Create a separate class to manage the trustee options
This change introduces the new heat::trustee class to manage the parameters in the [trustee] options. These options have been set according to authtoken parameters but it makes maintenance complicated and the logic doesn't work properly when noauth is used. This change also removes the [trustee] project_domain_name parameter because the parameter has never been used actually. Change-Id: I694a8ea771cc4d4dcfbf8384ece2be10d83ab3f0
This commit is contained in:
parent
5521392baa
commit
6e8b799ba8
@ -452,20 +452,16 @@ Use heat::engine::max_stacks_per_tenant instead.')
|
||||
password => $amqp_password,
|
||||
}
|
||||
|
||||
$www_authenticate_uri = $::heat::keystone::authtoken::www_authenticate_uri
|
||||
$auth_url = $::heat::keystone::authtoken::auth_url
|
||||
$keystone_username = $::heat::keystone::authtoken::username
|
||||
$keystone_password = $::heat::keystone::authtoken::password
|
||||
$keystone_project_domain_name = $::heat::keystone::authtoken::project_domain_name
|
||||
$keystone_user_domain_name = $::heat::keystone::authtoken::user_domain_name
|
||||
if !defined(Class[heat::trustee]) {
|
||||
warning('The heat:trustee class will be required to set trustee opiton in a future release')
|
||||
include heat::trustee
|
||||
}
|
||||
# TODO(tkajinam): Remove this when we remove the above logic
|
||||
heat_config {
|
||||
'trustee/project_domain_name': ensure => absent;
|
||||
}
|
||||
|
||||
heat_config {
|
||||
'trustee/auth_type': value => 'password';
|
||||
'trustee/auth_url': value => $auth_url;
|
||||
'trustee/username': value => $keystone_username;
|
||||
'trustee/password': value => $keystone_password, secret => true;
|
||||
'trustee/project_domain_name': value => $keystone_project_domain_name;
|
||||
'trustee/user_domain_name': value => $keystone_user_domain_name;
|
||||
'clients_heat/url': value => $heat_clients_url;
|
||||
'clients/endpoint_type': value => $heat_clients_endpoint_type;
|
||||
}
|
||||
|
66
manifests/trustee.pp
Normal file
66
manifests/trustee.pp
Normal file
@ -0,0 +1,66 @@
|
||||
# Class heat::trustee
|
||||
#
|
||||
# heat trustee configuration
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
# [*password*]
|
||||
# (optional) Password for connecting to Cinder services in
|
||||
# admin context through the OpenStack Identity service.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_type*]
|
||||
# (optional) Name of the auth type to load (string value)
|
||||
# Defaults to 'password'
|
||||
#
|
||||
# [*auth_url*]
|
||||
# (optional) Points to the OpenStack Identity server IP and port.
|
||||
# This is the Identity (keystone) admin API server IP and port value,
|
||||
# and not the Identity service API IP and port.
|
||||
# Defaults to 'http://127.0.0.1:5000/'
|
||||
#
|
||||
# [*username*]
|
||||
# (optional) Username for connecting to Cinder services in admin context
|
||||
# through the OpenStack Identity service.
|
||||
# Defaults to 'heat'
|
||||
#
|
||||
# [*user_domain_name*]
|
||||
# (optional) User Domain name for connecting to Cinder services in
|
||||
# admin context through the OpenStack Identity service.
|
||||
# Defaults to 'Default'
|
||||
#
|
||||
class heat::trustee (
|
||||
$password = undef,
|
||||
$auth_type = undef,
|
||||
$auth_url = undef,
|
||||
$username = undef,
|
||||
$user_domain_name = undef,
|
||||
) {
|
||||
|
||||
include heat::deps
|
||||
|
||||
if defined(Class[heat::keystone::authtoken]) {
|
||||
# TODO(tkajinam): The following logic was added to keep compatibility with
|
||||
# the old version which determines the trustee parameters based on
|
||||
# authtoken parameters. This should be removed after Y release.
|
||||
$password_real = pick($password, $::heat::keystone::authtoken::password)
|
||||
$auth_type_real = pick($auth_type, $::heat::keystone::authtoken::auth_type)
|
||||
$auth_url_real = pick($auth_url, $::heat::keystone::authtoken::auth_url)
|
||||
$username_real = pick($username, $::heat::keystone::authtoken::username)
|
||||
$user_domain_name_real = pick($user_domain_name, $::heat::keystone::authtoken::user_domain_name)
|
||||
} else {
|
||||
$password_real = pick($password, $::os_service_default)
|
||||
$auth_type_real = pick($auth_type, 'password')
|
||||
$auth_url_real = pick($auth_url, 'http://127.0.0.1:5000/')
|
||||
$username_real = pick($username, 'heat')
|
||||
$user_domain_name_real = pick($user_domain_name, 'Default')
|
||||
}
|
||||
|
||||
heat_config {
|
||||
'trustee/password': value => $password_real, secret => true;
|
||||
'trustee/auth_type': value => $auth_type_real;
|
||||
'trustee/auth_url': value => $auth_url_real;
|
||||
'trustee/username': value => $username_real;
|
||||
'trustee/user_domain_name': value => $user_domain_name_real;
|
||||
}
|
||||
}
|
12
releasenotes/notes/trustee-opts-947b2ad84a44701f.yaml
Normal file
12
releasenotes/notes/trustee-opts-947b2ad84a44701f.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The new ``heat::trustee`` class has been added. This class supports
|
||||
parameters define in the ``trustee`` section.
|
||||
|
||||
deprecations:
|
||||
- |
|
||||
The ``heat::trustee`` class should be included to manage ``trustee``
|
||||
option. This class is included by the ``heat`` class and the parameters are
|
||||
defined automatically based on the ``heat::keystone::authtoken`` class to
|
||||
keep compatibility but this behavior will be removed in a future release.
|
@ -91,10 +91,6 @@ describe 'heat' do
|
||||
is_expected.to contain_heat_config('DEFAULT/max_json_body_size').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
|
||||
it 'configures project_domain_*' do
|
||||
is_expected.to contain_heat_config('trustee/project_domain_name').with_value( 'Default' )
|
||||
end
|
||||
|
||||
it 'configures user_domain_*' do
|
||||
is_expected.to contain_heat_config('trustee/user_domain_name').with_value( 'Default' )
|
||||
end
|
||||
@ -317,12 +313,10 @@ describe 'heat' do
|
||||
shared_examples_for "with custom keystone project_domain_* and user_domain_*" do
|
||||
before do
|
||||
params.merge!({
|
||||
:keystone_project_domain_name => 'domain1',
|
||||
:keystone_user_domain_name => 'domain1',
|
||||
})
|
||||
end
|
||||
it 'configures project_domain_* and user_domain_*' do
|
||||
is_expected.to contain_heat_config('trustee/project_domain_name').with_value("domain1");
|
||||
is_expected.to contain_heat_config('trustee/user_domain_name').with_value("domain1");
|
||||
end
|
||||
end
|
||||
|
96
spec/classes/heat_trustree_spec.rb
Normal file
96
spec/classes/heat_trustree_spec.rb
Normal file
@ -0,0 +1,96 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'heat::trustee' do
|
||||
|
||||
shared_examples_for 'heat::trustee' do
|
||||
|
||||
context 'with defaults' do
|
||||
let :params do
|
||||
{}
|
||||
end
|
||||
it 'configures trustee options' do
|
||||
is_expected.to contain_heat_config('trustee/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
||||
is_expected.to contain_heat_config('trustee/auth_url').with_value('http://127.0.0.1:5000/')
|
||||
is_expected.to contain_heat_config('trustee/auth_type').with_value('password')
|
||||
is_expected.to contain_heat_config('trustee/username').with_value('heat')
|
||||
is_expected.to contain_heat_config('trustee/user_domain_name').with_value('Default')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with parameters overridden' do
|
||||
let :params do
|
||||
{
|
||||
:password => 'heat_password',
|
||||
:auth_type => 'v3password',
|
||||
:auth_url => 'https://localhost:13000/',
|
||||
:username => 'alt_heat',
|
||||
:user_domain_name => 'MyDomain',
|
||||
}
|
||||
end
|
||||
it 'configures trustee options' do
|
||||
is_expected.to contain_heat_config('trustee/password').with_value('heat_password').with_secret(true)
|
||||
is_expected.to contain_heat_config('trustee/auth_url').with_value('https://localhost:13000/')
|
||||
is_expected.to contain_heat_config('trustee/auth_type').with_value('v3password')
|
||||
is_expected.to contain_heat_config('trustee/username').with_value('alt_heat')
|
||||
is_expected.to contain_heat_config('trustee/user_domain_name').with_value('MyDomain')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with authtoken defaults' do
|
||||
let :pre_condition do
|
||||
"class { 'heat::keystone::authtoken':
|
||||
password => 'heat_password',
|
||||
}"
|
||||
end
|
||||
|
||||
let :params do
|
||||
{}
|
||||
end
|
||||
|
||||
it 'configures trustee options' do
|
||||
is_expected.to contain_heat_config('trustee/password').with_value('heat_password').with_secret(true)
|
||||
is_expected.to contain_heat_config('trustee/auth_url').with_value('http://127.0.0.1:5000/')
|
||||
is_expected.to contain_heat_config('trustee/auth_type').with_value('password')
|
||||
is_expected.to contain_heat_config('trustee/username').with_value('heat')
|
||||
is_expected.to contain_heat_config('trustee/user_domain_name').with_value('Default')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with authtoken parameters' do
|
||||
let :pre_condition do
|
||||
"class { 'heat::keystone::authtoken':
|
||||
password => 'heat_password',
|
||||
auth_type => 'v3password',
|
||||
auth_url => 'https://localhost:13000/',
|
||||
username => 'alt_heat',
|
||||
user_domain_name => 'MyDomain',
|
||||
}"
|
||||
end
|
||||
|
||||
let :params do
|
||||
{}
|
||||
end
|
||||
|
||||
it 'configures trustee options' do
|
||||
is_expected.to contain_heat_config('trustee/password').with_value('heat_password').with_secret(true)
|
||||
is_expected.to contain_heat_config('trustee/auth_url').with_value('https://localhost:13000/')
|
||||
is_expected.to contain_heat_config('trustee/auth_type').with_value('v3password')
|
||||
is_expected.to contain_heat_config('trustee/username').with_value('alt_heat')
|
||||
is_expected.to contain_heat_config('trustee/user_domain_name').with_value('MyDomain')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
it_configures 'heat::trustee'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue
Block a user