Browse Source

Add nested sample environments for inject-trust-anchor

Fix a bug that prevented these working.  A unit test and
documentation for the nested environment functionality is also
included.

Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
changes/48/465648/9
Ben Nemec 4 years ago
parent
commit
204a582099
  1. 4
      environments/inject-trust-anchor-hiera.yaml
  2. 4
      environments/inject-trust-anchor.yaml
  3. 22
      environments/ssl/inject-trust-anchor-hiera.yaml
  4. 20
      environments/ssl/inject-trust-anchor.yaml
  5. 11
      sample-env-generator/README.rst
  6. 33
      sample-env-generator/ssl.yaml
  7. 1
      tripleo_heat_templates/environment_generator.py
  8. 65
      tripleo_heat_templates/tests/test_environment_generator.py

4
environments/inject-trust-anchor-hiera.yaml

@ -1,3 +1,7 @@
# **************************************************************************************
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor-hiera.yaml
# instead.
# **************************************************************************************
parameter_defaults:
CAMap:
first-ca-name:

4
environments/inject-trust-anchor.yaml

@ -1,3 +1,7 @@
# ********************************************************************************
# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor.yaml
# instead.
# ********************************************************************************
parameter_defaults:
SSLRootCertificate: |
The contents of your root CA certificate go here

22
environments/ssl/inject-trust-anchor-hiera.yaml

@ -0,0 +1,22 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Inject SSL Trust Anchor on Overcloud Nodes
# description: |
# When using an SSL certificate signed by a CA that is not in the default
# list of CAs, this environment allows adding a custom CA certificate to
# the overcloud nodes.
parameter_defaults:
# Map containing the CA certs and information needed for deploying them.
# Type: json
CAMap:
first-ca-name:
content: |
The content of the CA cert goes here
second-ca-name:
content: |
The content of the CA cert goes here

20
environments/ssl/inject-trust-anchor.yaml

@ -0,0 +1,20 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Inject SSL Trust Anchor on Overcloud Nodes
# description: |
# When using an SSL certificate signed by a CA that is not in the default
# list of CAs, this environment allows adding a custom CA certificate to
# the overcloud nodes.
parameter_defaults:
# The content of a CA's SSL certificate file in PEM format. This is evaluated on the client side.
# Mandatory. This parameter must be set by the user.
# Type: string
SSLRootCertificate: |
The contents of your certificate go here
resource_registry:
OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml

11
sample-env-generator/README.rst

@ -23,6 +23,11 @@ appropriate file in the ``sample-env-generator/`` directory. The existing
entries in the files can be used as examples, and a more detailed
explanation of the different available keys is below:
Top-level:
- **environments**: This is the top-level key in the file. All other keys
below should appear in a list of dictionaries that define environments.
Environment-specific:
- **name**: the output file will be this name + .yaml, in the
``environments`` directory.
- **title**: a human-readable title for the environment.
@ -52,6 +57,12 @@ explanation of the different available keys is below:
- **resource_registry**: Many environments also need to pass
resource_registry entries when they are used. This can be used
to specify that in the configuration file.
- **children**: For environments that share a lot of common values but may
need minor variations for different use cases, sample environment entries
can be nested. ``children`` takes a list of environments with the same
structure as the top-level ``environments`` key. The main difference is
that all keys are optional, and any that are omitted will be inherited from
the parent environment definition.
Some behavioral notes:

33
sample-env-generator/ssl.yaml

@ -22,6 +22,39 @@ environments:
The contents of the private key go here
resource_registry:
OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
- name: ssl/inject-trust-anchor
title: Inject SSL Trust Anchor on Overcloud Nodes
description: |
When using an SSL certificate signed by a CA that is not in the default
list of CAs, this environment allows adding a custom CA certificate to
the overcloud nodes.
files:
puppet/extraconfig/tls/ca-inject.yaml:
parameters:
- SSLRootCertificate
sample_values:
SSLRootCertificate: |-
|
The contents of your certificate go here
resource_registry:
OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
children:
- name: ssl/inject-trust-anchor-hiera
files:
puppet/services/ca-certs.yaml:
parameters:
- CAMap
# Need to clear this so we don't inherit the parent registry
resource_registry: {}
sample_values:
CAMap: |-2
first-ca-name:
content: |
The content of the CA cert goes here
second-ca-name:
content: |
The content of the CA cert goes here
-
name: ssl/tls-endpoints-public-ip
title: Deploy Public SSL Endpoints as IP Addresses

1
tripleo_heat_templates/environment_generator.py

@ -68,6 +68,7 @@ def _generate_environment(input_env, parent_env=None):
if parent_env is None:
parent_env = {}
env = dict(parent_env)
env.pop('children', None)
env.update(input_env)
parameter_defaults = {}
param_names = []

65
tripleo_heat_templates/tests/test_environment_generator.py

@ -89,6 +89,7 @@ class GeneratorTestCase(base.BaseTestCase):
('basic',
{'template': basic_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -115,6 +116,7 @@ parameter_defaults:
('basic-one-param',
{'template': basic_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -138,6 +140,7 @@ parameter_defaults:
('basic-static-param',
{'template': basic_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -173,6 +176,7 @@ parameter_defaults:
('basic-static-param-sample',
{'template': basic_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -211,6 +215,7 @@ parameter_defaults:
('basic-private',
{'template': basic_private_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -233,6 +238,7 @@ parameter_defaults:
('mandatory',
{'template': mandatory_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -256,6 +262,7 @@ parameter_defaults:
('basic-sample',
{'template': basic_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -284,6 +291,7 @@ parameter_defaults:
('basic-resource-registry',
{'template': basic_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -314,6 +322,7 @@ resource_registry:
('basic-hidden',
{'template': basic_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -349,6 +358,7 @@ parameter_defaults:
('missing-param',
{'template': basic_template,
'exception': RuntimeError,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -364,6 +374,7 @@ parameter_defaults:
('percent-index',
{'template': index_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -381,11 +392,51 @@ parameter_defaults:
# Type: string
FooParam: '%index%'
''',
}),
('nested',
{'template': multiline_template,
'exception': None,
'input_file': '''environments:
-
name: basic
title: Basic Environment
description: Basic description
files:
foo.yaml:
parameters: all
children:
- name: nested
title: Nested Environment
description: Nested description
sample_values:
FooParam: bar
''',
'expected_output': '''# title: Basic Environment
# description: |
# Basic description
parameter_defaults:
# Parameter with
# multi-line description
# Type: string
FooParam: ''
''',
'nested_output': '''# title: Nested Environment
# description: |
# Nested description
parameter_defaults:
# Parameter with
# multi-line description
# Type: string
FooParam: bar
''',
}),
('multi-line-desc',
{'template': multiline_template,
'exception': None,
'nested_output': '',
'input_file': '''environments:
-
name: basic
@ -420,7 +471,14 @@ parameter_defaults:
fake_output = open(fake_output_path, 'w')
with mock.patch('tripleo_heat_templates.environment_generator.open',
create=True) as mock_open:
mock_open.side_effect = [fake_input, fake_template, fake_output]
mock_se = [fake_input, fake_template, fake_output]
if self.nested_output:
_, fake_nested_output_path = tempfile.mkstemp()
fake_nested_output = open(fake_nested_output_path, 'w')
fake_template2 = io.StringIO(six.text_type(self.template))
mock_se = [fake_input, fake_template, fake_output,
fake_template2, fake_nested_output]
mock_open.side_effect = mock_se
if not self.exception:
environment_generator.generate_environments('ignored.yaml')
else:
@ -431,5 +489,10 @@ parameter_defaults:
expected = environment_generator._FILE_HEADER + self.expected_output
with open(fake_output_path) as f:
self.assertEqual(expected, f.read())
if self.nested_output:
with open(fake_nested_output_path) as f:
expected = (environment_generator._FILE_HEADER +
self.nested_output)
self.assertEqual(expected, f.read())
GeneratorTestCase.generate_scenarios()
Loading…
Cancel
Save