From 8b37baa3661fd2a3d4bc9d67b21a373f58cd1af9 Mon Sep 17 00:00:00 2001
From: Daneyon Hansen <danehans@cisco.com>
Date: Wed, 31 Jul 2013 19:28:53 +0000
Subject: [PATCH] Fix Keystone 'token-get' Error

Previously, users would receive an error similar to the one below
after sourcing keystone authentication variables
(i.e. source openrc) and running the puppet agent:

debug: Puppet::Type::Keystone_user::ProviderKeystone:
Executing '/usr/bin/keystone --os-auth-url
http://127.0.0.1:35357/v2.0/ token-get'
err: /Stage[main]/Nova::Keystone::Auth/Keystone_user[nova]:
Could not evaluate: Execution of '/usr/bin/keystone --os-auth-url
http://127.0.0.1:35357/v2.0/ token-get' returned 1: Configuration
error: Client configured to run without a service catalog.
Run the client using --os-auth-url or OS_AUTH_URL, instead of
--os-endpoint or OS_SERVICE_ENDPOINT, for example.
WARNING: Bypassing authentication using a token & endpoint
(authentication credentials are being ignored).

Even though the OS_AUTH_URL was being provided in the auth file,
Keystone will ignore it and other variables related to user/pswd
based authnetication.  This is because only one form of auth
(token or user/password) can be used at a time and Keystone
will prefer token-based auth if both are provided.

This change introduces the new parameter use_token_auth to set
the Keystone auth file based on user/password or token-based
authentication.  Defaults to false for backwards compatibility
and to use user/password authentication.

Additional Information:
  http://docs.openstack.org/developer/keystone/configuration.html
  https://lists.launchpad.net/openstack/msg22356.html

Additionally, Region support was added through the region_name
parameter.  Defaults to RegionOne for backwards compatibility and
to use the default region named RegionOne.

Change-Id: I913d8da5b753c8db40a05ba2ae1784750f722a5b
---
 manifests/auth_file.pp                   | 39 +++++++++++++++---------
 spec/classes/openstack_auth_file_spec.rb | 39 +++++++++---------------
 2 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/manifests/auth_file.pp b/manifests/auth_file.pp
index 96d8def..004fd40 100644
--- a/manifests/auth_file.pp
+++ b/manifests/auth_file.pp
@@ -4,24 +4,35 @@
 # against a keystone server.
 #
 class openstack::auth_file(
-  $admin_password,
   $controller_node      = '127.0.0.1',
-  $keystone_admin_token = 'keystone_admin_token',
+  $keystone_admin_token = undef,
   $admin_user           = 'admin',
+  $admin_password       = undef,
   $admin_tenant         = 'admin',
+  $region_name          = 'RegionOne',
   $use_no_cache         = true
 ) {
-  file { '/root/openrc':
-    content =>
-  "
-  export OS_NO_CACHE=${use_no_cache}
-  export OS_TENANT_NAME=${admin_tenant}
-  export OS_USERNAME=${admin_user}
-  export OS_PASSWORD='${admin_password}'
-  export OS_AUTH_URL=\"http://${controller_node}:5000/v2.0/\"
-  export OS_AUTH_STRATEGY=keystone
-  export SERVICE_TOKEN=${keystone_admin_token}
-  export SERVICE_ENDPOINT=http://${controller_node}:35357/v2.0/
-  "
+
+  if ($keystone_admin_token) {
+    file { '/root/openrc':
+        content =>
+    "
+    export OS_SERVICE_TOKEN=${keystone_admin_token}
+    export OS_SERVICE_ENDPOINT=http://${controller_node}:35357/v2.0/
+    "
+    }
+  } else {
+    file { '/root/openrc':
+      content =>
+    "
+    export OS_NO_CACHE=${use_no_cache}
+    export OS_TENANT_NAME=${admin_tenant}
+    export OS_USERNAME=${admin_user}
+    export OS_PASSWORD='${admin_password}'
+    export OS_AUTH_URL=\"http://${controller_node}:5000/v2.0/\"
+    export OS_AUTH_STRATEGY=keystone
+    export OS_REGION_NAME=${region_name}
+    "
+    }
   }
 }
diff --git a/spec/classes/openstack_auth_file_spec.rb b/spec/classes/openstack_auth_file_spec.rb
index 24869ed..19fd0e7 100644
--- a/spec/classes/openstack_auth_file_spec.rb
+++ b/spec/classes/openstack_auth_file_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe 'openstack::auth_file' do
 
-  describe "when only passing required class parameters" do
+  describe "when only passing default class parameters" do
 
     let :params do
       { :admin_password => 'admin' }
@@ -10,16 +10,15 @@ describe 'openstack::auth_file' do
 
     it 'should create a openrc file' do
       should contain_file('/root/openrc').with_content(
-  '
-  export OS_NO_CACHE=true
-  export OS_TENANT_NAME=admin
-  export OS_USERNAME=admin
-  export OS_PASSWORD=\'admin\'
-  export OS_AUTH_URL="http://127.0.0.1:5000/v2.0/"
-  export OS_AUTH_STRATEGY=keystone
-  export SERVICE_TOKEN=keystone_admin_token
-  export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0/
-  '
+    '
+    export OS_NO_CACHE=true
+    export OS_TENANT_NAME=admin
+    export OS_USERNAME=admin
+    export OS_PASSWORD=\'admin\'
+    export OS_AUTH_URL="http://127.0.0.1:5000/v2.0/"
+    export OS_AUTH_STRATEGY=keystone
+    export OS_REGION_NAME=RegionOne
+    '
         )
     end
   end
@@ -28,27 +27,17 @@ describe 'openstack::auth_file' do
 
       let :params do
         {
-          :admin_password        => 'nova',
           :controller_node       => '127.0.0.2',
           :keystone_admin_token  => 'keystone',
-          :admin_user            => 'nova',
-          :admin_tenant          => 'nova',
-          :use_no_cache          => false,
         }
       end
 
       it 'should create a openrc file' do
         should contain_file('/root/openrc').with_content(
-  '
-  export OS_NO_CACHE=false
-  export OS_TENANT_NAME=nova
-  export OS_USERNAME=nova
-  export OS_PASSWORD=\'nova\'
-  export OS_AUTH_URL="http://127.0.0.2:5000/v2.0/"
-  export OS_AUTH_STRATEGY=keystone
-  export SERVICE_TOKEN=keystone
-  export SERVICE_ENDPOINT=http://127.0.0.2:35357/v2.0/
-  '
+    '
+    export OS_SERVICE_TOKEN=keystone
+    export OS_SERVICE_ENDPOINT=http://127.0.0.2:35357/v2.0/
+    '
         )
       end
   end