openstack/puppet-heat
Code Issues Proposed changes

Merge "Remove old authtoken options"

Browse Source
This commit is contained in:
Jenkins 2016-11-21 22:13:36 +00:00 committed by Gerrit Code Review
commit 95db61d071
7 changed files with 52 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
manifests/init.pp
View File

@ -300,54 +300,6 @@
# take for evaluation.
# Defaults to $::os_service_default.
#
# DEPRECATED PARAMETERS
#
# [*auth_uri*]
# (Optional) Deprecated. Use heat::keystone::authtoken::auth_uri
# Defaults to undef
#
# [*identity_uri*]
# (Optional) Deprecated. Use heat::keystone::authtoken::auth_url
# Defaults to undef
#
# [*auth_plugin*]
# (Optional) Deprecated. Use heat::keystone::authtoken::auth_type
# Defaults to undef
#
# [*keystone_user*]
# (Optional) Deprecated. Use heat::keystone::authtoken::username
# Defaults to undef
#
# [*keystone_tenant*]
# (Optional) Deprecated. Use heat::keystone::authtoken::project_name
# Defaults to undef
#
# [*keystone_password*]
# (Optional) Deprecated. Use heat::keystone::authtoken::password
# Defaults to undef
#
# [*keystone_user_domain_name*]
# (Optional) Deprecated. Use heat::keystone::authtoken::user_domain_name
# Defaults to undef
#
# [*keystone_user_domain_id*]
# (Optional) Deprecated. Use heat::keystone::authtoken::user_domain_name
# instead, there is no need for both id and name options.
# Defaults to $::os_service_default
#
# [*keystone_project_domain_name*]
# (Optional) Deprecated. Use heat::keystone::authtoken::project_domain_name
# Defaults to undef
#
# [*keystone_project_domain_id*]
# (Optional) Deprecated. Use heat::keystone::authtoken::project_domain_name
# instead, there is no need for both id and name options.
# Defaults to $::os_service_default
#
# [*memcached_servers*]
# (Optional) Deprecated. Use heat::keystone::authtoken::memcached_servers.
# Defaults to undef
#
class heat(
$package_ensure = 'present',
$debug = undef,
@ -416,17 +368,6 @@ class heat(
$auth_strategy = 'keystone',
$yaql_memory_quota = $::os_service_default,
$yaql_limit_iterators = $::os_service_default,
$auth_uri = undef,
$identity_uri = undef,
$auth_plugin = undef,
$keystone_user = undef,
$keystone_tenant = undef,
$keystone_password = undef,
$keystone_user_domain_name = undef,
$keystone_user_domain_id = $::os_service_default,
$keystone_project_domain_name = undef,
$keystone_project_domain_id = $::os_service_default,
$memcached_servers = undef,
) {
include ::heat::logging
@ -438,50 +379,6 @@ class heat(
include ::heat::keystone::authtoken
}
if $auth_uri {
warning('auth_uri is deprecated, use heat::keystone::authtoken::auth_uri instead.')
}
if $identity_uri {
warning('identity_uri is deprecated, use heat::keystone::authtoken::auth_url instead.')
}
if $auth_plugin {
warning('auth_plugin is deprecated, use heat::keystone::authtoken::auth_type instead.')
}
if $keystone_user {
warning('keystone_user is deprecated, use heat::keystone::authtoken::username instead.')
}
if $keystone_tenant {
warning('keystone_tenant is deprecated, use heat::keystone::authtoken::project_name instead.')
}
if $keystone_password {
warning('keystone_password is deprecated, use heat::keystone::authtoken::password instead.')
}
if $keystone_user_domain_name {
warning('keystone_user_domain_name is deprecated, use heat::keystone::authtoken::user_domain_name instead.')
}
if $keystone_user_domain_id {
warning('keystone_user_domain_id is deprecated, use the name option instead.')
}
if $keystone_project_domain_name {
warning('keystone_project_domain_name is deprecated, use heat::keystone::authtoken::project_domain_name instead.')
}
if $keystone_project_domain_id {
warning('keystone_project_domain_id is deprecated, use the name option instead.')
}
if $memcached_servers {
warning('memcached_servers is deprecated, use heat::keystone::authtoken::memcached_servers instead.')
}
package { 'heat-common':
ensure => $package_ensure,
name => $::heat::params::common_package_name,
@ -539,22 +436,20 @@ class heat(
}
}
$auth_url_real = pick($identity_uri, $::heat::keystone::authtoken::auth_url)
$keystone_user_real = pick($keystone_user, $::heat::keystone::authtoken::username)
$keystone_password_real = pick($keystone_password, $::heat::keystone::authtoken::password)
$keystone_project_domain_name_real = pick($keystone_project_domain_name, $::heat::keystone::authtoken::project_domain_name)
$keystone_user_domain_name_real = pick($keystone_user_domain_name, $::heat::keystone::authtoken::user_domain_name)
$auth_url = $::heat::keystone::authtoken::auth_url
$keystone_username = $::heat::keystone::authtoken::username
$keystone_password = $::heat::keystone::authtoken::password
$keystone_project_domain_name = $::heat::keystone::authtoken::project_domain_name
$keystone_user_domain_name = $::heat::keystone::authtoken::user_domain_name
heat_config {
'trustee/auth_type': value => 'password';
'trustee/auth_url': value => $auth_url_real;
'trustee/username': value => $keystone_user_real;
'trustee/password': value => $keystone_password_real, secret => true;
'trustee/project_domain_id': value => $keystone_project_domain_id;
'trustee/user_domain_id': value => $keystone_user_domain_id;
'trustee/project_domain_name': value => $keystone_project_domain_name_real;
'trustee/user_domain_name': value => $keystone_user_domain_name_real;
'clients_keystone/auth_uri': value => $auth_url_real;
'trustee/auth_url': value => $auth_url;
'trustee/username': value => $keystone_username;
'trustee/password': value => $keystone_password, secret => true;
'trustee/project_domain_name': value => $keystone_project_domain_name;
'trustee/user_domain_name': value => $keystone_user_domain_name;
'clients_keystone/auth_uri': value => $auth_url;
'clients_heat/url': value => $heat_clients_url;
}

30
manifests/keystone/authtoken.pp
View File

@ -223,31 +223,21 @@ class heat::keystone::authtoken(
$token_cache_time = $::os_service_default,
) {
if is_service_default($password) and ! $::heat::keystone_password {
if is_service_default($password) {
fail('Please set password for heat service user')
}
$auth_uri_real = pick($::heat::auth_uri, $auth_uri)
$auth_url_real = pick($::heat::identity_uri, $auth_url)
$auth_type_real = pick($::heat::auth_plugin, $auth_type)
$username_real = pick($::heat::keystone_user, $username)
$password_real = pick($::heat::keystone_password, $password)
$project_name_real = pick($::heat::keystone_tenant, $project_name)
$user_domain_name_real = pick($::heat::keystone_user_domain_name, $user_domain_name)
$project_domain_name_real = pick($::heat::keystone_project_domain_name, $project_domain_name)
$memcached_servers_real = pick($::heat::memcached_servers, $memcached_servers)
keystone::resource::authtoken { 'heat_config':
username => $username_real,
password => $password_real,
project_name => $project_name_real,
auth_url => $auth_url_real,
auth_uri => $auth_uri_real,
username => $username,
password => $password,
project_name => $project_name,
auth_url => $auth_url,
auth_uri => $auth_uri,
auth_version => $auth_version,
auth_type => $auth_type_real,
auth_type => $auth_type,
auth_section => $auth_section,
user_domain_name => $user_domain_name_real,
project_domain_name => $project_domain_name_real,
user_domain_name => $user_domain_name,
project_domain_name => $project_domain_name,
insecure => $insecure,
cache => $cache,
cafile => $cafile,
@ -268,7 +258,7 @@ class heat::keystone::authtoken(
memcache_security_strategy => $memcache_security_strategy,
memcache_use_advanced_pool => $memcache_use_advanced_pool,
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
memcached_servers => $memcached_servers_real,
memcached_servers => $memcached_servers,
region_name => $region_name,
revocation_cache_time => $revocation_cache_time,
signing_dir => $signing_dir,

13
releasenotes/notes/remove_old_authtoken_options-25efe0cb4abcbd2b.yaml Normal file
View File

@ -0,0 +1,13 @@
---
other:
- removed deprecated heat::auth_uri
- removed deprecated heat::identity_uri
- removed deprecated heat::auth_plugin
- removed deprecated heat::keystone_user
- removed deprecated heat::keystone_password
- removed deprecated heat::keystone_tenant
- removed deprecated heat::keystone_user_domain_name
- removed deprecated heat::keystone_user_domain_id
- removed deprecated heat::keystone_project_domain_name
- removed deprecated heat::keystone_project_domain_id
- removed deprecated heat::memcached_servers

6
spec/classes/heat_api_cfn_spec.rb
View File

@ -97,8 +97,10 @@ describe 'heat::api_cfn' do
context 'with $sync_db set to false in ::heat' do
let :pre_condition do
"class {'heat':
keystone_password => 'password',
"class { '::heat::keystone::authtoken':
password => 'a_big_secret',
}
class {'heat':
sync_db => false
}"
end

6
spec/classes/heat_api_cloudwatch_spec.rb
View File

@ -98,8 +98,10 @@ describe 'heat::api_cloudwatch' do
context 'with $sync_db set to false in ::heat' do
let :pre_condition do
"class {'heat':
keystone_password => 'password',
"class { '::heat::keystone::authtoken':
password => 'a_big_secret',
}
class {'heat':
sync_db => false
}"
end

8
spec/classes/heat_api_spec.rb
View File

@ -97,9 +97,11 @@ describe 'heat::api' do
context 'with $sync_db set to false in ::heat' do
let :pre_condition do
"class {'heat':
keystone_password => 'password',
sync_db => false
"class { '::heat::keystone::authtoken':
password => 'a_big_secret',
}
class {'heat':
sync_db => false,
}"
end

23
spec/classes/heat_init_spec.rb
View File

@ -1,6 +1,11 @@
require 'spec_helper'
describe 'heat' do
let :pre_condition do
"class { '::heat::keystone::authtoken':
password => 'secretpassword',
}"
end
let :params do
{
@ -17,7 +22,6 @@ describe 'heat' do
:database_idle_timeout => 3600,
:keystone_ec2_uri => 'http://127.0.0.1:5000/v2.0/ec2tokens',
:flavor => 'keystone',
:keystone_password => 'secretpassword',
:heat_clients_url => '<SERVICE DEFAULT>',
:purge_config => false,
:yaql_limit_iterators => 400,
@ -104,12 +108,10 @@ describe 'heat' do
end
it 'configures project_domain_*' do
is_expected.to contain_heat_config('trustee/project_domain_id').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('trustee/project_domain_name').with_value( 'Default' )
end
it 'configures user_domain_*' do
is_expected.to contain_heat_config('trustee/user_domain_id').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('trustee/user_domain_name').with_value( 'Default' )
end
@ -160,7 +162,6 @@ describe 'heat' do
is_expected.to contain_heat_config('clients_heat/url').with_value('<SERVICE DEFAULT>')
end
it_configures "with default auth method"
end
shared_examples_for 'rabbit without HA support (with backward compatibility)' do
@ -374,21 +375,9 @@ describe 'heat' do
end
end
shared_examples_for "with default auth method" do
it 'configures auth_uri, identity_uri, admin_tenant_name, admin_user, admin_password' do
is_expected.to contain_heat_config('keystone_authtoken/auth_uri').with_value("http://127.0.0.1:5000/")
is_expected.to contain_heat_config('keystone_authtoken/auth_url').with_value("http://127.0.0.1:35357/")
is_expected.to contain_heat_config('keystone_authtoken/project_name').with_value("services")
is_expected.to contain_heat_config('keystone_authtoken/username').with_value("heat")
is_expected.to contain_heat_config('keystone_authtoken/password').with_secret( true )
end
end
shared_examples_for "with custom keystone project_domain_* and user_domain_*" do
before do
params.merge!({
:keystone_project_domain_id => 'domain1',
:keystone_user_domain_id => 'domain1',
:keystone_project_domain_name => 'domain1',
:keystone_user_domain_name => 'domain1',
})
@ -396,8 +385,6 @@ describe 'heat' do
it 'configures project_domain_* and user_domain_*' do
is_expected.to contain_heat_config('trustee/project_domain_name').with_value("domain1");
is_expected.to contain_heat_config('trustee/user_domain_name').with_value("domain1");
is_expected.to contain_heat_config('trustee/project_domain_id').with_value("domain1");
is_expected.to contain_heat_config('trustee/user_domain_id').with_value("domain1");
end
end