diff --git a/manifests/api.pp b/manifests/api.pp index a863f29..15915a8 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -85,90 +85,22 @@ # Require validate set at True. # Defaults to undef # -# [*watcher_client_auth_uri*] -# (Optional) Public Identity API endpoint. -# Defaults to undef -# -# [*watcher_client_default_domain_name*] -# (Optional)domain name to use with v3 API and v2 parameters. It will -# be used for both the user and project domain in v3 and ignored in v2 -# authentication. -# Defaults to undef -# -# [*watcher_client_password*] -# (optional) User's password -# Defaults to undef -# -# [*watcher_client_username*] -# (optional) The name of the auth user -# Defaults to undef -# -# [*watcher_client_auth_url*] -# Specifies the admin Identity URI for Watcher to use. -# Defaults to undef -# -# [*watcher_client_project_name*] -# (Optional) Service project name. -# Defaults to undef -# -# [*watcher_client_certfile*] -# (Optional) PEM encoded client certificate cert file. -# Defaults to undef -# -# [*watcher_client_cafile*] -# (Optional)PEM encoded Certificate Authority to use when verifying HTTPs -# connections. -# Defaults to undef -# -# [*watcher_client_project_domain_name*] -# (Optional) Domain name containing project. -# Defaults to undef -# -# [*watcher_client_user_domain_name*] -# (Optional) User Domain name. -# Defaults to undef -# -# [*watcher_client_insecure*] -# (Optional) Verify HTTPS connections. -# Defaults to undef -# -# [*watcher_client_keyfile*] -# (Optional) PEM encoded client certificate key file. -# Defaults to undef -# -# [*watcher_client_auth_type*] -# (Optional) Authentication type to load. -# Defaults to undef -# class watcher::api ( - $package_ensure = 'present', - $enabled = true, - $manage_service = true, - $port = $::os_service_default, - $max_limit = $::os_service_default, - $bind_host = $::os_service_default, - $workers = $::os_workers, - $enable_ssl_api = $::os_service_default, - $service_name = $::watcher::params::api_service_name, - $create_db_schema = false, - $upgrade_db = false, - $auth_strategy = 'keystone', + $package_ensure = 'present', + $enabled = true, + $manage_service = true, + $port = $::os_service_default, + $max_limit = $::os_service_default, + $bind_host = $::os_service_default, + $workers = $::os_workers, + $enable_ssl_api = $::os_service_default, + $service_name = $::watcher::params::api_service_name, + $create_db_schema = false, + $upgrade_db = false, + $auth_strategy = 'keystone', # DEPRECATED PARAMETERS - $validate = undef, - $validation_options = undef, - $watcher_client_auth_uri = undef, - $watcher_client_default_domain_name = undef, - $watcher_client_password = undef, - $watcher_client_username = undef, - $watcher_client_auth_url = undef, - $watcher_client_project_name = undef, - $watcher_client_certfile = undef, - $watcher_client_cafile = undef, - $watcher_client_project_domain_name = undef, - $watcher_client_user_domain_name = undef, - $watcher_client_insecure = undef, - $watcher_client_keyfile = undef, - $watcher_client_auth_type = undef, + $validate = undef, + $validation_options = undef, ) inherits watcher::params { include watcher::policy @@ -243,26 +175,4 @@ as a standalone service, or httpd for being run by a httpd server") 'api/workers': value => $workers; 'api/enable_ssl_api': value => $enable_ssl_api; } - - if $watcher_client_auth_uri != undef { - warning('The watcher_client_auth_uri is deprecated and has no effect.') - } - watcher_config { - 'watcher_clients_auth/auth_uri': ensure => absent; - } - - if $watcher_client_default_domain_name != undef { - warning('The watcher_client_default_domain_name parameter is deprecated and has no effect.') - } - - [ 'password', 'auth_url', 'username', 'project_name', 'project_domain_name', - 'user_domain_anme', 'auth_type', 'insecure', 'keyfile', 'certfile', - 'cafile' ].each |String $client_opt|{ - if getvar("watcher_client_${client_opt}") != undef { - warning("The watcher_client_${client_opt} parameter is deprecated. \ -Use the watcher_clients_auth class instead.") - } - include watcher::watcher_clients_auth - } - } diff --git a/manifests/watcher_clients_auth.pp b/manifests/watcher_clients_auth.pp index 3fa5a6c..e024553 100644 --- a/manifests/watcher_clients_auth.pp +++ b/manifests/watcher_clients_auth.pp @@ -53,7 +53,7 @@ # Defaults to $::os_service_default # class watcher::watcher_clients_auth ( - $password = false, + $password, $auth_url = 'http://localhost:5000/', $username = 'watcher', $project_name = 'services', @@ -69,40 +69,26 @@ class watcher::watcher_clients_auth ( include watcher::deps - $password_real = pick($::watcher::api::watcher_client_password, $password) - if ! $password_real { - fail('password is required') - } - if is_service_default($system_scope) { - $project_name_real = pick($::watcher::api::watcher_client_project_name, $project_name) - $project_domain_name_real = pick($::watcher::api::watcher_client_project_domain_name, $project_domain_name) + $project_name_real = $project_name + $project_domain_name_real = $project_domain_name } else { $project_name_real = $::os_service_default $project_domain_name_real = $::os_service_default } - $auth_url_real = pick($::watcher::api::watcher_client_auth_url, $auth_url) - $username_real = pick($::watcher::api::watcher_client_username, $username) - $user_domain_name_real = pick($::watcher::api::watcher_client_user_domain_name, $user_domain_name) - $auth_type_real = pick($::watcher::api::watcher_client_auth_type, $auth_type) - $insecure_real = pick($::watcher::api::watcher_client_insecure, $insecure) - $certfile_real = pick($::watcher::api::watcher_client_certfile, $certfile) - $cafile_real = pick($::watcher::api::watcher_client_cafile, $cafile) - $keyfile_real = pick($::watcher::api::watcher_client_keyfile, $keyfile) - watcher_config { - 'watcher_clients_auth/password': value => $password_real, secret => true; - 'watcher_clients_auth/username': value => $username_real; - 'watcher_clients_auth/auth_url': value => $auth_url_real; + 'watcher_clients_auth/password': value => $password, secret => true; + 'watcher_clients_auth/username': value => $username; + 'watcher_clients_auth/auth_url': value => $auth_url; 'watcher_clients_auth/project_name': value => $project_name_real; 'watcher_clients_auth/project_domain_name': value => $project_domain_name_real; - 'watcher_clients_auth/user_domain_name': value => $user_domain_name_real; + 'watcher_clients_auth/user_domain_name': value => $user_domain_name; 'watcher_clients_auth/system_scope': value => $system_scope; - 'watcher_clients_auth/insecure': value => $insecure_real; - 'watcher_clients_auth/auth_type': value => $auth_type_real; - 'watcher_clients_auth/cafile': value => $cafile_real; - 'watcher_clients_auth/certfile': value => $certfile_real; - 'watcher_clients_auth/keyfile': value => $keyfile_real; + 'watcher_clients_auth/insecure': value => $insecure; + 'watcher_clients_auth/auth_type': value => $auth_type; + 'watcher_clients_auth/cafile': value => $cafile; + 'watcher_clients_auth/certfile': value => $certfile; + 'watcher_clients_auth/keyfile': value => $keyfile; } } diff --git a/releasenotes/notes/cleanup-watcher_clients-f84a02181142a249.yaml b/releasenotes/notes/cleanup-watcher_clients-f84a02181142a249.yaml new file mode 100644 index 0000000..59ce4cc --- /dev/null +++ b/releasenotes/notes/cleanup-watcher_clients-f84a02181142a249.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The deprecated ``watcher::api::watcher_clinet_*`` parameters have been + removed. diff --git a/spec/classes/watcher_api_spec.rb b/spec/classes/watcher_api_spec.rb index 8a256b7..e340d5e 100644 --- a/spec/classes/watcher_api_spec.rb +++ b/spec/classes/watcher_api_spec.rb @@ -3,18 +3,21 @@ require 'spec_helper' describe 'watcher::api' do let :params do - { :watcher_client_password => 'password', - :enabled => true, - :package_ensure => 'latest', + { + :enabled => true, + :package_ensure => 'latest', } end - shared_examples 'watcher-api' do + let :pre_condition do + "include watcher::db + class { 'watcher': } + class { 'watcher::keystone::authtoken': + password => 'a_big_secret', + }" + end - context 'without required parameter watcher_client_password' do - before { params.delete(:watcher_client_password) } - it { expect { is_expected.to raise_error(Puppet::Error) } } - end + shared_examples 'watcher-api' do it { is_expected.to contain_class('watcher::params') } it { is_expected.to contain_class('watcher::deps') } @@ -70,53 +73,6 @@ describe 'watcher::api' do end end - context 'watcher clients auth section with default parameters' do - it 'configures watcher clients auth' do - is_expected.to contain_watcher_config('watcher_clients_auth/username').with_value('watcher') - is_expected.to contain_watcher_config('watcher_clients_auth/password').with_value( params[:watcher_client_password] ) - is_expected.to contain_watcher_config('watcher_clients_auth/auth_url').with_value('http://localhost:5000/') - is_expected.to contain_watcher_config('watcher_clients_auth/project_name').with_value('services') - is_expected.to contain_watcher_config('watcher_clients_auth/project_domain_name').with_value('Default') - is_expected.to contain_watcher_config('watcher_clients_auth/user_domain_name').with_value('Default') - is_expected.to contain_watcher_config('watcher_clients_auth/insecure').with_value('') - is_expected.to contain_watcher_config('watcher_clients_auth/auth_type').with_value('password') - is_expected.to contain_watcher_config('watcher_clients_auth/cafile').with_value('') - is_expected.to contain_watcher_config('watcher_clients_auth/certfile').with_value('') - is_expected.to contain_watcher_config('watcher_clients_auth/keyfile').with_value('') - end - end - - context 'watcher clients auth section with overridden parameters' do - before do - params.merge! ({ - :watcher_client_username => 'watcher_user', - :watcher_client_password => 'PassWoRD', - :watcher_client_auth_url => 'http://localhost:35358/', - :watcher_client_project_name => 'ProjectZero', - :watcher_client_project_domain_name => 'WatcherDomain', - :watcher_client_user_domain_name => 'WatcherUserDomain', - :watcher_client_insecure => 'true', - :watcher_client_auth_type => 'password', - :watcher_client_cafile => '/tmp/ca.crt', - :watcher_client_certfile => '/tmp/watcher.com.crt', - :watcher_client_keyfile => '/tmp/key.pm', - }) - end - it 'configures watcher clients auth' do - is_expected.to contain_watcher_config('watcher_clients_auth/username').with_value( params[:watcher_client_username] ) - is_expected.to contain_watcher_config('watcher_clients_auth/password').with_value( params[:watcher_client_password] ) - is_expected.to contain_watcher_config('watcher_clients_auth/auth_url').with_value('http://localhost:35358/') - is_expected.to contain_watcher_config('watcher_clients_auth/project_name').with_value( params[:watcher_client_project_name] ) - is_expected.to contain_watcher_config('watcher_clients_auth/project_domain_name').with_value( params[:watcher_client_project_domain_name] ) - is_expected.to contain_watcher_config('watcher_clients_auth/user_domain_name').with_value( params[:watcher_client_user_domain_name] ) - is_expected.to contain_watcher_config('watcher_clients_auth/insecure').with_value( params[:watcher_client_insecure] ) - is_expected.to contain_watcher_config('watcher_clients_auth/auth_type').with_value( params[:watcher_client_auth_type] ) - is_expected.to contain_watcher_config('watcher_clients_auth/cafile').with_value( params[:watcher_client_cafile] ) - is_expected.to contain_watcher_config('watcher_clients_auth/certfile').with_value( params[:watcher_client_certfile] ) - is_expected.to contain_watcher_config('watcher_clients_auth/keyfile').with_value( params[:watcher_client_keyfile] ) - end - end - context 'when running watcher-api in wsgi' do before do params.merge!({ :service_name => 'httpd' })