diff --git a/manifests/api.pp b/manifests/api.pp index 2dee00a1..70387403 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -128,7 +128,9 @@ class trove::api( include trove::deps include trove::db include trove::db::sync - include trove::api::service_credentials + if (!defined(Class[trove::service_credentials])) { + include trove::api::service_credentials + } # basic service config trove_config { diff --git a/manifests/api/service_credentials.pp b/manifests/api/service_credentials.pp index 6f9562f6..9836572d 100644 --- a/manifests/api/service_credentials.pp +++ b/manifests/api/service_credentials.pp @@ -46,23 +46,17 @@ class trove::api::service_credentials ( include trove::deps - if is_service_default($system_scope) { - $project_name_real = $project_name - $project_domain_name_real = $project_domain_name - } else { - $project_name_real = $facts['os_service_default'] - $project_domain_name_real = $facts['os_service_default'] - } + warning("The trove::api::service_credentials class is deprecated. \ +Use the trove::service_credentials class instead.") - trove_config { - 'service_credentials/auth_url': value => $auth_url; - 'service_credentials/username': value => $username; - 'service_credentials/password': value => $password, secret => true; - 'service_credentials/project_name': value => $project_name_real; - 'service_credentials/project_domain_name': value => $project_domain_name_real; - 'service_credentials/system_scope': value => $system_scope; - 'service_credentials/user_domain_name': value => $user_domain_name; - 'service_credentials/region_name': value => $region_name; + class { 'trove::service_credentials': + password => $password, + auth_url => $auth_url, + region_name => $region_name, + username => $username, + project_name => $project_name, + project_domain_name => $project_domain_name, + user_domain_name => $user_domain_name, + system_scope => $system_scope, } - } diff --git a/manifests/service_credentials.pp b/manifests/service_credentials.pp new file mode 100644 index 00000000..3d67c922 --- /dev/null +++ b/manifests/service_credentials.pp @@ -0,0 +1,68 @@ +# The trove::service_credentials class helps configure auth settings +# +# == Parameters +# +# [*password*] +# (required) the keystone password for trove services +# +# [*auth_url*] +# (optional) the keystone public endpoint +# Defaults to 'http://127.0.0.1:5000' +# +# [*region_name*] +# (optional) the keystone region of this node +# Defaults to 'RegionOne' +# +# [*username*] +# (optional) the keystone user for trove services +# Defaults to 'trove' +# +# [*project_name*] +# (optional) the keystone tenant name for trove services +# Defaults to 'services' +# +# [*project_domain_name*] +# (optional) the keystone project domain name for trove services +# Defaults to 'Default' +# +# [*user_domain_name*] +# (optional) the keystone user domain name for trove services +# Defaults to 'Default' +# +# [*system_scope*] +# (optional) Scope for system operations. +# Defaults to $facts['os_service_default'] +# +class trove::service_credentials ( + $password, + $auth_url = 'http://127.0.0.1:5000', + $region_name = 'RegionOne', + $username = 'trove', + $project_name = 'services', + $project_domain_name = 'Default', + $user_domain_name = 'Default', + $system_scope = $facts['os_service_default'], +) { + + include trove::deps + + if is_service_default($system_scope) { + $project_name_real = $project_name + $project_domain_name_real = $project_domain_name + } else { + $project_name_real = $facts['os_service_default'] + $project_domain_name_real = $facts['os_service_default'] + } + + trove_config { + 'service_credentials/auth_url': value => $auth_url; + 'service_credentials/username': value => $username; + 'service_credentials/password': value => $password, secret => true; + 'service_credentials/project_name': value => $project_name_real; + 'service_credentials/project_domain_name': value => $project_domain_name_real; + 'service_credentials/system_scope': value => $system_scope; + 'service_credentials/user_domain_name': value => $user_domain_name; + 'service_credentials/region_name': value => $region_name; + } + +} diff --git a/releasenotes/notes/deprecate-api-service_credentials-a988f20f56a499e4.yaml b/releasenotes/notes/deprecate-api-service_credentials-a988f20f56a499e4.yaml new file mode 100644 index 00000000..ff04f0d9 --- /dev/null +++ b/releasenotes/notes/deprecate-api-service_credentials-a988f20f56a499e4.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + The ``trove::api::service_credentials`` class has been deprecated. Use + the ``trove::service_credentials`` class instead. diff --git a/spec/classes/trove_service_credentials_spec.rb b/spec/classes/trove_service_credentials_spec.rb new file mode 100644 index 00000000..2c74e250 --- /dev/null +++ b/spec/classes/trove_service_credentials_spec.rb @@ -0,0 +1,90 @@ +# +# Copyright (C) 2020 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +require 'spec_helper' + +describe 'trove::service_credentials' do + + shared_examples 'trove::service_credentials' do + + let :params do + { + :password => 'verysecrete' + } + end + + context 'with default parameters' do + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000') + is_expected.to contain_trove_config('service_credentials/username').with_value('trove') + is_expected.to contain_trove_config('service_credentials/password').with_value('verysecrete').with_secret(true) + is_expected.to contain_trove_config('service_credentials/project_name').with_value('services') + is_expected.to contain_trove_config('service_credentials/region_name').with_value('RegionOne') + is_expected.to contain_trove_config('service_credentials/user_domain_name').with_value('Default') + is_expected.to contain_trove_config('service_credentials/project_domain_name').with_value('Default') + is_expected.to contain_trove_config('service_credentials/system_scope').with_value('') + end + end + + context 'when overriding defaults' do + before do + params.merge!({ + :auth_url => 'http://localhost:5000', + :username => 'trove2', + :project_name => 'services2', + :region_name => 'RegionTwo', + :user_domain_name => 'MyDomain', + :project_domain_name => 'MyDomain', + }) + end + + it 'configures service credentials with default parameters' do + is_expected.to contain_trove_config('service_credentials/auth_url').with_value('http://localhost:5000') + is_expected.to contain_trove_config('service_credentials/username').with_value('trove2') + is_expected.to contain_trove_config('service_credentials/project_name').with_value('services2') + is_expected.to contain_trove_config('service_credentials/region_name').with_value('RegionTwo') + is_expected.to contain_trove_config('service_credentials/user_domain_name').with_value('MyDomain') + is_expected.to contain_trove_config('service_credentials/project_domain_name').with_value('MyDomain') + is_expected.to contain_trove_config('service_credentials/system_scope').with_value('') + end + end + + context 'when system_scope is set' do + before do + params.merge!( + :system_scope => 'all' + ) + end + it 'configures system-scoped credential' do + is_expected.to contain_trove_config('service_credentials/project_domain_name').with_value('') + is_expected.to contain_trove_config('service_credentials/project_name').with_value('') + is_expected.to contain_trove_config('service_credentials/system_scope').with_value('all') + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + context "on #{os}" do + it_configures 'trove::service_credentials' + end + end + +end