Add nested sample environments for inject-trust-anchor

Fix a bug that prevented these working. A unit test and documentation for the nested environment functionality is also included. Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
5 years ago · 204a582099
8 changed files with 159 additions and 1 deletions
--- a/environments/inject-trust-anchor-hiera.yaml
+++ b/environments/inject-trust-anchor-hiera.yaml
@ -1,3 +1,7 @@
+# **************************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor-hiera.yaml
+# instead.
+# **************************************************************************************
 parameter_defaults:
  CAMap:
    first-ca-name:
--- a/environments/inject-trust-anchor.yaml
+++ b/environments/inject-trust-anchor.yaml
@ -1,3 +1,7 @@
+# ********************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor.yaml
+# instead.
+# ********************************************************************************
 parameter_defaults:
  SSLRootCertificate: |
    The contents of your root CA certificate go here
--- a/environments/ssl/inject-trust-anchor-hiera.yaml
+++ b/environments/ssl/inject-trust-anchor-hiera.yaml
@ -0,0 +1,22 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Inject SSL Trust Anchor on Overcloud Nodes
+# description: |
+#   When using an SSL certificate signed by a CA that is not in the default
+#   list of CAs, this environment allows adding a custom CA certificate to
+#   the overcloud nodes.
+parameter_defaults:
+  # Map containing the CA certs and information needed for deploying them.
+  # Type: json
+  CAMap:
+    first-ca-name:
+      content: |
+        The content of the CA cert goes here
+    second-ca-name:
+      content: |
+        The content of the CA cert goes here
+
--- a/environments/ssl/inject-trust-anchor.yaml
+++ b/environments/ssl/inject-trust-anchor.yaml
@ -0,0 +1,20 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Inject SSL Trust Anchor on Overcloud Nodes
+# description: |
+#   When using an SSL certificate signed by a CA that is not in the default
+#   list of CAs, this environment allows adding a custom CA certificate to
+#   the overcloud nodes.
+parameter_defaults:
+  # The content of a CA's SSL certificate file in PEM format. This is evaluated on the client side.
+  # Mandatory. This parameter must be set by the user.
+  # Type: string
+  SSLRootCertificate: |
+    The contents of your certificate go here
+
+resource_registry:
+  OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
--- a/sample-env-generator/README.rst
+++ b/sample-env-generator/README.rst
@ -23,6 +23,11 @@ appropriate file in the ``sample-env-generator/`` directory.  The existing
 entries in the files can be used as examples, and a more detailed
 explanation of the different available keys is below:

+Top-level:
+- **environments**: This is the top-level key in the file.  All other keys
+  below should appear in a list of dictionaries that define environments.
+
+Environment-specific:
 - **name**: the output file will be this name + .yaml, in the
  ``environments`` directory.
 - **title**: a human-readable title for the environment.
@ -52,6 +57,12 @@ explanation of the different available keys is below:
 - **resource_registry**: Many environments also need to pass
  resource_registry entries when they are used.  This can be used
  to specify that in the configuration file.
+- **children**: For environments that share a lot of common values but may
+  need minor variations for different use cases, sample environment entries
+  can be nested.  ``children`` takes a list of environments with the same
+  structure as the top-level ``environments`` key.  The main difference is
+  that all keys are optional, and any that are omitted will be inherited from
+  the parent environment definition.

 Some behavioral notes:

--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@ -22,6 +22,39 @@ environments:
            The contents of the private key go here
    resource_registry:
      OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
+  - name: ssl/inject-trust-anchor
+    title: Inject SSL Trust Anchor on Overcloud Nodes
+    description: |
+      When using an SSL certificate signed by a CA that is not in the default
+      list of CAs, this environment allows adding a custom CA certificate to
+      the overcloud nodes.
+    files:
+      puppet/extraconfig/tls/ca-inject.yaml:
+        parameters:
+          - SSLRootCertificate
+    sample_values:
+      SSLRootCertificate: |-
+        |
+            The contents of your certificate go here
+    resource_registry:
+      OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
+    children:
+      - name: ssl/inject-trust-anchor-hiera
+        files:
+          puppet/services/ca-certs.yaml:
+            parameters:
+              - CAMap
+        # Need to clear this so we don't inherit the parent registry
+        resource_registry: {}
+        sample_values:
+          CAMap:  |-2
+
+                first-ca-name:
+                  content: |
+                    The content of the CA cert goes here
+                second-ca-name:
+                  content: |
+                    The content of the CA cert goes here
  -
    name: ssl/tls-endpoints-public-ip
    title: Deploy Public SSL Endpoints as IP Addresses
--- a/tripleo_heat_templates/environment_generator.py
+++ b/tripleo_heat_templates/environment_generator.py
@ -68,6 +68,7 @@ def _generate_environment(input_env, parent_env=None):
    if parent_env is None:
        parent_env = {}
    env = dict(parent_env)
+    env.pop('children', None)
    env.update(input_env)
    parameter_defaults = {}
    param_names = []
--- a/tripleo_heat_templates/tests/test_environment_generator.py
+++ b/tripleo_heat_templates/tests/test_environment_generator.py
@ -89,6 +89,7 @@ class GeneratorTestCase(base.BaseTestCase):
        ('basic',
         {'template': basic_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -115,6 +116,7 @@ parameter_defaults:
        ('basic-one-param',
         {'template': basic_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -138,6 +140,7 @@ parameter_defaults:
        ('basic-static-param',
         {'template': basic_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -173,6 +176,7 @@ parameter_defaults:
        ('basic-static-param-sample',
         {'template': basic_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -211,6 +215,7 @@ parameter_defaults:
        ('basic-private',
         {'template': basic_private_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -233,6 +238,7 @@ parameter_defaults:
        ('mandatory',
         {'template': mandatory_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -256,6 +262,7 @@ parameter_defaults:
        ('basic-sample',
         {'template': basic_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -284,6 +291,7 @@ parameter_defaults:
        ('basic-resource-registry',
         {'template': basic_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -314,6 +322,7 @@ resource_registry:
        ('basic-hidden',
         {'template': basic_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -349,6 +358,7 @@ parameter_defaults:
        ('missing-param',
         {'template': basic_template,
          'exception': RuntimeError,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -364,6 +374,7 @@ parameter_defaults:
        ('percent-index',
         {'template': index_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -381,11 +392,51 @@ parameter_defaults:
  # Type: string
  FooParam: '%index%'

+''',
+          }),
+        ('nested',
+         {'template': multiline_template,
+          'exception': None,
+          'input_file': '''environments:
+  -
+    name: basic
+    title: Basic Environment
+    description: Basic description
+    files:
+      foo.yaml:
+        parameters: all
+    children:
+      - name: nested
+        title: Nested Environment
+        description: Nested description
+        sample_values:
+          FooParam: bar
+''',
+          'expected_output': '''# title: Basic Environment
+# description: |
+#   Basic description
+parameter_defaults:
+  # Parameter with
+  # multi-line description
+  # Type: string
+  FooParam: ''
+
+''',
+          'nested_output': '''# title: Nested Environment
+# description: |
+#   Nested description
+parameter_defaults:
+  # Parameter with
+  # multi-line description
+  # Type: string
+  FooParam: bar
+
 ''',
          }),
        ('multi-line-desc',
         {'template': multiline_template,
          'exception': None,
+          'nested_output': '',
          'input_file': '''environments:
  -
    name: basic
@ -420,7 +471,14 @@ parameter_defaults:
        fake_output = open(fake_output_path, 'w')
        with mock.patch('tripleo_heat_templates.environment_generator.open',
                        create=True) as mock_open:
-            mock_open.side_effect = [fake_input, fake_template, fake_output]
+            mock_se = [fake_input, fake_template, fake_output]
+            if self.nested_output:
+                _, fake_nested_output_path = tempfile.mkstemp()
+                fake_nested_output = open(fake_nested_output_path, 'w')
+                fake_template2 = io.StringIO(six.text_type(self.template))
+                mock_se = [fake_input, fake_template, fake_output,
+                           fake_template2, fake_nested_output]
+            mock_open.side_effect = mock_se
            if not self.exception:
                environment_generator.generate_environments('ignored.yaml')
            else:
@ -431,5 +489,10 @@ parameter_defaults:
        expected = environment_generator._FILE_HEADER + self.expected_output
        with open(fake_output_path) as f:
            self.assertEqual(expected, f.read())
+        if self.nested_output:
+            with open(fake_nested_output_path) as f:
+                expected = (environment_generator._FILE_HEADER +
+                            self.nested_output)
+                self.assertEqual(expected, f.read())

 GeneratorTestCase.generate_scenarios()