From da7bc4620371ae0bbad1772755b9037aefd34c2a Mon Sep 17 00:00:00 2001 From: Iury Gregory Melo Ferreira Date: Sun, 6 Nov 2016 00:38:47 -0300 Subject: [PATCH] Remove old authtoken options Since we are in ocata lets remove all old parameters in api to configure the keystone_authtoken section Change-Id: I7f18b79b9107baad78129b098246bd9c931420dc --- manifests/init.pp | 127 ++---------------- manifests/keystone/authtoken.pp | 30 ++--- ...ld_authtoken_options-25efe0cb4abcbd2b.yaml | 13 ++ spec/classes/heat_api_cfn_spec.rb | 6 +- spec/classes/heat_api_cloudwatch_spec.rb | 6 +- spec/classes/heat_api_spec.rb | 8 +- spec/classes/heat_init_spec.rb | 23 +--- 7 files changed, 52 insertions(+), 161 deletions(-) create mode 100644 releasenotes/notes/remove_old_authtoken_options-25efe0cb4abcbd2b.yaml diff --git a/manifests/init.pp b/manifests/init.pp index 8d98bd99..36c89ece 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -300,54 +300,6 @@ # take for evaluation. # Defaults to $::os_service_default. # -# DEPRECATED PARAMETERS -# -# [*auth_uri*] -# (Optional) Deprecated. Use heat::keystone::authtoken::auth_uri -# Defaults to undef -# -# [*identity_uri*] -# (Optional) Deprecated. Use heat::keystone::authtoken::auth_url -# Defaults to undef -# -# [*auth_plugin*] -# (Optional) Deprecated. Use heat::keystone::authtoken::auth_type -# Defaults to undef -# -# [*keystone_user*] -# (Optional) Deprecated. Use heat::keystone::authtoken::username -# Defaults to undef -# -# [*keystone_tenant*] -# (Optional) Deprecated. Use heat::keystone::authtoken::project_name -# Defaults to undef -# -# [*keystone_password*] -# (Optional) Deprecated. Use heat::keystone::authtoken::password -# Defaults to undef -# -# [*keystone_user_domain_name*] -# (Optional) Deprecated. Use heat::keystone::authtoken::user_domain_name -# Defaults to undef -# -# [*keystone_user_domain_id*] -# (Optional) Deprecated. Use heat::keystone::authtoken::user_domain_name -# instead, there is no need for both id and name options. -# Defaults to $::os_service_default -# -# [*keystone_project_domain_name*] -# (Optional) Deprecated. Use heat::keystone::authtoken::project_domain_name -# Defaults to undef -# -# [*keystone_project_domain_id*] -# (Optional) Deprecated. Use heat::keystone::authtoken::project_domain_name -# instead, there is no need for both id and name options. -# Defaults to $::os_service_default -# -# [*memcached_servers*] -# (Optional) Deprecated. Use heat::keystone::authtoken::memcached_servers. -# Defaults to undef -# class heat( $package_ensure = 'present', $debug = undef, @@ -416,17 +368,6 @@ class heat( $auth_strategy = 'keystone', $yaql_memory_quota = $::os_service_default, $yaql_limit_iterators = $::os_service_default, - $auth_uri = undef, - $identity_uri = undef, - $auth_plugin = undef, - $keystone_user = undef, - $keystone_tenant = undef, - $keystone_password = undef, - $keystone_user_domain_name = undef, - $keystone_user_domain_id = $::os_service_default, - $keystone_project_domain_name = undef, - $keystone_project_domain_id = $::os_service_default, - $memcached_servers = undef, ) { include ::heat::logging @@ -438,50 +379,6 @@ class heat( include ::heat::keystone::authtoken } - if $auth_uri { - warning('auth_uri is deprecated, use heat::keystone::authtoken::auth_uri instead.') - } - - if $identity_uri { - warning('identity_uri is deprecated, use heat::keystone::authtoken::auth_url instead.') - } - - if $auth_plugin { - warning('auth_plugin is deprecated, use heat::keystone::authtoken::auth_type instead.') - } - - if $keystone_user { - warning('keystone_user is deprecated, use heat::keystone::authtoken::username instead.') - } - - if $keystone_tenant { - warning('keystone_tenant is deprecated, use heat::keystone::authtoken::project_name instead.') - } - - if $keystone_password { - warning('keystone_password is deprecated, use heat::keystone::authtoken::password instead.') - } - - if $keystone_user_domain_name { - warning('keystone_user_domain_name is deprecated, use heat::keystone::authtoken::user_domain_name instead.') - } - - if $keystone_user_domain_id { - warning('keystone_user_domain_id is deprecated, use the name option instead.') - } - - if $keystone_project_domain_name { - warning('keystone_project_domain_name is deprecated, use heat::keystone::authtoken::project_domain_name instead.') - } - - if $keystone_project_domain_id { - warning('keystone_project_domain_id is deprecated, use the name option instead.') - } - - if $memcached_servers { - warning('memcached_servers is deprecated, use heat::keystone::authtoken::memcached_servers instead.') - } - package { 'heat-common': ensure => $package_ensure, name => $::heat::params::common_package_name, @@ -539,22 +436,20 @@ class heat( } } - $auth_url_real = pick($identity_uri, $::heat::keystone::authtoken::auth_url) - $keystone_user_real = pick($keystone_user, $::heat::keystone::authtoken::username) - $keystone_password_real = pick($keystone_password, $::heat::keystone::authtoken::password) - $keystone_project_domain_name_real = pick($keystone_project_domain_name, $::heat::keystone::authtoken::project_domain_name) - $keystone_user_domain_name_real = pick($keystone_user_domain_name, $::heat::keystone::authtoken::user_domain_name) + $auth_url = $::heat::keystone::authtoken::auth_url + $keystone_username = $::heat::keystone::authtoken::username + $keystone_password = $::heat::keystone::authtoken::password + $keystone_project_domain_name = $::heat::keystone::authtoken::project_domain_name + $keystone_user_domain_name = $::heat::keystone::authtoken::user_domain_name heat_config { 'trustee/auth_type': value => 'password'; - 'trustee/auth_url': value => $auth_url_real; - 'trustee/username': value => $keystone_user_real; - 'trustee/password': value => $keystone_password_real, secret => true; - 'trustee/project_domain_id': value => $keystone_project_domain_id; - 'trustee/user_domain_id': value => $keystone_user_domain_id; - 'trustee/project_domain_name': value => $keystone_project_domain_name_real; - 'trustee/user_domain_name': value => $keystone_user_domain_name_real; - 'clients_keystone/auth_uri': value => $auth_url_real; + 'trustee/auth_url': value => $auth_url; + 'trustee/username': value => $keystone_username; + 'trustee/password': value => $keystone_password, secret => true; + 'trustee/project_domain_name': value => $keystone_project_domain_name; + 'trustee/user_domain_name': value => $keystone_user_domain_name; + 'clients_keystone/auth_uri': value => $auth_url; 'clients_heat/url': value => $heat_clients_url; } diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp index e00d9009..d0277c58 100644 --- a/manifests/keystone/authtoken.pp +++ b/manifests/keystone/authtoken.pp @@ -223,31 +223,21 @@ class heat::keystone::authtoken( $token_cache_time = $::os_service_default, ) { - if is_service_default($password) and ! $::heat::keystone_password { + if is_service_default($password) { fail('Please set password for heat service user') } - $auth_uri_real = pick($::heat::auth_uri, $auth_uri) - $auth_url_real = pick($::heat::identity_uri, $auth_url) - $auth_type_real = pick($::heat::auth_plugin, $auth_type) - $username_real = pick($::heat::keystone_user, $username) - $password_real = pick($::heat::keystone_password, $password) - $project_name_real = pick($::heat::keystone_tenant, $project_name) - $user_domain_name_real = pick($::heat::keystone_user_domain_name, $user_domain_name) - $project_domain_name_real = pick($::heat::keystone_project_domain_name, $project_domain_name) - $memcached_servers_real = pick($::heat::memcached_servers, $memcached_servers) - keystone::resource::authtoken { 'heat_config': - username => $username_real, - password => $password_real, - project_name => $project_name_real, - auth_url => $auth_url_real, - auth_uri => $auth_uri_real, + username => $username, + password => $password, + project_name => $project_name, + auth_url => $auth_url, + auth_uri => $auth_uri, auth_version => $auth_version, - auth_type => $auth_type_real, + auth_type => $auth_type, auth_section => $auth_section, - user_domain_name => $user_domain_name_real, - project_domain_name => $project_domain_name_real, + user_domain_name => $user_domain_name, + project_domain_name => $project_domain_name, insecure => $insecure, cache => $cache, cafile => $cafile, @@ -268,7 +258,7 @@ class heat::keystone::authtoken( memcache_security_strategy => $memcache_security_strategy, memcache_use_advanced_pool => $memcache_use_advanced_pool, memcache_pool_unused_timeout => $memcache_pool_unused_timeout, - memcached_servers => $memcached_servers_real, + memcached_servers => $memcached_servers, region_name => $region_name, revocation_cache_time => $revocation_cache_time, signing_dir => $signing_dir, diff --git a/releasenotes/notes/remove_old_authtoken_options-25efe0cb4abcbd2b.yaml b/releasenotes/notes/remove_old_authtoken_options-25efe0cb4abcbd2b.yaml new file mode 100644 index 00000000..a090044b --- /dev/null +++ b/releasenotes/notes/remove_old_authtoken_options-25efe0cb4abcbd2b.yaml @@ -0,0 +1,13 @@ +--- +other: + - removed deprecated heat::auth_uri + - removed deprecated heat::identity_uri + - removed deprecated heat::auth_plugin + - removed deprecated heat::keystone_user + - removed deprecated heat::keystone_password + - removed deprecated heat::keystone_tenant + - removed deprecated heat::keystone_user_domain_name + - removed deprecated heat::keystone_user_domain_id + - removed deprecated heat::keystone_project_domain_name + - removed deprecated heat::keystone_project_domain_id + - removed deprecated heat::memcached_servers diff --git a/spec/classes/heat_api_cfn_spec.rb b/spec/classes/heat_api_cfn_spec.rb index 6c9456db..8f7f4cc6 100644 --- a/spec/classes/heat_api_cfn_spec.rb +++ b/spec/classes/heat_api_cfn_spec.rb @@ -97,8 +97,10 @@ describe 'heat::api_cfn' do context 'with $sync_db set to false in ::heat' do let :pre_condition do - "class {'heat': - keystone_password => 'password', + "class { '::heat::keystone::authtoken': + password => 'a_big_secret', + } + class {'heat': sync_db => false }" end diff --git a/spec/classes/heat_api_cloudwatch_spec.rb b/spec/classes/heat_api_cloudwatch_spec.rb index 49f2c947..fbe0b001 100644 --- a/spec/classes/heat_api_cloudwatch_spec.rb +++ b/spec/classes/heat_api_cloudwatch_spec.rb @@ -98,8 +98,10 @@ describe 'heat::api_cloudwatch' do context 'with $sync_db set to false in ::heat' do let :pre_condition do - "class {'heat': - keystone_password => 'password', + "class { '::heat::keystone::authtoken': + password => 'a_big_secret', + } + class {'heat': sync_db => false }" end diff --git a/spec/classes/heat_api_spec.rb b/spec/classes/heat_api_spec.rb index 9f3f2138..95239161 100644 --- a/spec/classes/heat_api_spec.rb +++ b/spec/classes/heat_api_spec.rb @@ -97,9 +97,11 @@ describe 'heat::api' do context 'with $sync_db set to false in ::heat' do let :pre_condition do - "class {'heat': - keystone_password => 'password', - sync_db => false + "class { '::heat::keystone::authtoken': + password => 'a_big_secret', + } + class {'heat': + sync_db => false, }" end diff --git a/spec/classes/heat_init_spec.rb b/spec/classes/heat_init_spec.rb index 919437e6..86389068 100644 --- a/spec/classes/heat_init_spec.rb +++ b/spec/classes/heat_init_spec.rb @@ -1,6 +1,11 @@ require 'spec_helper' describe 'heat' do + let :pre_condition do + "class { '::heat::keystone::authtoken': + password => 'secretpassword', + }" + end let :params do { @@ -17,7 +22,6 @@ describe 'heat' do :database_idle_timeout => 3600, :keystone_ec2_uri => 'http://127.0.0.1:5000/v2.0/ec2tokens', :flavor => 'keystone', - :keystone_password => 'secretpassword', :heat_clients_url => '', :purge_config => false, :yaql_limit_iterators => 400, @@ -104,12 +108,10 @@ describe 'heat' do end it 'configures project_domain_*' do - is_expected.to contain_heat_config('trustee/project_domain_id').with_value('') is_expected.to contain_heat_config('trustee/project_domain_name').with_value( 'Default' ) end it 'configures user_domain_*' do - is_expected.to contain_heat_config('trustee/user_domain_id').with_value('') is_expected.to contain_heat_config('trustee/user_domain_name').with_value( 'Default' ) end @@ -160,7 +162,6 @@ describe 'heat' do is_expected.to contain_heat_config('clients_heat/url').with_value('') end - it_configures "with default auth method" end shared_examples_for 'rabbit without HA support (with backward compatibility)' do @@ -374,21 +375,9 @@ describe 'heat' do end end - shared_examples_for "with default auth method" do - it 'configures auth_uri, identity_uri, admin_tenant_name, admin_user, admin_password' do - is_expected.to contain_heat_config('keystone_authtoken/auth_uri').with_value("http://127.0.0.1:5000/") - is_expected.to contain_heat_config('keystone_authtoken/auth_url').with_value("http://127.0.0.1:35357/") - is_expected.to contain_heat_config('keystone_authtoken/project_name').with_value("services") - is_expected.to contain_heat_config('keystone_authtoken/username').with_value("heat") - is_expected.to contain_heat_config('keystone_authtoken/password').with_secret( true ) - end - end - shared_examples_for "with custom keystone project_domain_* and user_domain_*" do before do params.merge!({ - :keystone_project_domain_id => 'domain1', - :keystone_user_domain_id => 'domain1', :keystone_project_domain_name => 'domain1', :keystone_user_domain_name => 'domain1', }) @@ -396,8 +385,6 @@ describe 'heat' do it 'configures project_domain_* and user_domain_*' do is_expected.to contain_heat_config('trustee/project_domain_name').with_value("domain1"); is_expected.to contain_heat_config('trustee/user_domain_name').with_value("domain1"); - is_expected.to contain_heat_config('trustee/project_domain_id').with_value("domain1"); - is_expected.to contain_heat_config('trustee/user_domain_id').with_value("domain1"); end end