;
}
# region name
if $::trove::os_region_name {
trove_taskmanager_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name }
}
else {
trove_taskmanager_config {'DEFAULT/os_region_name': ensure => absent }
} }
# services type # services type

71
manifests/taskmanager/service_credentials.pp Normal file
View File

@ -0,0 +1,71 @@
# The trove::taskmanager::service_credentials class helps configure auth settings
#
# == Parameters
# [*auth_url*]
# (optional) the keystone public endpoint
# Defaults to undef
#
# [*region_name*]
# (optional) the keystone region of this node
# Optional. Defaults to 'RegionOne'
#
# [*username*]
# (optional) the keystone user for trove services
# Defaults to 'trove'
#
# [*password*]
# (required) the keystone password for trove services
#
# [*project_name*]
# (optional) the keystone tenant name for trove services
# Defaults to 'services'
#
# [*project_domain_name*]
# (optional) the keystone project domain name for trove services
# Defaults to 'Default'
#
# [*user_domain_name*]
# (optional) the keystone user domain name for trove services
# Defaults to 'Default'
#
class trove::taskmanager::service_credentials (
$password = $::os_service_default,
$auth_url = undef,
$region_name = 'RegionOne',
$username = 'trove',
$project_name = 'services',
$project_domain_name = 'Default',
$user_domain_name = 'Default',
) {
include trove::deps
if $auth_url == undef {
warning('The auto detection of auth_url from www_authenticate_uri will be \
removed in a future release. Please set trove::taskmanager::service_credentials::auth_url .')
$auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3')
} else {
$auth_url_base = $auth_url
}
$auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
$username_real = pick($::trove::nova_proxy_admin_user, $username)
$password_real = pick($::trove::nova_proxy_admin_pass, $password)
$project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name)
$region_name_real = pick($::trove::os_region_name, $region_name)
if is_service_default($password_real) {
fail('trove::taskmanager::service_credentials::password should be set')
}
trove_taskmanager_config {
'service_credentials/auth_url': value => $auth_url_real;
'service_credentials/username': value => $username_real;
'service_credentials/password': value => $password_real, secret => true;
'service_credentials/project_name': value => $project_name_real;
'service_credentials/project_domain_name': value => $project_domain_name;
'service_credentials/user_domain_name': value => $user_domain_name;
'service_credentials/region_name': value => $region_name_real;
}
}

29
releasenotes/notes/keystone-v3-auth-1572c6fe82f65b8b.yaml Normal file
View File

@ -0,0 +1,29 @@
---
features:
- |
The following classes have been added to set parameters to define service
credentials.
- ``trove::api::service_credentials``
- ``trove::conductor::service_credentials``
- ``trove::guestagent::service_credentials``
- ``trove::taskmanager::service_credentials``
deprecations:
- |
The following parameters in ``trove`` class has been deprecated and will
be removed in a future release. Use the parameters in ``trove::auth`` class
to set required parameters for keystone v3 auth.
- ``nova_proxy_admin_user``
- ``nova_proxy_admin_pass``
- ``nova_proxy_admin_tenant_name``
- ``os_region_name``
- |
The auto detection of auth_url parameter from www_authenticate_uri is
deprecated and will be removed in a future release. Please set
auth_url parameter before the detection is removed.
- |
The ``trove::guestagent::auth_url`` parmaeter has been deprecated. Use
``trove::taskmanager::service_credentials::auth_url`` instead.

73
spec/classes/trove_api_service_credentials_spec.rb Normal file
View File

@ -0,0 +1,73 @@
#
# Copyright (C) 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'trove::api::service_credentials' do
shared_examples 'trove::api::service_credentials' do
context 'with default parameters' do
let :params do
{
:auth_url => 'http://127.0.0.1:5000/v3',
:password => 'verysecrete'
}
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_config('service_credentials/username').with_value('trove')
is_expected.to contain_trove_config('service_credentials/password').with_value('verysecrete').with_secret(true)
is_expected.to contain_trove_config('service_credentials/project_name').with_value('services')
is_expected.to contain_trove_config('service_credentials/region_name').with_value('RegionOne')
is_expected.to contain_trove_config('service_credentials/user_domain_name').with_value('Default')
is_expected.to contain_trove_config('service_credentials/project_domain_name').with_value('Default')
end
end
context 'when overriding defaults' do
let :params do
{
:auth_url => 'http://127.0.0.1:5000/v3',
:password => 'verysecrete',
:username => 'trove2',
:project_name => 'services2',
:region_name => 'RegionTwo',
:user_domain_name => 'MyDomain',
:project_domain_name => 'MyDomain',
}
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_config('service_credentials/username').with_value('trove2')
is_expected.to contain_trove_config('service_credentials/project_name').with_value('services2')
is_expected.to contain_trove_config('service_credentials/region_name').with_value('RegionTwo')
is_expected.to contain_trove_config('service_credentials/user_domain_name').with_value('MyDomain')
is_expected.to contain_trove_config('service_credentials/project_domain_name').with_value('MyDomain')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
it_configures 'trove::api::service_credentials'
end
end
end

115
spec/classes/trove_api_spec.rb
View File

@ -31,25 +31,34 @@ describe 'trove::api' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', nova_compute_service_type => 'compute',
os_region_name => 'RegionOne', cinder_service_type => 'volume',
nova_compute_service_type => 'compute', swift_service_type => 'object-store',
cinder_service_type => 'volume', neutron_service_type => 'network',
swift_service_type => 'object-store', glance_service_type => 'image',
neutron_service_type => 'network', nova_compute_endpoint_type => '<SERVICE DEFAULT>',
glance_service_type => 'image', cinder_endpoint_type => '<SERVICE DEFAULT>',
nova_compute_endpoint_type => '<SERVICE DEFAULT>', swift_endpoint_type => '<SERVICE DEFAULT>',
cinder_endpoint_type => '<SERVICE DEFAULT>', trove_endpoint_type => '<SERVICE DEFAULT>',
swift_endpoint_type => '<SERVICE DEFAULT>', glance_endpoint_type => '<SERVICE DEFAULT>',
trove_endpoint_type => '<SERVICE DEFAULT>', neutron_endpoint_type => '<SERVICE DEFAULT>',
glance_endpoint_type => '<SERVICE DEFAULT>', }
neutron_endpoint_type => '<SERVICE DEFAULT>', class { 'trove::api::service_credentials':
password => 'verysectrete',
} }
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
}" }"
end end
it 'includes required classes' do
is_expected.to contain_class('trove::deps')
is_expected.to contain_class('trove::db')
is_expected.to contain_class('trove::db::sync')
is_expected.to contain_class('trove::params')
is_expected.to contain_class('trove::api::service_credentials')
end
it 'installs trove-api package and service' do it 'installs trove-api package and service' do
is_expected.to contain_service('trove-api').with( is_expected.to contain_service('trove-api').with(
:name => platform_params[:api_service_name], :name => platform_params[:api_service_name],
@ -69,13 +78,8 @@ describe 'trove::api' do
is_expected.to contain_trove_config('DEFAULT/bind_port').with_value('8779') is_expected.to contain_trove_config('DEFAULT/bind_port').with_value('8779')
is_expected.to contain_trove_config('DEFAULT/backlog').with_value('4096') is_expected.to contain_trove_config('DEFAULT/backlog').with_value('4096')
is_expected.to contain_trove_config('DEFAULT/trove_api_workers').with_value('8') is_expected.to contain_trove_config('DEFAULT/trove_api_workers').with_value('8')
is_expected.to contain_trove_config('DEFAULT/trove_auth_url').with_value('http://localhost:5000/v3')
is_expected.to contain_trove_config('DEFAULT/nova_proxy_admin_user').with_value('admin')
is_expected.to contain_trove_config('DEFAULT/nova_proxy_admin_pass').with_value('verysecrete')
is_expected.to contain_trove_config('DEFAULT/nova_proxy_admin_tenant_name').with_value('admin')
is_expected.to contain_trove_config('DEFAULT/default_neutron_networks').with_value('<SERVICE DEFAULT>') is_expected.to contain_trove_config('DEFAULT/default_neutron_networks').with_value('<SERVICE DEFAULT>')
is_expected.to contain_trove_config('DEFAULT/control_exchange').with_value('trove') is_expected.to contain_trove_config('DEFAULT/control_exchange').with_value('trove')
is_expected.to contain_trove_config('DEFAULT/os_region_name').with_value('RegionOne')
is_expected.to contain_trove_config('DEFAULT/nova_compute_service_type').with_value('compute') is_expected.to contain_trove_config('DEFAULT/nova_compute_service_type').with_value('compute')
is_expected.to contain_trove_config('DEFAULT/cinder_service_type').with_value('volume') is_expected.to contain_trove_config('DEFAULT/cinder_service_type').with_value('volume')
is_expected.to contain_trove_config('DEFAULT/swift_service_type').with_value('object-store') is_expected.to contain_trove_config('DEFAULT/swift_service_type').with_value('object-store')
@ -152,8 +156,11 @@ describe 'trove::api' do
context 'with single tenant mode enabled' do context 'with single tenant mode enabled' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', single_tenant_mode => 'true'
single_tenant_mode => 'true'} }
class { 'trove::api::service_credentials':
password => 'verysecrete',
}
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
}" }"
@ -167,8 +174,9 @@ describe 'trove::api' do
context 'when using a single RabbitMQ server' do context 'when using a single RabbitMQ server' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove': }
nova_proxy_admin_pass => 'verysecrete', class { 'trove::api::service_credentials':
password => 'verysecrete',
} }
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
@ -183,13 +191,15 @@ describe 'trove::api' do
context 'when using a single RabbitMQ server with enable ha options' do context 'when using a single RabbitMQ server with enable ha options' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_ha_queues => 'true',
rabbit_ha_queues => 'true', amqp_durable_queues => 'true',
amqp_durable_queues => 'true',
} }
class { 'trove::keystone::authtoken': class { 'trove::api::service_credentials':
password => 'a_big_secret', password => 'verysecrete',
}" }
class { 'trove::keystone::authtoken':
password => 'a_big_secret',
}"
end end
it 'configures trove-api with RabbitMQ' do it 'configures trove-api with RabbitMQ' do
is_expected.to contain_trove_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value('true') is_expected.to contain_trove_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value('true')
@ -200,8 +210,10 @@ describe 'trove::api' do
context 'when using multiple RabbitMQ servers' do context 'when using multiple RabbitMQ servers' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_ha_queues => 'true',
rabbit_ha_queues => 'true', }
class { 'trove::api::service_credentials':
password => 'verysecrete',
} }
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
@ -215,10 +227,12 @@ describe 'trove::api' do
context 'when using Neutron' do context 'when using Neutron' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
use_neutron => true, use_neutron => true,
default_neutron_networks => 'trove_service', default_neutron_networks => 'trove_service',
} }
class { 'trove::api::service_credentials':
password => 'verysecrete',
}
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
}" }"
@ -237,8 +251,10 @@ describe 'trove::api' do
context 'when using Nova Network' do context 'when using Nova Network' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', use_neutron => false
use_neutron => false }
class { 'trove::api::service_credentials':
password => 'verysecrete',
} }
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
@ -260,12 +276,15 @@ describe 'trove::api' do
context 'with SSL enabled with kombu' do context 'with SSL enabled with kombu' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
rabbit_use_ssl => true, rabbit_use_ssl => true,
kombu_ssl_ca_certs => '/path/to/ssl/ca/certs', kombu_ssl_ca_certs => '/path/to/ssl/ca/certs',
kombu_ssl_certfile => '/path/to/ssl/cert/file', kombu_ssl_certfile => '/path/to/ssl/cert/file',
kombu_ssl_keyfile => '/path/to/ssl/keyfile', kombu_ssl_keyfile => '/path/to/ssl/keyfile',
kombu_ssl_version => 'TLSv1'} kombu_ssl_version => 'TLSv1'
}
class { 'trove::api::service_credentials':
password => 'verysecrete',
}
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
}" }"
@ -285,8 +304,11 @@ describe 'trove::api' do
context 'with SSL enabled without kombu' do context 'with SSL enabled without kombu' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_use_ssl => true
rabbit_use_ssl => true} }
class { 'trove::api::service_credentials':
password => 'verysecrete',
}
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
}" }"
@ -306,8 +328,11 @@ describe 'trove::api' do
context 'with SSL disabled' do context 'with SSL disabled' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_use_ssl => false
rabbit_use_ssl => false} }
class { 'trove::api::service_credentials':
password => 'verysecrete',
}
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
}" }"
@ -327,11 +352,14 @@ describe 'trove::api' do
context 'with transport_url entries' do context 'with transport_url entries' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
default_transport_url => 'rabbit://rabbit_user:password@localhost:5673', default_transport_url => 'rabbit://rabbit_user:password@localhost:5673',
rpc_response_timeout => '120', rpc_response_timeout => '120',
control_exchange => 'openstack', control_exchange => 'openstack',
notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' } notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673'
}
class { 'trove::api::service_credentials':
password => 'verysecrete',
}
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
}" }"
@ -347,8 +375,9 @@ describe 'trove::api' do
context 'with amqp rpc' do context 'with amqp rpc' do
let :pre_condition do let :pre_condition do
"class { 'trove' : "class { 'trove': }
nova_proxy_admin_pass => 'verysecrete', class { 'trove::api::service_credentials':
password => 'verysecrete',
} }
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',

73
spec/classes/trove_conductor_service_credentials_spec.rb Normal file
View File

@ -0,0 +1,73 @@
#
# Copyright (C) 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'trove::conductor::service_credentials' do
shared_examples 'trove::conductor::service_credentials' do
context 'with default parameters' do
let :params do
{
:auth_url => 'http://127.0.0.1:5000/v3',
:password => 'verysecrete'
}
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_conductor_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_conductor_config('service_credentials/username').with_value('trove')
is_expected.to contain_trove_conductor_config('service_credentials/password').with_value('verysecrete').with_secret(true)
is_expected.to contain_trove_conductor_config('service_credentials/project_name').with_value('services')
is_expected.to contain_trove_conductor_config('service_credentials/region_name').with_value('RegionOne')
is_expected.to contain_trove_conductor_config('service_credentials/user_domain_name').with_value('Default')
is_expected.to contain_trove_conductor_config('service_credentials/project_domain_name').with_value('Default')
end
end
context 'when overriding defaults' do
let :params do
{
:auth_url => 'http://127.0.0.1:5000/v3',
:password => 'verysecrete',
:username => 'trove2',
:project_name => 'services2',
:region_name => 'RegionTwo',
:user_domain_name => 'MyDomain',
:project_domain_name => 'MyDomain',
}
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_conductor_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_conductor_config('service_credentials/username').with_value('trove2')
is_expected.to contain_trove_conductor_config('service_credentials/project_name').with_value('services2')
is_expected.to contain_trove_conductor_config('service_credentials/region_name').with_value('RegionTwo')
is_expected.to contain_trove_conductor_config('service_credentials/user_domain_name').with_value('MyDomain')
is_expected.to contain_trove_conductor_config('service_credentials/project_domain_name').with_value('MyDomain')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
it_configures 'trove::conductor::service_credentials'
end
end
end

65
spec/classes/trove_conductor_spec.rb
View File

@ -7,8 +7,16 @@ describe 'trove::conductor' do
context 'with default parameters' do context 'with default parameters' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove': }
nova_proxy_admin_pass => 'verysecrete'}" class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}"
end
it 'includes required classes' do
is_expected.to contain_class('trove::deps')
is_expected.to contain_class('trove::params')
is_expected.to contain_class('trove::conductor::service_credentials')
end end
it 'installs trove-conductor package and service' do it 'installs trove-conductor package and service' do
@ -26,9 +34,6 @@ describe 'trove::conductor' do
end end
it 'configures trove-conductor with default parameters' do it 'configures trove-conductor with default parameters' do
is_expected.to contain_trove_conductor_config('DEFAULT/nova_proxy_admin_user').with_value('admin')
is_expected.to contain_trove_conductor_config('DEFAULT/nova_proxy_admin_pass').with_value('verysecrete')
is_expected.to contain_trove_conductor_config('DEFAULT/nova_proxy_admin_tenant_name').with_value('admin')
is_expected.to contain_trove_conductor_config('DEFAULT/transport_url').with_value('<SERVICE DEFAULT>') is_expected.to contain_trove_conductor_config('DEFAULT/transport_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_trove_conductor_config('DEFAULT/rpc_response_timeout').with_value('<SERVICE DEFAULT>') is_expected.to contain_trove_conductor_config('DEFAULT/rpc_response_timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_trove_conductor_config('DEFAULT/control_exchange').with_value('trove') is_expected.to contain_trove_conductor_config('DEFAULT/control_exchange').with_value('trove')
@ -60,8 +65,10 @@ describe 'trove::conductor' do
context 'with single tenant mode enabled' do context 'with single tenant mode enabled' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
single_tenant_mode => 'true'} single_tenant_mode => 'true'}
class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
}" }"
@ -75,8 +82,9 @@ describe 'trove::conductor' do
context 'when using a single RabbitMQ server' do context 'when using a single RabbitMQ server' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove': }
nova_proxy_admin_pass => 'verysecrete', class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}" }"
end end
it 'configures trove-conductor with RabbitMQ' do it 'configures trove-conductor with RabbitMQ' do
@ -88,9 +96,11 @@ describe 'trove::conductor' do
context 'when using a single RabbitMQ server with enable ha options' do context 'when using a single RabbitMQ server with enable ha options' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_ha_queues => 'true',
rabbit_ha_queues => 'true', amqp_durable_queues => 'true',
amqp_durable_queues => 'true', }
class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}" }"
end end
it 'configures trove-api with RabbitMQ' do it 'configures trove-api with RabbitMQ' do
@ -102,8 +112,10 @@ describe 'trove::conductor' do
context 'when using multiple RabbitMQ servers' do context 'when using multiple RabbitMQ servers' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_ha_queues => true,
rabbit_ha_queues => true, }
class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}" }"
end end
it 'configures trove-conductor with RabbitMQ' do it 'configures trove-conductor with RabbitMQ' do
@ -114,8 +126,11 @@ describe 'trove::conductor' do
context 'when using MySQL' do context 'when using MySQL' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', database_connection => 'mysql://trove:pass@10.0.0.1/trove'
database_connection => 'mysql://trove:pass@10.0.0.1/trove'}" }
class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}"
end end
it 'configures trove-conductor with RabbitMQ' do it 'configures trove-conductor with RabbitMQ' do
is_expected.to contain_trove_conductor_config('database/connection').with_value('mysql://trove:pass@10.0.0.1/trove') is_expected.to contain_trove_conductor_config('database/connection').with_value('mysql://trove:pass@10.0.0.1/trove')
@ -148,8 +163,11 @@ describe 'trove::conductor' do
context 'with SSL enabled without kombu' do context 'with SSL enabled without kombu' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_use_ssl => true
rabbit_use_ssl => true}" }
class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}"
end end
it do it do
@ -166,8 +184,11 @@ describe 'trove::conductor' do
context 'with SSL disabled' do context 'with SSL disabled' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_use_ssl => false
rabbit_use_ssl => false}" }
class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}"
end end
it do it do
@ -201,8 +222,10 @@ describe 'trove::conductor' do
context 'with amqp messaging' do context 'with amqp messaging' do
let :pre_condition do let :pre_condition do
"class { 'trove' : "class { 'trove' : }
nova_proxy_admin_pass => 'verysecrete'}" class { 'trove::conductor::service_credentials':
password => 'verysecrete',
}"
end end
it do it do

70
spec/classes/trove_guestagent_service_credentials_spec.rb Normal file
View File

@ -0,0 +1,70 @@
#
# Copyright (C) 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'trove::guestagent::service_credentials' do
shared_examples 'trove::guestagent::service_credentials' do
context 'with default parameters' do
let :params do
{ :password => 'verysecrete' }
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove')
is_expected.to contain_trove_guestagent_config('service_credentials/password').with_value('verysecrete').with_secret(true)
is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services')
is_expected.to contain_trove_guestagent_config('service_credentials/region_name').with_value('RegionOne')
is_expected.to contain_trove_guestagent_config('service_credentials/user_domain_name').with_value('Default')
is_expected.to contain_trove_guestagent_config('service_credentials/project_domain_name').with_value('Default')
end
end
context 'when overriding defaults' do
let :params do
{
:auth_url => 'http://127.0.0.1:5000/v3',
:password => 'verysecrete',
:username => 'trove2',
:project_name => 'services2',
:region_name => 'RegionTwo',
:user_domain_name => 'MyDomain',
:project_domain_name => 'MyDomain',
}
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove2')
is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services2')
is_expected.to contain_trove_guestagent_config('service_credentials/region_name').with_value('RegionTwo')
is_expected.to contain_trove_guestagent_config('service_credentials/user_domain_name').with_value('MyDomain')
is_expected.to contain_trove_guestagent_config('service_credentials/project_domain_name').with_value('MyDomain')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
it_configures 'trove::guestagent::service_credentials'
end
end
end

38
spec/classes/trove_guestagent_spec.rb
View File

@ -8,8 +8,17 @@ describe 'trove::guestagent' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
os_region_name => 'RegionOne', nova_proxy_admin_pass => 'verysecrete'
nova_proxy_admin_pass => 'verysecrete'}" }
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
end
it 'includes required classes' do
is_expected.to contain_class('trove::deps')
is_expected.to contain_class('trove::params')
is_expected.to contain_class('trove::guestagent::service_credentials')
end end
it 'installs trove-guestagent package and service' do it 'installs trove-guestagent package and service' do
@ -27,7 +36,6 @@ describe 'trove::guestagent' do
end end
it 'configures trove-guestagent with default parameters' do it 'configures trove-guestagent with default parameters' do
is_expected.to contain_trove_guestagent_config('DEFAULT/os_region_name').with_value('RegionOne')
is_expected.to contain_trove_guestagent_config('DEFAULT/control_exchange').with_value('trove') is_expected.to contain_trove_guestagent_config('DEFAULT/control_exchange').with_value('trove')
is_expected.to contain_trove_guestagent_config('DEFAULT/transport_url').with_value('<SERVICE DEFAULT>') is_expected.to contain_trove_guestagent_config('DEFAULT/transport_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_trove_guestagent_config('DEFAULT/rpc_response_timeout').with_value('<SERVICE DEFAULT>') is_expected.to contain_trove_guestagent_config('DEFAULT/rpc_response_timeout').with_value('<SERVICE DEFAULT>')
@ -64,6 +72,9 @@ describe 'trove::guestagent' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', nova_proxy_admin_pass => 'verysecrete',
}
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}" }"
end end
it 'configures trove-guestagent with RabbitMQ' do it 'configures trove-guestagent with RabbitMQ' do
@ -78,6 +89,9 @@ describe 'trove::guestagent' do
rabbit_ha_queues => 'true', rabbit_ha_queues => 'true',
rabbit_heartbeat_in_pthread => 'true', rabbit_heartbeat_in_pthread => 'true',
amqp_durable_queues => 'true', amqp_durable_queues => 'true',
}
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}" }"
end end
it 'configures trove-api with RabbitMQ' do it 'configures trove-api with RabbitMQ' do
@ -92,6 +106,9 @@ describe 'trove::guestagent' do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', nova_proxy_admin_pass => 'verysecrete',
rabbit_ha_queues => true, rabbit_ha_queues => true,
}
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}" }"
end end
it 'configures trove-guestagent with RabbitMQ' do it 'configures trove-guestagent with RabbitMQ' do
@ -105,7 +122,11 @@ describe 'trove::guestagent' do
nova_proxy_admin_pass => 'verysecrete', nova_proxy_admin_pass => 'verysecrete',
default_transport_url => 'rabbit://user:pass@host:1234/virt', default_transport_url => 'rabbit://user:pass@host:1234/virt',
rpc_response_timeout => '120', rpc_response_timeout => '120',
control_exchange => 'openstack',}" control_exchange => 'openstack',
}
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
end end
it 'configures trove-guestagent with DEFAULT/transport_url' do it 'configures trove-guestagent with DEFAULT/transport_url' do
is_expected.to contain_trove_guestagent_config('DEFAULT/transport_url').with_value('rabbit://user:pass@host:1234/virt') is_expected.to contain_trove_guestagent_config('DEFAULT/transport_url').with_value('rabbit://user:pass@host:1234/virt')
@ -119,18 +140,21 @@ describe 'trove::guestagent' do
context 'with custom parameters' do context 'with custom parameters' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete'}" nova_proxy_admin_pass => 'verysecrete'
}
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
end end
let :params do let :params do
{ :auth_url => "http://10.0.0.1:5000/", {
:swift_url => "http://10.0.0.1:8080/v1/AUTH_", :swift_url => "http://10.0.0.1:8080/v1/AUTH_",
:swift_service_type => 'object-store', :swift_service_type => 'object-store',
:rabbit_use_ssl => 'true' :rabbit_use_ssl => 'true'
} }
end end
it 'configures trove-guestagent with custom parameters' do it 'configures trove-guestagent with custom parameters' do
is_expected.to contain_trove_guestagent_config('DEFAULT/trove_auth_url').with_value('http://10.0.0.1:5000/v3')
is_expected.to contain_trove_guestagent_config('DEFAULT/swift_url').with_value('http://10.0.0.1:8080/v1/AUTH_') is_expected.to contain_trove_guestagent_config('DEFAULT/swift_url').with_value('http://10.0.0.1:8080/v1/AUTH_')
is_expected.to contain_trove_guestagent_config('DEFAULT/swift_service_type').with_value('object-store') is_expected.to contain_trove_guestagent_config('DEFAULT/swift_service_type').with_value('object-store')
is_expected.to contain_oslo__messaging__rabbit('trove_guestagent_config').with( is_expected.to contain_oslo__messaging__rabbit('trove_guestagent_config').with(

73
spec/classes/trove_taskmanager_service_credentials_spec.rb Normal file
View File

@ -0,0 +1,73 @@
#
# Copyright (C) 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'trove::taskmanager::service_credentials' do
shared_examples 'trove::taskmanager::service_credentials' do
context 'with default parameters' do
let :params do
{
:auth_url => 'http://127.0.0.1:5000/v3',
:password => 'verysecrete'
}
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_taskmanager_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_taskmanager_config('service_credentials/username').with_value('trove')
is_expected.to contain_trove_taskmanager_config('service_credentials/password').with_value('verysecrete').with_secret(true)
is_expected.to contain_trove_taskmanager_config('service_credentials/project_name').with_value('services')
is_expected.to contain_trove_taskmanager_config('service_credentials/region_name').with_value('RegionOne')
is_expected.to contain_trove_taskmanager_config('service_credentials/user_domain_name').with_value('Default')
is_expected.to contain_trove_taskmanager_config('service_credentials/project_domain_name').with_value('Default')
end
end
context 'when overriding defaults' do
let :params do
{
:auth_url => 'http://127.0.0.1:5000/v3',
:password => 'verysecrete',
:username => 'trove2',
:project_name => 'services2',
:region_name => 'RegionTwo',
:user_domain_name => 'MyDomain',
:project_domain_name => 'MyDomain',
}
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_taskmanager_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_taskmanager_config('service_credentials/username').with_value('trove2')
is_expected.to contain_trove_taskmanager_config('service_credentials/project_name').with_value('services2')
is_expected.to contain_trove_taskmanager_config('service_credentials/region_name').with_value('RegionTwo')
is_expected.to contain_trove_taskmanager_config('service_credentials/user_domain_name').with_value('MyDomain')
is_expected.to contain_trove_taskmanager_config('service_credentials/project_domain_name').with_value('MyDomain')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
it_configures 'trove::taskmanager::service_credentials'
end
end
end

108
spec/classes/trove_taskmanager_spec.rb
View File

@ -27,8 +27,6 @@ describe 'trove::taskmanager' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
os_region_name => 'RegionOne',
nova_compute_service_type => 'compute', nova_compute_service_type => 'compute',
cinder_service_type => 'volume', cinder_service_type => 'volume',
swift_service_type => 'object-store', swift_service_type => 'object-store',
@ -40,9 +38,19 @@ describe 'trove::taskmanager' do
trove_endpoint_type => '<SERVICE DEFAULT>', trove_endpoint_type => '<SERVICE DEFAULT>',
glance_endpoint_type => '<SERVICE DEFAULT>', glance_endpoint_type => '<SERVICE DEFAULT>',
neutron_endpoint_type => '<SERVICE DEFAULT>', neutron_endpoint_type => '<SERVICE DEFAULT>',
}
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
region_name => 'RegionOne',
}" }"
end end
it 'includes required classes' do
is_expected.to contain_class('trove::deps')
is_expected.to contain_class('trove::params')
is_expected.to contain_class('trove::taskmanager::service_credentials')
end
it 'installs trove-taskmanager package and service' do it 'installs trove-taskmanager package and service' do
is_expected.to contain_service('trove-taskmanager').with( is_expected.to contain_service('trove-taskmanager').with(
:name => platform_params[:taskmanager_service_name], :name => platform_params[:taskmanager_service_name],
@ -58,11 +66,7 @@ describe 'trove::taskmanager' do
end end
it 'configures trove-taskmanager with default parameters' do it 'configures trove-taskmanager with default parameters' do
is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_proxy_admin_user').with_value('admin')
is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_proxy_admin_pass').with_value('verysecrete')
is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_proxy_admin_tenant_name').with_value('admin')
is_expected.to contain_trove_taskmanager_config('DEFAULT/default_neutron_networks').with_value('<SERVICE DEFAULT>') is_expected.to contain_trove_taskmanager_config('DEFAULT/default_neutron_networks').with_value('<SERVICE DEFAULT>')
is_expected.to contain_trove_taskmanager_config('DEFAULT/os_region_name').with_value('RegionOne')
is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_compute_service_type').with_value('compute') is_expected.to contain_trove_taskmanager_config('DEFAULT/nova_compute_service_type').with_value('compute')
is_expected.to contain_trove_taskmanager_config('DEFAULT/cinder_service_type').with_value('volume') is_expected.to contain_trove_taskmanager_config('DEFAULT/cinder_service_type').with_value('volume')
is_expected.to contain_trove_taskmanager_config('DEFAULT/swift_service_type').with_value('object-store') is_expected.to contain_trove_taskmanager_config('DEFAULT/swift_service_type').with_value('object-store')
@ -105,10 +109,13 @@ describe 'trove::taskmanager' do
context 'when set use_guestagent_template to false' do context 'when set use_guestagent_template to false' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove': }
nova_proxy_admin_pass => 'verysecrete',} class { 'trove::taskmanager::service_credentials':
class { 'trove::taskmanager': password => 'verysecrete',
use_guestagent_template => false,}" }
class { 'trove::taskmanager':
use_guestagent_template => false,
}"
end end
it 'configures trove-taskmanager with trove::guestagent' do it 'configures trove-taskmanager with trove::guestagent' do
is_expected.to contain_class('trove::guestagent').with( is_expected.to contain_class('trove::guestagent').with(
@ -121,8 +128,11 @@ describe 'trove::taskmanager' do
context 'with single tenant mode enabled' do context 'with single tenant mode enabled' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', single_tenant_mode => 'true'
single_tenant_mode => 'true'} }
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
}" }"
@ -136,8 +146,9 @@ describe 'trove::taskmanager' do
context 'when using a single RabbitMQ server' do context 'when using a single RabbitMQ server' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove': }
nova_proxy_admin_pass => 'verysecrete', class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
} }
" "
end end
@ -153,9 +164,11 @@ describe 'trove::taskmanager' do
context 'when using a single RabbitMQ server with enable rabbbit ha options' do context 'when using a single RabbitMQ server with enable rabbbit ha options' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_ha_queues => 'true',
rabbit_ha_queues => 'true', amqp_durable_queues => 'true',
amqp_durable_queues => 'true', }
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}" }"
end end
it 'configures trove-api with RabbitMQ' do it 'configures trove-api with RabbitMQ' do
@ -171,8 +184,10 @@ describe 'trove::taskmanager' do
context 'when using multiple RabbitMQ servers' do context 'when using multiple RabbitMQ servers' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_ha_queues => 'true',
rabbit_ha_queues => 'true', }
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}" }"
end end
it 'configures trove-taskmanager with RabbitMQ' do it 'configures trove-taskmanager with RabbitMQ' do
@ -186,8 +201,11 @@ describe 'trove::taskmanager' do
context 'when using MySQL' do context 'when using MySQL' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', database_connection => 'mysql://trove:pass@10.0.0.1/trove'
database_connection => 'mysql://trove:pass@10.0.0.1/trove'}" }
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}"
end end
it 'configures trove-taskmanager with RabbitMQ' do it 'configures trove-taskmanager with RabbitMQ' do
is_expected.to contain_trove_taskmanager_config('database/connection').with_value('mysql://trove:pass@10.0.0.1/trove') is_expected.to contain_trove_taskmanager_config('database/connection').with_value('mysql://trove:pass@10.0.0.1/trove')
@ -197,8 +215,11 @@ describe 'trove::taskmanager' do
context 'when using Neutron' do context 'when using Neutron' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', use_neutron => true
use_neutron => true} }
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}
class { 'trove::taskmanager': class { 'trove::taskmanager':
default_neutron_networks => 'trove_service', default_neutron_networks => 'trove_service',
} }
@ -220,8 +241,11 @@ describe 'trove::taskmanager' do
context 'when using Nova Network' do context 'when using Nova Network' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', use_neutron => false
use_neutron => false}" }
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}"
end end
@ -238,12 +262,15 @@ describe 'trove::taskmanager' do
context 'with SSL enabled with kombu' do context 'with SSL enabled with kombu' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
rabbit_use_ssl => true, rabbit_use_ssl => true,
kombu_ssl_ca_certs => '/path/to/ssl/ca/certs', kombu_ssl_ca_certs => '/path/to/ssl/ca/certs',
kombu_ssl_certfile => '/path/to/ssl/cert/file', kombu_ssl_certfile => '/path/to/ssl/cert/file',
kombu_ssl_keyfile => '/path/to/ssl/keyfile', kombu_ssl_keyfile => '/path/to/ssl/keyfile',
kombu_ssl_version => 'TLSv1'}" kombu_ssl_version => 'TLSv1'
}
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}"
end end
it do it do
@ -260,8 +287,11 @@ describe 'trove::taskmanager' do
context 'with SSL enabled without kombu' do context 'with SSL enabled without kombu' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_use_ssl => true
rabbit_use_ssl => true}" }
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}"
end end
it do it do
@ -278,8 +308,11 @@ describe 'trove::taskmanager' do
context 'with SSL disabled' do context 'with SSL disabled' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete', rabbit_use_ssl => false
rabbit_use_ssl => false}" }
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}"
end end
it do it do
@ -296,11 +329,14 @@ describe 'trove::taskmanager' do
context 'with transport_url entries' do context 'with transport_url entries' do
let :pre_condition do let :pre_condition do
"class { 'trove': "class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
default_transport_url => 'rabbit://rabbit_user:password@localhost:5673', default_transport_url => 'rabbit://rabbit_user:password@localhost:5673',
rpc_response_timeout => '120', rpc_response_timeout => '120',
control_exchange => 'openstack', control_exchange => 'openstack',
notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' }" notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673'
}
class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}"
end end
it do it do
@ -313,8 +349,10 @@ describe 'trove::taskmanager' do
context 'with amqp messaging' do context 'with amqp messaging' do
let :pre_condition do let :pre_condition do
"class { 'trove' : "class { 'trove' : }
nova_proxy_admin_pass => 'verysecrete'}" class { 'trove::taskmanager::service_credentials':
password => 'verysecrete',
}"
end end
it do it do