Create a separate class to manage the trustee options

This change introduces the new heat::trustee class to manage
the parameters in the [trustee] options. These options have been set
according to authtoken parameters but it makes maintenance complicated
and the logic doesn't work properly when noauth is used.

This change also removes the [trustee] project_domain_name parameter
because the parameter has never been used actually.

Change-Id: I694a8ea771cc4d4dcfbf8384ece2be10d83ab3f0
This commit is contained in:
Takashi Kajinami 2021-10-13 13:39:03 +09:00
parent 5521392baa
commit 6e8b799ba8
5 changed files with 185 additions and 21 deletions

View File

@ -452,22 +452,18 @@ Use heat::engine::max_stacks_per_tenant instead.')
password => $amqp_password,
}
$www_authenticate_uri = $::heat::keystone::authtoken::www_authenticate_uri
$auth_url = $::heat::keystone::authtoken::auth_url
$keystone_username = $::heat::keystone::authtoken::username
$keystone_password = $::heat::keystone::authtoken::password
$keystone_project_domain_name = $::heat::keystone::authtoken::project_domain_name
$keystone_user_domain_name = $::heat::keystone::authtoken::user_domain_name
if !defined(Class[heat::trustee]) {
warning('The heat:trustee class will be required to set trustee opiton in a future release')
include heat::trustee
}
# TODO(tkajinam): Remove this when we remove the above logic
heat_config {
'trustee/project_domain_name': ensure => absent;
}
heat_config {
'trustee/auth_type': value => 'password';
'trustee/auth_url': value => $auth_url;
'trustee/username': value => $keystone_username;
'trustee/password': value => $keystone_password, secret => true;
'trustee/project_domain_name': value => $keystone_project_domain_name;
'trustee/user_domain_name': value => $keystone_user_domain_name;
'clients_heat/url': value => $heat_clients_url;
'clients/endpoint_type': value => $heat_clients_endpoint_type;
'clients_heat/url': value => $heat_clients_url;
'clients/endpoint_type': value => $heat_clients_endpoint_type;
}
if (!is_service_default($enable_stack_adopt)) {

66
manifests/trustee.pp Normal file
View File

@ -0,0 +1,66 @@
# Class heat::trustee
#
# heat trustee configuration
#
# == Parameters
#
# [*password*]
# (optional) Password for connecting to Cinder services in
# admin context through the OpenStack Identity service.
# Defaults to $::os_service_default
#
# [*auth_type*]
# (optional) Name of the auth type to load (string value)
# Defaults to 'password'
#
# [*auth_url*]
# (optional) Points to the OpenStack Identity server IP and port.
# This is the Identity (keystone) admin API server IP and port value,
# and not the Identity service API IP and port.
# Defaults to 'http://127.0.0.1:5000/'
#
# [*username*]
# (optional) Username for connecting to Cinder services in admin context
# through the OpenStack Identity service.
# Defaults to 'heat'
#
# [*user_domain_name*]
# (optional) User Domain name for connecting to Cinder services in
# admin context through the OpenStack Identity service.
# Defaults to 'Default'
#
class heat::trustee (
$password = undef,
$auth_type = undef,
$auth_url = undef,
$username = undef,
$user_domain_name = undef,
) {
include heat::deps
if defined(Class[heat::keystone::authtoken]) {
# TODO(tkajinam): The following logic was added to keep compatibility with
# the old version which determines the trustee parameters based on
# authtoken parameters. This should be removed after Y release.
$password_real = pick($password, $::heat::keystone::authtoken::password)
$auth_type_real = pick($auth_type, $::heat::keystone::authtoken::auth_type)
$auth_url_real = pick($auth_url, $::heat::keystone::authtoken::auth_url)
$username_real = pick($username, $::heat::keystone::authtoken::username)
$user_domain_name_real = pick($user_domain_name, $::heat::keystone::authtoken::user_domain_name)
} else {
$password_real = pick($password, $::os_service_default)
$auth_type_real = pick($auth_type, 'password')
$auth_url_real = pick($auth_url, 'http://127.0.0.1:5000/')
$username_real = pick($username, 'heat')
$user_domain_name_real = pick($user_domain_name, 'Default')
}
heat_config {
'trustee/password': value => $password_real, secret => true;
'trustee/auth_type': value => $auth_type_real;
'trustee/auth_url': value => $auth_url_real;
'trustee/username': value => $username_real;
'trustee/user_domain_name': value => $user_domain_name_real;
}
}

View File

@ -0,0 +1,12 @@
---
features:
- |
The new ``heat::trustee`` class has been added. This class supports
parameters define in the ``trustee`` section.
deprecations:
- |
The ``heat::trustee`` class should be included to manage ``trustee``
option. This class is included by the ``heat`` class and the parameters are
defined automatically based on the ``heat::keystone::authtoken`` class to
keep compatibility but this behavior will be removed in a future release.

View File

@ -91,10 +91,6 @@ describe 'heat' do
is_expected.to contain_heat_config('DEFAULT/max_json_body_size').with_value('<SERVICE DEFAULT>')
end
it 'configures project_domain_*' do
is_expected.to contain_heat_config('trustee/project_domain_name').with_value( 'Default' )
end
it 'configures user_domain_*' do
is_expected.to contain_heat_config('trustee/user_domain_name').with_value( 'Default' )
end
@ -317,12 +313,10 @@ describe 'heat' do
shared_examples_for "with custom keystone project_domain_* and user_domain_*" do
before do
params.merge!({
:keystone_project_domain_name => 'domain1',
:keystone_user_domain_name => 'domain1',
:keystone_user_domain_name => 'domain1',
})
end
it 'configures project_domain_* and user_domain_*' do
is_expected.to contain_heat_config('trustee/project_domain_name').with_value("domain1");
is_expected.to contain_heat_config('trustee/user_domain_name').with_value("domain1");
end
end

View File

@ -0,0 +1,96 @@
require 'spec_helper'
describe 'heat::trustee' do
shared_examples_for 'heat::trustee' do
context 'with defaults' do
let :params do
{}
end
it 'configures trustee options' do
is_expected.to contain_heat_config('trustee/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_heat_config('trustee/auth_url').with_value('http://127.0.0.1:5000/')
is_expected.to contain_heat_config('trustee/auth_type').with_value('password')
is_expected.to contain_heat_config('trustee/username').with_value('heat')
is_expected.to contain_heat_config('trustee/user_domain_name').with_value('Default')
end
end
context 'with parameters overridden' do
let :params do
{
:password => 'heat_password',
:auth_type => 'v3password',
:auth_url => 'https://localhost:13000/',
:username => 'alt_heat',
:user_domain_name => 'MyDomain',
}
end
it 'configures trustee options' do
is_expected.to contain_heat_config('trustee/password').with_value('heat_password').with_secret(true)
is_expected.to contain_heat_config('trustee/auth_url').with_value('https://localhost:13000/')
is_expected.to contain_heat_config('trustee/auth_type').with_value('v3password')
is_expected.to contain_heat_config('trustee/username').with_value('alt_heat')
is_expected.to contain_heat_config('trustee/user_domain_name').with_value('MyDomain')
end
end
context 'with authtoken defaults' do
let :pre_condition do
"class { 'heat::keystone::authtoken':
password => 'heat_password',
}"
end
let :params do
{}
end
it 'configures trustee options' do
is_expected.to contain_heat_config('trustee/password').with_value('heat_password').with_secret(true)
is_expected.to contain_heat_config('trustee/auth_url').with_value('http://127.0.0.1:5000/')
is_expected.to contain_heat_config('trustee/auth_type').with_value('password')
is_expected.to contain_heat_config('trustee/username').with_value('heat')
is_expected.to contain_heat_config('trustee/user_domain_name').with_value('Default')
end
end
context 'with authtoken parameters' do
let :pre_condition do
"class { 'heat::keystone::authtoken':
password => 'heat_password',
auth_type => 'v3password',
auth_url => 'https://localhost:13000/',
username => 'alt_heat',
user_domain_name => 'MyDomain',
}"
end
let :params do
{}
end
it 'configures trustee options' do
is_expected.to contain_heat_config('trustee/password').with_value('heat_password').with_secret(true)
is_expected.to contain_heat_config('trustee/auth_url').with_value('https://localhost:13000/')
is_expected.to contain_heat_config('trustee/auth_type').with_value('v3password')
is_expected.to contain_heat_config('trustee/username').with_value('alt_heat')
is_expected.to contain_heat_config('trustee/user_domain_name').with_value('MyDomain')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_configures 'heat::trustee'
end
end
end