From 7eeb46e04d61189925dbbaa06d3016a0235d6200 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 3 Jan 2022 15:15:54 +0900 Subject: [PATCH] Disable the zaqar-messaging service user The zaqar::keystone::auth_websocket class has been added to create an independent keystone endpoint for websocket service but the service user created by the class has never been used. This change disables the logic to create the user and the associated resources like roles and projects, so that only required resources are created. Change-Id: Iaa0042acb9fda198f10e6067523301bfd08bf249 --- manifests/keystone/auth_websocket.pp | 97 +++++++++++-------- .../websocket-auth-391e1257fe96fd02.yaml | 18 ++++ .../zaqar_keystone_auth_websocket_spec.rb | 20 +--- 3 files changed, 77 insertions(+), 58 deletions(-) create mode 100644 releasenotes/notes/websocket-auth-391e1257fe96fd02.yaml diff --git a/manifests/keystone/auth_websocket.pp b/manifests/keystone/auth_websocket.pp index 16f7b11..366ebc7 100644 --- a/manifests/keystone/auth_websocket.pp +++ b/manifests/keystone/auth_websocket.pp @@ -4,62 +4,65 @@ # # === Parameters # -# [*password*] -# (required) Password for zaqar websocket user. -# -# [*auth_name*] -# Username for zaqar service. Defaults to 'zaqar-websocket'. -# -# [*email*] -# Email for zaqar websocket user. Defaults to 'zaqar-websocket@localhost'. -# -# [*tenant*] -# Tenant for zaqar websocket user. Defaults to 'services'. -# # [*configure_endpoint*] -# Should zaqar websocket endpoint be configured? Defaults to 'true'. -# -# [*configure_user*] -# (Optional) Should the service user be configured? +# (Optional) Should zaqar websocket endpoint be configured? # Defaults to 'true'. # # [*service_type*] -# Type of service. Defaults to 'messaging'. +# (Optional) Type of service. +# Defaults to 'messaging-websocket'. # # [*public_url*] -# (optional) The endpoint's public url. -# (Defaults to 'ws://127.0.0.1:9000') +# (Optional) The endpoint's public url. +# Defaults to 'ws://127.0.0.1:9000' # # [*internal_url*] -# (optional) The endpoint's internal url. -# (Defaults to 'ws://127.0.0.1:9000') +# (Optional) The endpoint's internal url. +# Defaults to 'ws://127.0.0.1:9000' # # [*admin_url*] -# (optional) The endpoint's admin url. -# (Defaults to 'ws://127.0.0.1:9000') +# (Optional) The endpoint's admin url. +# Defaults to 'ws://127.0.0.1:9000' # # [*region*] -# Region for endpoint. Defaults to 'RegionOne'. +# (Optional) Region for endpoint. +# Defaults to 'RegionOne'. # # [*service_name*] -# (optional) Name of the service. +# (Optional) Name of the service. # Defaults to 'zaqar-websocket' # # [*configure_service*] -# Should zaqar websocket service be configured? Defaults to 'true'. +# (Optional) Should zaqar websocket service be configured? +# Defaults to 'true'. # # [*service_description*] -# (optional) Description for keystone service. +# (Optional) Description for keystone service. # Defaults to 'OpenStack Messaging Websocket Service'. - +# +# DEPRECATED PARAMETERS +# +# [*password*] +# (Optional) Password for zaqar websocket user. Defaults to undef. +# +# [*auth_name*] +# (Optional) Username for zaqar service. Defaults to undef. +# +# [*email*] +# (Optional) Email for zaqar websocket user. Defaults to undef. +# +# [*tenant*] +# (Optional) Tenant for zaqar websocket user. Defaults to undef. +# +# [*configure_user*] +# (Optional) Should the service user be configured? +# Defaults to undef +# # [*configure_user_role*] -# (optional) Whether to configure the admin role for the service user. -# Defaults to true +# (Optional) Whether to configure the admin role for the service user. +# Defaults to undef # class zaqar::keystone::auth_websocket( - $password, - $email = 'zaqar-websocket@localhost', - $auth_name = 'zaqar-websocket', $service_name = 'zaqar-websocket', $service_type = 'messaging-websocket', $public_url = 'ws://127.0.0.1:9000', @@ -69,27 +72,39 @@ class zaqar::keystone::auth_websocket( $tenant = 'services', $configure_endpoint = true, $configure_service = true, - $configure_user = true, - $configure_user_role = true, $service_description = 'OpenStack Messaging Websocket Service', + # DEPRECATED PARAMETERS + $auth_name = undef, + $password = undef, + $email = undef, + $configure_user = undef, + $configure_user_role = undef, ) { include zaqar::deps validate_legacy(String, 'validate_string', $password) + [ + 'auth_name', + 'password', + 'email', + 'configure_user', + 'configure_user_role' + ].each |String $param| { + if getvar($param) != undef { + warning("The zaqar::keystone::auth_websocket::${param} parameter is deprecated and has no effect") + } + } + keystone::resource::service_identity { 'zaqar-websocket': - configure_user => $configure_user, - configure_user_role => $configure_user_role, + configure_user => false, + configure_user_role => false, configure_endpoint => $configure_endpoint, service_type => $service_type, service_description => $service_description, service_name => $service_name, - auth_name => $auth_name, region => $region, - password => $password, - email => $email, - tenant => $tenant, public_url => $public_url, admin_url => $admin_url, internal_url => $internal_url, diff --git a/releasenotes/notes/websocket-auth-391e1257fe96fd02.yaml b/releasenotes/notes/websocket-auth-391e1257fe96fd02.yaml new file mode 100644 index 0000000..7594a87 --- /dev/null +++ b/releasenotes/notes/websocket-auth-391e1257fe96fd02.yaml @@ -0,0 +1,18 @@ +--- +upgrade: + - | + The ``zaqar::keystone::auth_websocket`` class no longer creates + the ``zaqar-websocket`` service user because it has been unused. + The service user should be deleted manually during upgrade. + +deprecations: + - | + The following parameters of the ``zaqar::keystone::auth_websocket`` class + have been deprecated and have no effect now. + + - ``configure_user`` + - ``configure_user_role`` + - ``auth_name`` + - ``password`` + - ``email`` + - ``tenant`` diff --git a/spec/classes/zaqar_keystone_auth_websocket_spec.rb b/spec/classes/zaqar_keystone_auth_websocket_spec.rb index 907f8fe..b268e81 100644 --- a/spec/classes/zaqar_keystone_auth_websocket_spec.rb +++ b/spec/classes/zaqar_keystone_auth_websocket_spec.rb @@ -12,17 +12,13 @@ describe 'zaqar::keystone::auth_websocket' do end it { is_expected.to contain_keystone__resource__service_identity('zaqar-websocket').with( - :configure_user => true, - :configure_user_role => true, + :configure_user => false, + :configure_user_role => false, :configure_endpoint => true, :service_name => 'zaqar-websocket', :service_type => 'messaging-websocket', :service_description => 'OpenStack Messaging Websocket Service', :region => 'RegionOne', - :auth_name => 'zaqar-websocket', - :password => 'zaqar-websocket_password', - :email => 'zaqar-websocket@localhost', - :tenant => 'services', :public_url => 'ws://127.0.0.1:9000', :internal_url => 'ws://127.0.0.1:9000', :admin_url => 'ws://127.0.0.1:9000', @@ -31,13 +27,7 @@ describe 'zaqar::keystone::auth_websocket' do context 'when overriding parameters' do let :params do - { :password => 'zaqar-websocket_password', - :auth_name => 'alt_zaqar-websocket', - :email => 'alt_zaqar-websocket@alt_localhost', - :tenant => 'alt_service', - :configure_endpoint => false, - :configure_user => false, - :configure_user_role => false, + { :configure_endpoint => false, :service_description => 'Alternative OpenStack Messaging Websocket Service', :service_name => 'alt_service', :service_type => 'alt_messaging-websocket', @@ -55,10 +45,6 @@ describe 'zaqar::keystone::auth_websocket' do :service_type => 'alt_messaging-websocket', :service_description => 'Alternative OpenStack Messaging Websocket Service', :region => 'RegionTwo', - :auth_name => 'alt_zaqar-websocket', - :password => 'zaqar-websocket_password', - :email => 'alt_zaqar-websocket@alt_localhost', - :tenant => 'alt_service', :public_url => 'wss://10.10.10.10:80', :internal_url => 'ws://10.10.10.11:81', :admin_url => 'ws://10.10.10.12:81',