From 6e8b799ba8f8761616d52928e479a914ef899ea2 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 13 Oct 2021 13:39:03 +0900 Subject: [PATCH] Create a separate class to manage the trustee options This change introduces the new heat::trustee class to manage the parameters in the [trustee] options. These options have been set according to authtoken parameters but it makes maintenance complicated and the logic doesn't work properly when noauth is used. This change also removes the [trustee] project_domain_name parameter because the parameter has never been used actually. Change-Id: I694a8ea771cc4d4dcfbf8384ece2be10d83ab3f0 --- manifests/init.pp | 24 ++--- manifests/trustee.pp | 66 +++++++++++++ .../notes/trustee-opts-947b2ad84a44701f.yaml | 12 +++ spec/classes/heat_init_spec.rb | 8 +- spec/classes/heat_trustree_spec.rb | 96 +++++++++++++++++++ 5 files changed, 185 insertions(+), 21 deletions(-) create mode 100644 manifests/trustee.pp create mode 100644 releasenotes/notes/trustee-opts-947b2ad84a44701f.yaml create mode 100644 spec/classes/heat_trustree_spec.rb diff --git a/manifests/init.pp b/manifests/init.pp index 088c70ce..b2114e25 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -452,22 +452,18 @@ Use heat::engine::max_stacks_per_tenant instead.') password => $amqp_password, } - $www_authenticate_uri = $::heat::keystone::authtoken::www_authenticate_uri - $auth_url = $::heat::keystone::authtoken::auth_url - $keystone_username = $::heat::keystone::authtoken::username - $keystone_password = $::heat::keystone::authtoken::password - $keystone_project_domain_name = $::heat::keystone::authtoken::project_domain_name - $keystone_user_domain_name = $::heat::keystone::authtoken::user_domain_name + if !defined(Class[heat::trustee]) { + warning('The heat:trustee class will be required to set trustee opiton in a future release') + include heat::trustee + } + # TODO(tkajinam): Remove this when we remove the above logic + heat_config { + 'trustee/project_domain_name': ensure => absent; + } heat_config { - 'trustee/auth_type': value => 'password'; - 'trustee/auth_url': value => $auth_url; - 'trustee/username': value => $keystone_username; - 'trustee/password': value => $keystone_password, secret => true; - 'trustee/project_domain_name': value => $keystone_project_domain_name; - 'trustee/user_domain_name': value => $keystone_user_domain_name; - 'clients_heat/url': value => $heat_clients_url; - 'clients/endpoint_type': value => $heat_clients_endpoint_type; + 'clients_heat/url': value => $heat_clients_url; + 'clients/endpoint_type': value => $heat_clients_endpoint_type; } if (!is_service_default($enable_stack_adopt)) { diff --git a/manifests/trustee.pp b/manifests/trustee.pp new file mode 100644 index 00000000..27551e7f --- /dev/null +++ b/manifests/trustee.pp @@ -0,0 +1,66 @@ +# Class heat::trustee +# +# heat trustee configuration +# +# == Parameters +# +# [*password*] +# (optional) Password for connecting to Cinder services in +# admin context through the OpenStack Identity service. +# Defaults to $::os_service_default +# +# [*auth_type*] +# (optional) Name of the auth type to load (string value) +# Defaults to 'password' +# +# [*auth_url*] +# (optional) Points to the OpenStack Identity server IP and port. +# This is the Identity (keystone) admin API server IP and port value, +# and not the Identity service API IP and port. +# Defaults to 'http://127.0.0.1:5000/' +# +# [*username*] +# (optional) Username for connecting to Cinder services in admin context +# through the OpenStack Identity service. +# Defaults to 'heat' +# +# [*user_domain_name*] +# (optional) User Domain name for connecting to Cinder services in +# admin context through the OpenStack Identity service. +# Defaults to 'Default' +# +class heat::trustee ( + $password = undef, + $auth_type = undef, + $auth_url = undef, + $username = undef, + $user_domain_name = undef, +) { + + include heat::deps + + if defined(Class[heat::keystone::authtoken]) { + # TODO(tkajinam): The following logic was added to keep compatibility with + # the old version which determines the trustee parameters based on + # authtoken parameters. This should be removed after Y release. + $password_real = pick($password, $::heat::keystone::authtoken::password) + $auth_type_real = pick($auth_type, $::heat::keystone::authtoken::auth_type) + $auth_url_real = pick($auth_url, $::heat::keystone::authtoken::auth_url) + $username_real = pick($username, $::heat::keystone::authtoken::username) + $user_domain_name_real = pick($user_domain_name, $::heat::keystone::authtoken::user_domain_name) + } else { + $password_real = pick($password, $::os_service_default) + $auth_type_real = pick($auth_type, 'password') + $auth_url_real = pick($auth_url, 'http://127.0.0.1:5000/') + $username_real = pick($username, 'heat') + $user_domain_name_real = pick($user_domain_name, 'Default') + } + + heat_config { + 'trustee/password': value => $password_real, secret => true; + 'trustee/auth_type': value => $auth_type_real; + 'trustee/auth_url': value => $auth_url_real; + 'trustee/username': value => $username_real; + 'trustee/user_domain_name': value => $user_domain_name_real; + } +} diff --git a/releasenotes/notes/trustee-opts-947b2ad84a44701f.yaml b/releasenotes/notes/trustee-opts-947b2ad84a44701f.yaml new file mode 100644 index 00000000..760bc69a --- /dev/null +++ b/releasenotes/notes/trustee-opts-947b2ad84a44701f.yaml @@ -0,0 +1,12 @@ +--- +features: + - | + The new ``heat::trustee`` class has been added. This class supports + parameters define in the ``trustee`` section. + +deprecations: + - | + The ``heat::trustee`` class should be included to manage ``trustee`` + option. This class is included by the ``heat`` class and the parameters are + defined automatically based on the ``heat::keystone::authtoken`` class to + keep compatibility but this behavior will be removed in a future release. diff --git a/spec/classes/heat_init_spec.rb b/spec/classes/heat_init_spec.rb index 5771c455..bf5029e3 100644 --- a/spec/classes/heat_init_spec.rb +++ b/spec/classes/heat_init_spec.rb @@ -91,10 +91,6 @@ describe 'heat' do is_expected.to contain_heat_config('DEFAULT/max_json_body_size').with_value('') end - it 'configures project_domain_*' do - is_expected.to contain_heat_config('trustee/project_domain_name').with_value( 'Default' ) - end - it 'configures user_domain_*' do is_expected.to contain_heat_config('trustee/user_domain_name').with_value( 'Default' ) end @@ -317,12 +313,10 @@ describe 'heat' do shared_examples_for "with custom keystone project_domain_* and user_domain_*" do before do params.merge!({ - :keystone_project_domain_name => 'domain1', - :keystone_user_domain_name => 'domain1', + :keystone_user_domain_name => 'domain1', }) end it 'configures project_domain_* and user_domain_*' do - is_expected.to contain_heat_config('trustee/project_domain_name').with_value("domain1"); is_expected.to contain_heat_config('trustee/user_domain_name').with_value("domain1"); end end diff --git a/spec/classes/heat_trustree_spec.rb b/spec/classes/heat_trustree_spec.rb new file mode 100644 index 00000000..81e5a4cb --- /dev/null +++ b/spec/classes/heat_trustree_spec.rb @@ -0,0 +1,96 @@ +require 'spec_helper' + +describe 'heat::trustee' do + + shared_examples_for 'heat::trustee' do + + context 'with defaults' do + let :params do + {} + end + it 'configures trustee options' do + is_expected.to contain_heat_config('trustee/password').with_value('').with_secret(true) + is_expected.to contain_heat_config('trustee/auth_url').with_value('http://127.0.0.1:5000/') + is_expected.to contain_heat_config('trustee/auth_type').with_value('password') + is_expected.to contain_heat_config('trustee/username').with_value('heat') + is_expected.to contain_heat_config('trustee/user_domain_name').with_value('Default') + end + end + + context 'with parameters overridden' do + let :params do + { + :password => 'heat_password', + :auth_type => 'v3password', + :auth_url => 'https://localhost:13000/', + :username => 'alt_heat', + :user_domain_name => 'MyDomain', + } + end + it 'configures trustee options' do + is_expected.to contain_heat_config('trustee/password').with_value('heat_password').with_secret(true) + is_expected.to contain_heat_config('trustee/auth_url').with_value('https://localhost:13000/') + is_expected.to contain_heat_config('trustee/auth_type').with_value('v3password') + is_expected.to contain_heat_config('trustee/username').with_value('alt_heat') + is_expected.to contain_heat_config('trustee/user_domain_name').with_value('MyDomain') + end + end + + context 'with authtoken defaults' do + let :pre_condition do + "class { 'heat::keystone::authtoken': + password => 'heat_password', + }" + end + + let :params do + {} + end + + it 'configures trustee options' do + is_expected.to contain_heat_config('trustee/password').with_value('heat_password').with_secret(true) + is_expected.to contain_heat_config('trustee/auth_url').with_value('http://127.0.0.1:5000/') + is_expected.to contain_heat_config('trustee/auth_type').with_value('password') + is_expected.to contain_heat_config('trustee/username').with_value('heat') + is_expected.to contain_heat_config('trustee/user_domain_name').with_value('Default') + end + end + + context 'with authtoken parameters' do + let :pre_condition do + "class { 'heat::keystone::authtoken': + password => 'heat_password', + auth_type => 'v3password', + auth_url => 'https://localhost:13000/', + username => 'alt_heat', + user_domain_name => 'MyDomain', + }" + end + + let :params do + {} + end + + it 'configures trustee options' do + is_expected.to contain_heat_config('trustee/password').with_value('heat_password').with_secret(true) + is_expected.to contain_heat_config('trustee/auth_url').with_value('https://localhost:13000/') + is_expected.to contain_heat_config('trustee/auth_type').with_value('v3password') + is_expected.to contain_heat_config('trustee/username').with_value('alt_heat') + is_expected.to contain_heat_config('trustee/user_domain_name').with_value('MyDomain') + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_configures 'heat::trustee' + end + end + +end