From 967522885aa987f204129ea8919c2d0779bc9aca Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Fri, 4 Mar 2022 08:14:31 +0900 Subject: [PATCH] Clean up deprecated keystone v2 parameters ... and automated detection of auth_url parameter. These were deprecated during the Ussuri cycle[1]. [1] 1d3bffd18b903aba95e5590b3c8444334d21a656 Depends-on: https://review.opendev.org/823886 Change-Id: I8304a0fd3bcabaf236a03c98f368b35842c7bff1 --- manifests/api/service_credentials.pp | 45 ++++++----------- manifests/guestagent.pp | 5 -- manifests/guestagent/service_credentials.pp | 39 ++++++--------- manifests/init.pp | 23 --------- ...e-keystone-v2-params-047438374b04606d.yaml | 18 +++++++ ...ove_guestagent_service_credentials_spec.rb | 6 +-- spec/classes/trove_guestagent_spec.rb | 48 ++++++++++--------- spec/classes/trove_init_spec.rb | 2 +- spec/classes/trove_taskmanager_spec.rb | 6 +++ 9 files changed, 82 insertions(+), 110 deletions(-) create mode 100644 releasenotes/notes/remove-keystone-v2-params-047438374b04606d.yaml diff --git a/manifests/api/service_credentials.pp b/manifests/api/service_credentials.pp index f4b21fca..d3289a1c 100644 --- a/manifests/api/service_credentials.pp +++ b/manifests/api/service_credentials.pp @@ -1,21 +1,22 @@ # The trove::api::service_credentials class helps configure auth settings # # == Parameters +# +# [*password*] +# (required) the keystone password for trove services +# # [*auth_url*] # (optional) the keystone public endpoint -# Defaults to undef +# Defaults to 'http://127.0.0.1:5000' # # [*region_name*] # (optional) the keystone region of this node -# Optional. Defaults to 'RegionOne' +# Defaults to 'RegionOne' # # [*username*] # (optional) the keystone user for trove services # Defaults to 'trove' # -# [*password*] -# (required) the keystone password for trove services -# # [*project_name*] # (optional) the keystone tenant name for trove services # Defaults to 'services' @@ -24,13 +25,13 @@ # (optional) the keystone project domain name for trove services # Defaults to 'Default' # -# [*user_domain_name*] +# [*user_domain_name*] # (optional) the keystone user domain name for trove services # Defaults to 'Default' # class trove::api::service_credentials ( - $password = $::os_service_default, - $auth_url = undef, + $password, + $auth_url = 'http://127.0.0.1:5000', $region_name = 'RegionOne', $username = 'trove', $project_name = 'services', @@ -40,32 +41,14 @@ class trove::api::service_credentials ( include trove::deps - if $auth_url == undef { - warning('The auto detection of auth_url from www_authenticate_uri will be \ -removed in a future release. Please set trove::api::service_credentials::auth_url .') - $auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3') - } else { - $auth_url_base = $auth_url - } - $auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3" - - $username_real = pick($::trove::nova_proxy_admin_user, $username) - $password_real = pick($::trove::nova_proxy_admin_pass, $password) - $project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name) - $region_name_real = pick($::trove::os_region_name, $region_name) - - if is_service_default($password_real) { - fail('trove::api::service_credentials::password should be set') - } - trove_config { - 'service_credentials/auth_url': value => $auth_url_real; - 'service_credentials/username': value => $username_real; - 'service_credentials/password': value => $password_real, secret => true; - 'service_credentials/project_name': value => $project_name_real; + 'service_credentials/auth_url': value => $auth_url; + 'service_credentials/username': value => $username; + 'service_credentials/password': value => $password, secret => true; + 'service_credentials/project_name': value => $project_name; 'service_credentials/project_domain_name': value => $project_domain_name; 'service_credentials/user_domain_name': value => $user_domain_name; - 'service_credentials/region_name': value => $region_name_real; + 'service_credentials/region_name': value => $region_name; } } diff --git a/manifests/guestagent.pp b/manifests/guestagent.pp index 7af2f262..07b577b3 100644 --- a/manifests/guestagent.pp +++ b/manifests/guestagent.pp @@ -82,10 +82,6 @@ # (Optional) Moved to init.pp. The default exchange to scope topics. # Defaults to undef. # -# [*auth_url*] -# (optional) Authentication URL. -# Defaults to undef. -# class trove::guestagent( $enabled = true, $manage_service = true, @@ -105,7 +101,6 @@ class trove::guestagent( $backup_aes_cbc_key = $::os_service_default, #Deprecated $control_exchange = undef, - $auth_url = undef, ) { include trove::deps diff --git a/manifests/guestagent/service_credentials.pp b/manifests/guestagent/service_credentials.pp index 5a53322f..382c37be 100644 --- a/manifests/guestagent/service_credentials.pp +++ b/manifests/guestagent/service_credentials.pp @@ -1,21 +1,22 @@ # The trove::guestagent::service_credentials class helps configure auth settings # # == Parameters +# +# [*password*] +# (required) the keystone password for trove services +# # [*auth_url*] # (optional) the keystone public endpoint -# Defaults to undef +# Defaults to 'http://127.0.0.1:5000' # # [*region_name*] # (optional) the keystone region of this node -# Optional. Defaults to 'RegionOne' +# Defaults to 'RegionOne' # # [*username*] # (optional) the keystone user for trove services # Defaults to 'trove' # -# [*password*] -# (required) the keystone password for trove services -# # [*project_name*] # (optional) the keystone tenant name for trove services # Defaults to 'services' @@ -24,13 +25,13 @@ # (optional) the keystone project domain name for trove services # Defaults to 'Default' # -# [*user_domain_name*] +# [*user_domain_name*] # (optional) the keystone user domain name for trove services # Defaults to 'Default' # class trove::guestagent::service_credentials ( - $password = $::os_service_default, - $auth_url = 'http://127.0.0.1:5000/v3', + $password, + $auth_url = 'http://127.0.0.1:5000', $region_name = 'RegionOne', $username = 'trove', $project_name = 'services', @@ -40,26 +41,14 @@ class trove::guestagent::service_credentials ( include trove::deps - $auth_url_base = pick($::trove::guestagent::auth_url, $auth_url) - $auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3" - - $username_real = pick($::trove::nova_proxy_admin_user, $username) - $password_real = pick($::trove::nova_proxy_admin_pass, $password) - $project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name) - $region_name_real = pick($::trove::os_region_name, $region_name) - - if is_service_default(password_real) { - fail('trove::guestagent::service_credentials::password should be set') - } - trove_guestagent_config { - 'service_credentials/auth_url': value => $auth_url_real; - 'service_credentials/username': value => $username_real; - 'service_credentials/password': value => $password_real, secret => true; - 'service_credentials/project_name': value => $project_name_real; + 'service_credentials/auth_url': value => $auth_url; + 'service_credentials/username': value => $username; + 'service_credentials/password': value => $password, secret => true; + 'service_credentials/project_name': value => $project_name; 'service_credentials/project_domain_name': value => $project_domain_name; 'service_credentials/user_domain_name': value => $user_domain_name; - 'service_credentials/region_name': value => $region_name_real; + 'service_credentials/region_name': value => $region_name; } } diff --git a/manifests/init.pp b/manifests/init.pp index 9d759cce..ccd4c0ae 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -241,25 +241,6 @@ # # DEPRECATED PARAMETERS # -# [*nova_proxy_admin_user*] -# (optional) Admin username used to connect to nova. -# Defaults to undef -# -# [*nova_proxy_admin_pass*] -# (optional) Admin password used to connect to nova. -# Defaults to undef -# -# [*nova_proxy_admin_tenant_name*] -# (optional) Admin tenant name used to connect to nova. -# Defaults to undef -# -# [*os_region_name*] -# (optional) Sets the os_region_name flag. For environments with -# more than one endpoint per service. If you don't set this and -# you have multiple endpoints, you will get Ambiguous Endpoint -# exceptions in the trove API service. -# Defaults to undef. -# # [*use_neutron*] # (optional) Use Neutron # Defaults to undef @@ -341,10 +322,6 @@ class trove( $default_neutron_networks = $::os_service_default, $package_ensure = 'present', # DEPRECATED PARAMETERS - $nova_proxy_admin_user = undef, - $nova_proxy_admin_pass = undef, - $nova_proxy_admin_tenant_name = undef, - $os_region_name = undef, $use_neutron = undef, $database_connection = undef, $database_idle_timeout = undef, diff --git a/releasenotes/notes/remove-keystone-v2-params-047438374b04606d.yaml b/releasenotes/notes/remove-keystone-v2-params-047438374b04606d.yaml new file mode 100644 index 00000000..563d1a4c --- /dev/null +++ b/releasenotes/notes/remove-keystone-v2-params-047438374b04606d.yaml @@ -0,0 +1,18 @@ +--- +upgrade: + - | + The following deprecated parameters of the ``trove`` class have been + removed. + + - ``nova_proxy_admin_user`` + - ``nova_proxy_admin_pass`` + - ``nova_proxy_tenant_name`` + - ``os_region_name`` + + - | + Now the ``trove::api::service_credentials`` class no longer looks up + the ``auth_url`` parameter from the ``trove::keystone::authtoken`` class. + The parameter should be defined properly. + + - | + The ``trove::guestagent::auth_url`` parameter has been removed. diff --git a/spec/classes/trove_guestagent_service_credentials_spec.rb b/spec/classes/trove_guestagent_service_credentials_spec.rb index 8f9a6333..865e0bad 100644 --- a/spec/classes/trove_guestagent_service_credentials_spec.rb +++ b/spec/classes/trove_guestagent_service_credentials_spec.rb @@ -25,7 +25,7 @@ describe 'trove::guestagent::service_credentials' do end it 'configures service credentials with default parameters' do - is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000') is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove') is_expected.to contain_trove_guestagent_config('service_credentials/password').with_value('verysecrete').with_secret(true) is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services') @@ -38,7 +38,7 @@ describe 'trove::guestagent::service_credentials' do context 'when overriding defaults' do let :params do { - :auth_url => 'http://127.0.0.1:5000/v3', + :auth_url => 'http://localhost:5000', :password => 'verysecrete', :username => 'trove2', :project_name => 'services2', @@ -49,7 +49,7 @@ describe 'trove::guestagent::service_credentials' do end it 'configures service credentials with default parameters' do - is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3') + is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://localhost:5000') is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove2') is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services2') is_expected.to contain_trove_guestagent_config('service_credentials/region_name').with_value('RegionTwo') diff --git a/spec/classes/trove_guestagent_spec.rb b/spec/classes/trove_guestagent_spec.rb index 04aaea19..38a08033 100644 --- a/spec/classes/trove_guestagent_spec.rb +++ b/spec/classes/trove_guestagent_spec.rb @@ -7,9 +7,7 @@ describe 'trove::guestagent' do context 'with default parameters' do let :pre_condition do - "class { 'trove': - nova_proxy_admin_pass => 'verysecrete' - } + "class { 'trove': } class { 'trove::guestagent::service_credentials': password => 'verysectrete', }" @@ -70,9 +68,7 @@ describe 'trove::guestagent' do context 'when using a single RabbitMQ server' do let :pre_condition do - "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - } + "class { 'trove': } class { 'trove::guestagent::service_credentials': password => 'verysectrete', }" @@ -85,7 +81,6 @@ describe 'trove::guestagent' do context 'when using a single RabbitMQ server with enable ha options' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', rabbit_ha_queues => 'true', rabbit_heartbeat_in_pthread => 'true', amqp_durable_queues => 'true', @@ -104,7 +99,6 @@ describe 'trove::guestagent' do context 'when using multiple RabbitMQ servers' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', rabbit_ha_queues => true, } class { 'trove::guestagent::service_credentials': @@ -119,7 +113,6 @@ describe 'trove::guestagent' do context 'when using default transport url' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', default_transport_url => 'rabbit://user:pass@host:1234/virt', rpc_response_timeout => '120', control_exchange => 'openstack', @@ -139,9 +132,7 @@ describe 'trove::guestagent' do context 'with custom parameters' do let :pre_condition do - "class { 'trove': - nova_proxy_admin_pass => 'verysecrete' - } + "class { 'trove': } class { 'trove::guestagent::service_credentials': password => 'verysectrete', }" @@ -166,12 +157,14 @@ describe 'trove::guestagent' do context 'with SSL enabled with kombu' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', rabbit_use_ssl => true, kombu_ssl_ca_certs => '/path/to/ssl/ca/certs', kombu_ssl_certfile => '/path/to/ssl/cert/file', kombu_ssl_keyfile => '/path/to/ssl/keyfile', - kombu_ssl_version => 'TLSv1'}" + kombu_ssl_version => 'TLSv1'} + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', + }" end it do @@ -188,8 +181,11 @@ describe 'trove::guestagent' do context 'with SSL enabled without kombu' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_use_ssl => true}" + rabbit_use_ssl => true + } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', + }" end it do @@ -206,8 +202,11 @@ describe 'trove::guestagent' do context 'with SSL disabled' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', - rabbit_use_ssl => false}" + rabbit_use_ssl => false + } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', + }" end it do @@ -224,11 +223,14 @@ describe 'trove::guestagent' do context 'with transport_url entries' do let :pre_condition do "class { 'trove': - nova_proxy_admin_pass => 'verysecrete', default_transport_url => 'rabbit://rabbit_user:password@localhost:5673', rpc_response_timeout => '60', control_exchange => 'exchange', - notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' }" + notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' + } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', + }" end it do @@ -241,8 +243,10 @@ describe 'trove::guestagent' do context 'with amqp messaging' do let :pre_condition do - "class { 'trove' : - nova_proxy_admin_pass => 'verysecrete'}" + "class { 'trove' : } + class { 'trove::guestagent::service_credentials': + password => 'verysectrete', + }" end it do diff --git a/spec/classes/trove_init_spec.rb b/spec/classes/trove_init_spec.rb index 0a198932..c374c2f5 100644 --- a/spec/classes/trove_init_spec.rb +++ b/spec/classes/trove_init_spec.rb @@ -23,7 +23,7 @@ require 'spec_helper' describe 'trove' do let :params do - { :nova_proxy_admin_pass => 'passw0rd', + { :nova_compute_url => 'http://localhost:8774/v2', :cinder_url => 'http://localhost:8776/v1', :swift_url => 'http://localhost:8080/v1/AUTH_', diff --git a/spec/classes/trove_taskmanager_spec.rb b/spec/classes/trove_taskmanager_spec.rb index 48c7e2f9..21e7cca4 100644 --- a/spec/classes/trove_taskmanager_spec.rb +++ b/spec/classes/trove_taskmanager_spec.rb @@ -51,6 +51,12 @@ describe 'trove::taskmanager' do end context 'when set use_guestagent_template to false' do + let :pre_condition do + "class { 'trove::guestagent::service_credentials': + password => 'verysectrete', + }" + end + let :params do { :use_guestagent_template => false } end