openstack/puppet-trove
Code Issues Proposed changes

Clean up deprecated keystone v2 parameters

Browse Source 
... and automated detection of auth_url parameter.

These were deprecated during the Ussuri cycle[1].

[1] 1d3bffd18b

Depends-on: https://review.opendev.org/823886
Change-Id: I8304a0fd3bcabaf236a03c98f368b35842c7bff1
This commit is contained in:
Takashi Kajinami 2022-03-04 08:14:31 +09:00
parent 476d5efd18
commit 967522885a
9 changed files with 82 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
manifests/api/service_credentials.pp
View File

@ -1,21 +1,22 @@
# The trove::api::service_credentials class helps configure auth settings
#
# == Parameters
#
# [*password*]
# (required) the keystone password for trove services
#
# [*auth_url*]
# (optional) the keystone public endpoint
# Defaults to undef
# Defaults to 'http://127.0.0.1:5000'
#
# [*region_name*]
# (optional) the keystone region of this node
# Optional. Defaults to 'RegionOne'
# Defaults to 'RegionOne'
#
# [*username*]
# (optional) the keystone user for trove services
# Defaults to 'trove'
#
# [*password*]
# (required) the keystone password for trove services
#
# [*project_name*]
# (optional) the keystone tenant name for trove services
# Defaults to 'services'
@ -24,13 +25,13 @@
# (optional) the keystone project domain name for trove services
# Defaults to 'Default'
#
# [*user_domain_name*]
# [*user_domain_name*]
# (optional) the keystone user domain name for trove services
# Defaults to 'Default'
#
class trove::api::service_credentials (
$password = $::os_service_default,
$auth_url = undef,
$password,
$auth_url = 'http://127.0.0.1:5000',
$region_name = 'RegionOne',
$username = 'trove',
$project_name = 'services',
@ -40,32 +41,14 @@ class trove::api::service_credentials (
include trove::deps
if $auth_url == undef {
warning('The auto detection of auth_url from www_authenticate_uri will be \
removed in a future release. Please set trove::api::service_credentials::auth_url .')
$auth_url_base = pick($::trove::keystone::authtoken::www_authenticate_uri, 'http://127.0.0.1:5000/v3')
} else {
$auth_url_base = $auth_url
}
$auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
$username_real = pick($::trove::nova_proxy_admin_user, $username)
$password_real = pick($::trove::nova_proxy_admin_pass, $password)
$project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name)
$region_name_real = pick($::trove::os_region_name, $region_name)
if is_service_default($password_real) {
fail('trove::api::service_credentials::password should be set')
}
trove_config {
'service_credentials/auth_url': value => $auth_url_real;
'service_credentials/username': value => $username_real;
'service_credentials/password': value => $password_real, secret => true;
'service_credentials/project_name': value => $project_name_real;
'service_credentials/auth_url': value => $auth_url;
'service_credentials/username': value => $username;
'service_credentials/password': value => $password, secret => true;
'service_credentials/project_name': value => $project_name;
'service_credentials/project_domain_name': value => $project_domain_name;
'service_credentials/user_domain_name': value => $user_domain_name;
'service_credentials/region_name': value => $region_name_real;
'service_credentials/region_name': value => $region_name;
}
}

5
manifests/guestagent.pp
View File

@ -82,10 +82,6 @@
# (Optional) Moved to init.pp. The default exchange to scope topics.
# Defaults to undef.
#
# [*auth_url*]
# (optional) Authentication URL.
# Defaults to undef.
#
class trove::guestagent(
$enabled = true,
$manage_service = true,
@ -105,7 +101,6 @@ class trove::guestagent(
$backup_aes_cbc_key = $::os_service_default,
#Deprecated
$control_exchange = undef,
$auth_url = undef,
) {
include trove::deps

39
manifests/guestagent/service_credentials.pp
View File

@ -1,21 +1,22 @@
# The trove::guestagent::service_credentials class helps configure auth settings
#
# == Parameters
#
# [*password*]
# (required) the keystone password for trove services
#
# [*auth_url*]
# (optional) the keystone public endpoint
# Defaults to undef
# Defaults to 'http://127.0.0.1:5000'
#
# [*region_name*]
# (optional) the keystone region of this node
# Optional. Defaults to 'RegionOne'
# Defaults to 'RegionOne'
#
# [*username*]
# (optional) the keystone user for trove services
# Defaults to 'trove'
#
# [*password*]
# (required) the keystone password for trove services
#
# [*project_name*]
# (optional) the keystone tenant name for trove services
# Defaults to 'services'
@ -24,13 +25,13 @@
# (optional) the keystone project domain name for trove services
# Defaults to 'Default'
#
# [*user_domain_name*]
# [*user_domain_name*]
# (optional) the keystone user domain name for trove services
# Defaults to 'Default'
#
class trove::guestagent::service_credentials (
$password = $::os_service_default,
$auth_url = 'http://127.0.0.1:5000/v3',
$password,
$auth_url = 'http://127.0.0.1:5000',
$region_name = 'RegionOne',
$username = 'trove',
$project_name = 'services',
@ -40,26 +41,14 @@ class trove::guestagent::service_credentials (
include trove::deps
$auth_url_base = pick($::trove::guestagent::auth_url, $auth_url)
$auth_url_real = "${regsubst($auth_url_base, '(\/v3$|\/v2.0$|\/$)', '')}/v3"
$username_real = pick($::trove::nova_proxy_admin_user, $username)
$password_real = pick($::trove::nova_proxy_admin_pass, $password)
$project_name_real = pick($::trove::nova_proxy_tenant_name, $project_name)
$region_name_real = pick($::trove::os_region_name, $region_name)
if is_service_default(password_real) {
fail('trove::guestagent::service_credentials::password should be set')
}
trove_guestagent_config {
'service_credentials/auth_url': value => $auth_url_real;
'service_credentials/username': value => $username_real;
'service_credentials/password': value => $password_real, secret => true;
'service_credentials/project_name': value => $project_name_real;
'service_credentials/auth_url': value => $auth_url;
'service_credentials/username': value => $username;
'service_credentials/password': value => $password, secret => true;
'service_credentials/project_name': value => $project_name;
'service_credentials/project_domain_name': value => $project_domain_name;
'service_credentials/user_domain_name': value => $user_domain_name;
'service_credentials/region_name': value => $region_name_real;
'service_credentials/region_name': value => $region_name;
}
}

23
manifests/init.pp
View File

@ -241,25 +241,6 @@
#
# DEPRECATED PARAMETERS
#
# [*nova_proxy_admin_user*]
# (optional) Admin username used to connect to nova.
# Defaults to undef
#
# [*nova_proxy_admin_pass*]
# (optional) Admin password used to connect to nova.
# Defaults to undef
#
# [*nova_proxy_admin_tenant_name*]
# (optional) Admin tenant name used to connect to nova.
# Defaults to undef
#
# [*os_region_name*]
# (optional) Sets the os_region_name flag. For environments with
# more than one endpoint per service. If you don't set this and
# you have multiple endpoints, you will get Ambiguous Endpoint
# exceptions in the trove API service.
# Defaults to undef.
#
# [*use_neutron*]
# (optional) Use Neutron
# Defaults to undef
@ -341,10 +322,6 @@ class trove(
$default_neutron_networks = $::os_service_default,
$package_ensure = 'present',
# DEPRECATED PARAMETERS
$nova_proxy_admin_user = undef,
$nova_proxy_admin_pass = undef,
$nova_proxy_admin_tenant_name = undef,
$os_region_name = undef,
$use_neutron = undef,
$database_connection = undef,
$database_idle_timeout = undef,

18
releasenotes/notes/remove-keystone-v2-params-047438374b04606d.yaml Normal file
View File

@ -0,0 +1,18 @@
---
upgrade:
- |
The following deprecated parameters of the ``trove`` class have been
removed.
- ``nova_proxy_admin_user``
- ``nova_proxy_admin_pass``
- ``nova_proxy_tenant_name``
- ``os_region_name``
- |
Now the ``trove::api::service_credentials`` class no longer looks up
the ``auth_url`` parameter from the ``trove::keystone::authtoken`` class.
The parameter should be defined properly.
- |
The ``trove::guestagent::auth_url`` parameter has been removed.

6
spec/classes/trove_guestagent_service_credentials_spec.rb
View File

@ -25,7 +25,7 @@ describe 'trove::guestagent::service_credentials' do
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000')
is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove')
is_expected.to contain_trove_guestagent_config('service_credentials/password').with_value('verysecrete').with_secret(true)
is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services')
@ -38,7 +38,7 @@ describe 'trove::guestagent::service_credentials' do
context 'when overriding defaults' do
let :params do
{
:auth_url => 'http://127.0.0.1:5000/v3',
:auth_url => 'http://localhost:5000',
:password => 'verysecrete',
:username => 'trove2',
:project_name => 'services2',
@ -49,7 +49,7 @@ describe 'trove::guestagent::service_credentials' do
end
it 'configures service credentials with default parameters' do
is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_trove_guestagent_config('service_credentials/auth_url').with_value('http://localhost:5000')
is_expected.to contain_trove_guestagent_config('service_credentials/username').with_value('trove2')
is_expected.to contain_trove_guestagent_config('service_credentials/project_name').with_value('services2')
is_expected.to contain_trove_guestagent_config('service_credentials/region_name').with_value('RegionTwo')

48
spec/classes/trove_guestagent_spec.rb
View File

@ -7,9 +7,7 @@ describe 'trove::guestagent' do
context 'with default parameters' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete'
}
"class { 'trove': }
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
@ -70,9 +68,7 @@ describe 'trove::guestagent' do
context 'when using a single RabbitMQ server' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
}
"class { 'trove': }
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
@ -85,7 +81,6 @@ describe 'trove::guestagent' do
context 'when using a single RabbitMQ server with enable ha options' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
rabbit_ha_queues => 'true',
rabbit_heartbeat_in_pthread => 'true',
amqp_durable_queues => 'true',
@ -104,7 +99,6 @@ describe 'trove::guestagent' do
context 'when using multiple RabbitMQ servers' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
rabbit_ha_queues => true,
}
class { 'trove::guestagent::service_credentials':
@ -119,7 +113,6 @@ describe 'trove::guestagent' do
context 'when using default transport url' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
default_transport_url => 'rabbit://user:pass@host:1234/virt',
rpc_response_timeout => '120',
control_exchange => 'openstack',
@ -139,9 +132,7 @@ describe 'trove::guestagent' do
context 'with custom parameters' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete'
}
"class { 'trove': }
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
@ -166,12 +157,14 @@ describe 'trove::guestagent' do
context 'with SSL enabled with kombu' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
rabbit_use_ssl => true,
kombu_ssl_ca_certs => '/path/to/ssl/ca/certs',
kombu_ssl_certfile => '/path/to/ssl/cert/file',
kombu_ssl_keyfile => '/path/to/ssl/keyfile',
kombu_ssl_version => 'TLSv1'}"
kombu_ssl_version => 'TLSv1'}
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
end
it do
@ -188,8 +181,11 @@ describe 'trove::guestagent' do
context 'with SSL enabled without kombu' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
rabbit_use_ssl => true}"
rabbit_use_ssl => true
}
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
end
it do
@ -206,8 +202,11 @@ describe 'trove::guestagent' do
context 'with SSL disabled' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
rabbit_use_ssl => false}"
rabbit_use_ssl => false
}
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
end
it do
@ -224,11 +223,14 @@ describe 'trove::guestagent' do
context 'with transport_url entries' do
let :pre_condition do
"class { 'trove':
nova_proxy_admin_pass => 'verysecrete',
default_transport_url => 'rabbit://rabbit_user:password@localhost:5673',
rpc_response_timeout => '60',
control_exchange => 'exchange',
notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673' }"
notification_transport_url => 'rabbit://rabbit_user:password@localhost:5673'
}
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
end
it do
@ -241,8 +243,10 @@ describe 'trove::guestagent' do
context 'with amqp messaging' do
let :pre_condition do
"class { 'trove' :
nova_proxy_admin_pass => 'verysecrete'}"
"class { 'trove' : }
class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
end
it do

2
spec/classes/trove_init_spec.rb
View File

@ -23,7 +23,7 @@ require 'spec_helper'
describe 'trove' do
let :params do
{ :nova_proxy_admin_pass => 'passw0rd',
{
:nova_compute_url => 'http://localhost:8774/v2',
:cinder_url => 'http://localhost:8776/v1',
:swift_url => 'http://localhost:8080/v1/AUTH_',

6
spec/classes/trove_taskmanager_spec.rb
View File

@ -51,6 +51,12 @@ describe 'trove::taskmanager' do
end
context 'when set use_guestagent_template to false' do
let :pre_condition do
"class { 'trove::guestagent::service_credentials':
password => 'verysectrete',
}"
end
let :params do
{ :use_guestagent_template => false }
end