openstack/puppet-ceilometer
Code Issues Proposed changes

Use 'password' auth_type by default

Browse Source 
It's better to use 'password' keystone auth plugin by default
for the supporting v2 and v3 keystone API instead of ceilometer
legacy keystone loader which supports only v2.
Remove hard-coded API version from auth_url as well.

Actually this legacy loader has been deprecated in Mitaka and
has been already removed in Newton:
https://review.openstack.org/#/c/307053/

Change-Id: Iad68b6c1c29f9d9cd1b41ecc2898732fa030d401
This commit is contained in:
iberezovskiy 2016-05-24 16:29:46 +03:00 committed by Ivan Berezovskiy
parent e1febabab2
commit d82c232b5e
3 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
manifests/agent/auth.pp
View File

@ -7,7 +7,7 @@
# #
# [*auth_url*] # [*auth_url*]
# (Optional) the keystone public endpoint # (Optional) the keystone public endpoint
# Defaults to 'http://localhost:5000/v2.0'. # Defaults to 'http://localhost:5000'.
# #
# [*auth_region*] # [*auth_region*]
# (Optional) the keystone region of this node # (Optional) the keystone region of this node
@ -39,28 +39,28 @@
# #
# [*auth_user_domain_name*] # [*auth_user_domain_name*]
# (Optional) domain name for auth user. # (Optional) domain name for auth user.
# Defaults to $::os_service_default. # Defaults to 'Default'.
# #
# [*auth_project_domain_name*] # [*auth_project_domain_name*]
# (Optional) domain name for auth project. # (Optional) domain name for auth project.
# Defaults to $::os_service_default. # Defaults to 'Default'.
# #
# [*auth_type*] # [*auth_type*]
# (Optional) Authentication type to load. # (Optional) Authentication type to load.
# Defaults to $::os_service_default. # Defaults to 'password'.
# #
class ceilometer::agent::auth ( class ceilometer::agent::auth (
$auth_password, $auth_password,
$auth_url = 'http://localhost:5000/v2.0', $auth_url = 'http://localhost:5000',
$auth_region = $::os_service_default, $auth_region = $::os_service_default,
$auth_user = 'ceilometer', $auth_user = 'ceilometer',
$auth_tenant_name = 'services', $auth_tenant_name = 'services',
$auth_tenant_id = undef, $auth_tenant_id = undef,
$auth_cacert = undef, $auth_cacert = undef,
$auth_endpoint_type = undef, $auth_endpoint_type = undef,
$auth_user_domain_name = $::os_service_default, $auth_user_domain_name = 'Default',
$auth_project_domain_name = $::os_service_default, $auth_project_domain_name = 'Default',
$auth_type = $::os_service_default, $auth_type = 'password',
) { ) {
if ! $auth_cacert { if ! $auth_cacert {

5
releasenotes/notes/password_auth_type-810a86921a846b2f.yaml Normal file
View File

@ -0,0 +1,5 @@
---
upgrade:
- Update auth_type value to 'password' to use keystone auth
plugin by default instead of ceilometer legacy keystone loader.
- Remove hard-coded API version from auth url

10
spec/classes/ceilometer_agent_auth_spec.rb
View File

@ -7,7 +7,7 @@ describe 'ceilometer::agent::auth' do
end end
let :params do let :params do
{ :auth_url => 'http://localhost:5000/v2.0', { :auth_url => 'http://localhost:5000',
:auth_region => '<SERVICE DEFAULT>', :auth_region => '<SERVICE DEFAULT>',
:auth_user => 'ceilometer', :auth_user => 'ceilometer',
:auth_password => 'password', :auth_password => 'password',
@ -18,16 +18,16 @@ describe 'ceilometer::agent::auth' do
shared_examples_for 'ceilometer-agent-auth' do shared_examples_for 'ceilometer-agent-auth' do
it 'configures authentication' do it 'configures authentication' do
is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000/v2.0') is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000')
is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer') is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password') is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value(params[:auth_password]).with_secret(true) is_expected.to contain_ceilometer_config('service_credentials/password').with_value(params[:auth_password]).with_secret(true)
is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services') is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services')
is_expected.to contain_ceilometer_config('service_credentials/ca_file').with(:ensure => 'absent') is_expected.to contain_ceilometer_config('service_credentials/ca_file').with(:ensure => 'absent')
is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('<SERVICE DEFAULT>') is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password')
end end
context 'when overriding parameters' do context 'when overriding parameters' do