openstack/puppet-ironic
Code Issues Proposed changes

Add new classes to define keystone credentials for inspector

Browse Source 
This patch introduces the following new classes, to define keystone
credentials used in ironic-inspector.

 - ironic::inspector::ironic
 - ironic::inspector::service_catalog
 - ironic::inspector::swift

Change-Id: I49adcbb6d90b2ef051cd862362fa1a7144fd9093
This commit is contained in:
Takashi Kajinami
2020-04-13 21:53:15 +09:00
parent 01a4ef49a4
commit 762804b38e
8 changed files with 667 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
manifests/inspector.pp
View File

@@ -77,70 +77,6 @@
# (optional) Method for storing introspection data
# Defaults to 'none'
#
# [*ironic_auth_type*]
# (optional) Authentication plugin for accessing Ironic
# Defaults to 'password'
#
# [*ironic_username*]
# (optional) User name for accessing Ironic API
# Defaults to 'ironic'
#
# [*ironic_password*]
# (optional) Password for accessing Ironic API
# Defaults to undef. Set a value unless using noauth.
#
# [*ironic_tenant_name*]
# (optional) Tenant name for accessing Ironic API
# Defaults to 'services'
#
# [*ironic_project_domain_name*]
# (Optional) Name of domain for $ironic_tenant_name
# Defaults to 'Default'
#
# [*ironic_user_domain_name*]
# (Optional) Name of domain for $ironic_username
# Defaults to 'Default'
#
# [*ironic_auth_url*]
# (optional) Keystone authentication URL for Ironic
# Defautls to 'http://127.0.0.1:5000/v3'
#
# [*ironic_max_retries*]
# (optional) Maximum number of retries in case of conflict error
# Defaults to 30
#
# [*ironic_retry_interval*]
# (optional) Interval between retries in case of conflict error
# Defaults to 2
#
# [*swift_auth_type*]
# (optional) Authentication plugin for accessing Swift
# Defaults to 'password'
#
# [*swift_username*]
# (optional) User name for accessing Swift API
# Defaults to 'ironic'
#
# [*swift_password*]
# (optional) Password for accessing Swift API
# Defaults to undef. Set a value if using Swift.
#
# [*swift_tenant_name*]
# (optional) Tenant name for accessing Swift API
# Defaults to 'services'
#
# [*swift_project_domain_name*]
# (Optional) Name of domain for $swift_tenant_name
# Defaults to 'Default'
#
# [*swift_user_domain_name*]
# (Optional) Name of domain for $swift_username
# Defaults to 'Default'
#
# [*swift_auth_url*]
# (optional) Keystone authentication URL for Swift
# Defautls to 'http://127.0.0.1:5000/v3'
#
# [*dnsmasq_ip_subnets*]
# (optional) List of hashes with keys: 'tag', 'ip_range', 'netmask',
# 'gateway' and 'classless_static_routes'. 'ip_range' is the only required
@@ -235,17 +171,83 @@
# transport://user:pass@host1:port[,hostN:portN]/virtual_host
# Defaults to 'fake://'
#
# DEPRECATED PARAMETERS
#
# [*swift_auth_type*]
# (optional) Authentication plugin for accessing Swift
# Defaults to undef.
#
# [*swift_username*]
# (optional) User name for accessing Swift API
# Defaults to undef.
#
# [*swift_password*]
# (optional) Password for accessing Swift API
# Defaults to undef.
#
# [*swift_tenant_name*]
# (optional) Tenant name for accessing Swift API
# Defaults to undef.
#
# [*swift_project_domain_name*]
# (Optional) Name of domain for $swift_tenant_name
# Defaults to undef.
#
# [*swift_user_domain_name*]
# (Optional) Name of domain for $swift_username
# Defaults to undef.
#
# [*swift_auth_url*]
# (optional) Keystone authentication URL for Swift
# Defautls to undef.
#
# [*swift_container*]
# (optional) Default Swift container name to use when creating objects.
# String value
# Defaults to undef.
#
# [*ironic_auth_type*]
# (optional) Authentication plugin for accessing Ironic
# Defaults to undef
#
# [*ironic_username*]
# (optional) User name for accessing Ironic API
# Defaults to undef
#
# [*ironic_password*]
# (optional) Password for accessing Ironic API
# Defaults to undef.
#
# [*ironic_tenant_name*]
# (optional) Tenant name for accessing Ironic API
# Defaults to undef.
#
# [*ironic_project_domain_name*]
# (Optional) Name of domain for $ironic_tenant_name
# Defaults to undef.
#
# [*ironic_user_domain_name*]
# (Optional) Name of domain for $ironic_username
# Defaults to undef.
#
# [*ironic_auth_url*]
# (optional) Keystone authentication URL for Ironic
# Defautls to undef.
#
# [*ironic_url*]
# (optional) Ironic API URL, used to set Ironic API URL when auth_strategy
# option is noauth or auth_type is "none" to work with standalone Ironic
# without keystone. String value
# Defaults to 'undef'
#
# [*swift_container*]
# (optional) Default Swift container name to use when creating objects.
# String value
# Defaults to $::os_service_default
# [*ironic_max_retries*]
# (optional) Maximum number of retries in case of conflict error
# Defaults to undef.
#
# [*ironic_retry_interval*]
# (optional) Interval between retries in case of conflict error
# Defaults to undef.
#
class ironic::inspector (
$package_ensure = 'present',
$enabled = true,
@@ -261,24 +263,6 @@ class ironic::inspector (
$add_ports = $::os_service_default,
$keep_ports = 'all',
$store_data = 'none',
$ironic_auth_type = 'password',
$ironic_username = 'ironic',
$ironic_password = undef,
$ironic_tenant_name = 'services',
$ironic_project_domain_name = 'Default',
$ironic_user_domain_name = 'Default',
$ironic_auth_url = 'http://127.0.0.1:5000/v3',
$ironic_url = undef,
$ironic_max_retries = 30,
$ironic_retry_interval = 2,
$swift_auth_type = 'password',
$swift_username = 'ironic',
$swift_password = undef,
$swift_tenant_name = 'services',
$swift_project_domain_name = 'Default',
$swift_user_domain_name = 'Default',
$swift_auth_url = 'http://127.0.0.1:5000/v3',
$swift_container = $::os_service_default,
$dnsmasq_ip_subnets = [],
$dnsmasq_local_ip = '192.168.0.1',
$dnsmasq_dhcp_hostsdir = undef,
@@ -297,12 +281,38 @@ class ironic::inspector (
$discovery_default_driver = $::os_service_default,
$enable_ppc64le = false,
$default_transport_url = 'fake://',
# DEPRECATED PARAMETERS
$swift_auth_type = undef,
$swift_username = undef,
$swift_password = undef,
$swift_tenant_name = undef,
$swift_project_domain_name = undef,
$swift_user_domain_name = undef,
$swift_auth_url = undef,
$swift_container = undef,
$ironic_auth_type = undef,
$ironic_username = undef,
$ironic_password = undef,
$ironic_tenant_name = undef,
$ironic_project_domain_name = undef,
$ironic_user_domain_name = undef,
$ironic_auth_url = undef,
$ironic_url = undef,
$ironic_max_retries = undef,
$ironic_retry_interval = undef,
) {
include ironic::deps
include ironic::params
include ironic::pxe::common
include ironic::inspector::db
include ironic::inspector::swift
include ironic::inspector::ironic
if $ironic_url != undef {
warn('ironic::inspector::ironic_url is now deprecated and has no effect. \
Use ironic::inspector::ironic::endpoint_override instead.')
}
if $auth_strategy == 'keystone' {
include ironic::inspector::authtoken
@@ -388,24 +398,6 @@ class ironic::inspector (
'processing/add_ports': value => $add_ports;
'processing/keep_ports': value => $keep_ports;
'processing/store_data': value => $store_data;
'ironic/auth_type': value => $ironic_auth_type;
'ironic/username': value => $ironic_username;
'ironic/password': value => $ironic_password, secret => true;
'ironic/project_name': value => $ironic_tenant_name;
'ironic/project_domain_name': value => $ironic_project_domain_name;
'ironic/user_domain_name': value => $ironic_user_domain_name;
'ironic/auth_url': value => $ironic_auth_url;
'ironic/ironic_url': value => $ironic_url;
'ironic/max_retries': value => $ironic_max_retries;
'ironic/retry_interval': value => $ironic_retry_interval;
'swift/auth_type': value => $swift_auth_type;
'swift/username': value => $swift_username;
'swift/password': value => $swift_password, secret => true;
'swift/project_name': value => $swift_tenant_name;
'swift/project_domain_name': value => $swift_project_domain_name;
'swift/user_domain_name': value => $swift_user_domain_name;
'swift/auth_url': value => $swift_auth_url;
'swift/container': value => $swift_container;
# Here we use oslo.config interpolation with another option default_processing_hooks,
# which we don't change as it might break introspection completely.
'processing/processing_hooks': value => $p_hooks;

98
manifests/inspector/ironic.pp Normal file
View File

@@ -0,0 +1,98 @@
# Licensed under the Apache License, Version 2.0 (the "License")_real; you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: ironic::inspector::ironic
#
# [*auth_type*]
# The authentication plugin to use when connecting to ironic.
# Defaults to 'password'
#
# [*auth_url*]
# The address of the keystone api endpoint.
# Defaults to 'http://127.0.0.1:5000/v3'
#
# [*project_name*]
# The Keystone project name.
# Defaults to 'services'
#
# [*username*]
# The admin username for ironic-inspector to connect to ironic.
# Defaults to 'ironic'.
#
# [*password*]
# The admin password for ironic-inspector to connect to ironic.
# Defaults to $::os_service_default
#
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*region_name*]
# (optional) Region name for connecting to ironic in admin context
# through the OpenStack Identity service.
# Defaults to $::os_service_default
#
# [*endpoint_override*]
# The endpoint URL for requests for this client
# Defaults to $::os_service_default
#
# [*max_retries*]
# (optional) Maximum number of retries in case of conflict error
# Defaults to 30
#
# [*retry_interval*]
# (optional) Interval between retries in case of conflict error
# Defaults to 2
#
class ironic::inspector::ironic (
$auth_type = 'password',
$auth_url = 'http://127.0.0.1:5000/v3',
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
$max_retries = 30,
$retry_interval = 2,
) {
$auth_type_real = pick($::ironic::inspector::ironic_auth_type, $auth_type)
$auth_url_real = pick($::ironic::inspector::ironic_auth_url, $auth_url)
$username_real = pick($::ironic::inspector::ironic_username, $username)
$password_real = pick($::ironic::inspector::ironic_password, $password)
$project_name_real = pick($::ironic::inspector::ironic_tenant_name, $project_name)
$user_domain_name_real = pick($::ironic::inspector::ironic_user_domain_name, $user_domain_name)
$project_domain_name_real = pick($::ironic::inspector::ironic_project_domain_name, $project_domain_name)
$region_name_real = pick($::ironic::inspector::ironic_region_name, $region_name)
$max_retries_real = pick($::ironic::inspector::ironic_max_retries, $max_retries)
$retry_interval_real = pick($::ironic::inspector::ironic_retry_interval, $retry_interval)
ironic_inspector_config {
'ironic/auth_type': value => $auth_type_real;
'ironic/username': value => $username_real;
'ironic/password': value => $password_real, secret => true;
'ironic/auth_url': value => $auth_url_real;
'ironic/project_name': value => $project_name_real;
'ironic/user_domain_name': value => $user_domain_name_real;
'ironic/project_domain_name': value => $project_domain_name_real;
'ironic/region_name': value => $region_name_real;
'ironic/endpoint_override': value => $endpoint_override;
'ironic/max_retries': value => $max_retries_real;
'ironic/retry_interval': value => $retry_interval_real;
}
}

77
manifests/inspector/service_catalog.pp Normal file
View File

@@ -0,0 +1,77 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: ironic::inspector::service_catalog
#
# [*auth_type*]
# The authentication plugin to use when connecting to the service catalog.
# Defaults to 'password'
#
# [*auth_url*]
# The address of the keystone api endpoint.
# Defaults to $::os_service_default
#
# [*project_name*]
# The Keystone project name.
# Defaults to 'services'
#
# [*username*]
# The admin username for ironic-inspector to connect to the service catalog.
# Defaults to 'ironic'.
#
# [*password*]
# The admin password for ironic-inspector to connect to the service catalog.
# Defaults to $::os_service_default
#
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*region_name*]
# (optional) Region name for accessing Keystone catalog
# through the OpenStack Identity service.
# Defaults to $::os_service_default
#
# [*endpoint_override*]
# The endpoint URL for requests for this client
# Defaults to $::os_service_default
#
class ironic::inspector::service_catalog (
$auth_type = 'password',
$auth_url = $::os_service_default,
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
) {
include ironic::deps
ironic_inspector_config {
'service_catalog/auth_type': value => $auth_type;
'service_catalog/username': value => $username;
'service_catalog/password': value => $password, secret => true;
'service_catalog/auth_url': value => $auth_url;
'service_catalog/project_name': value => $project_name;
'service_catalog/user_domain_name': value => $user_domain_name;
'service_catalog/project_domain_name': value => $project_domain_name;
'service_catalog/region_name': value => $region_name;
'service_catalog/endpoint_override': value => $endpoint_override;
}
}

92
manifests/inspector/swift.pp Normal file
View File

@@ -0,0 +1,92 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: ironic::inspector::swift
#
# [*auth_type*]
# The authentication plugin to use when connecting to swift.
# Defaults to 'password'
#
# [*auth_url*]
# The address of the keystone api endpoint.
# Defaults to $::os_service_default
#
# [*project_name*]
# The Keystone project name.
# Defaults to 'services'
#
# [*username*]
# The admin username for ironic-inspector to connect to swift.
# Defaults to 'ironic'.
#
# [*password*]
# The admin password for ironic-inspector to connect to swift.
# Defaults to $::os_service_default
#
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*region_name*]
# (optional) Region name for connecting to swift in admin context
# through the OpenStack Identity service.
# Defaults to $::os_service_default
#
# [*endpoint_override*]
# The endpoint URL for requests for this client
# Defaults to $::os_service_default
#
# [*container*]
# (optional) Default Swift container name to use when creating objects.
# String value
# Defaults to $::os_service_default
#
class ironic::inspector::swift (
$auth_type = 'password',
$auth_url = $::os_service_default,
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
$container = $::os_service_default,
) {
$auth_type_real = pick($::ironic::inspector::swift_auth_type, $auth_type)
$auth_url_real = pick($::ironic::inspector::swift_auth_url, $auth_url)
$username_real = pick($::ironic::inspector::swift_username, $username)
$password_real = pick($::ironic::inspector::swift_password, $password)
$project_name_real = pick($::ironic::inspector::swift_tenant_name, $project_name)
$user_domain_name_real = pick($::ironic::inspector::swift_user_domain_name, $user_domain_name)
$project_domain_name_real = pick($::ironic::inspector::swift_project_domain_name, $project_domain_name)
$region_name_real = pick($::ironic::inspector::swift_region_name, $region_name)
$container_real = pick($::ironic::inspector::swift_container, $container)
ironic_inspector_config {
'swift/auth_type': value => $auth_type_real;
'swift/username': value => $username_real;
'swift/password': value => $password_real, secret => true;
'swift/auth_url': value => $auth_url_real;
'swift/project_name': value => $project_name_real;
'swift/user_domain_name': value => $user_domain_name_real;
'swift/project_domain_name': value => $project_domain_name_real;
'swift/region_name': value => $region_name_real;
'swift/endpoint_override': value => $endpoint_override;
'swift/container': value => $container_real;
}
}

21
releasenotes/notes/inspector-keystone-auth-febd922f52f63b53.yaml Normal file
View File

@@ -0,0 +1,21 @@
---
features:
- |
The following classes were added to configure keystone credentials used in
ironic-inspector.
- ``ironic::inspector::ironic``
- ``ironic::inspector::service_catalog``
- ``ironic::inspector::swift``
deprecations:
- |
The ``swift_*`` parameters and ``ironic_*`` parameters in
the ``ironic::inspector`` class are deprecated and will be removed in
a future release. Use parameters in the following new classes instead.
- ``ironic::inspector::ironic``
- ``ironic::inspector::service_catalog``
- ``ironic::inspector::swift``
- |
The ``ironic::inspector::ironic_url`` parameter is deprecated and now has
no effect. Use ``ironic::inspector::ironic::endpoint_override`` instead.

99
spec/classes/ironic_inspector_ironic_spec.rb Normal file
View File

@@ -0,0 +1,99 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::ironic
#
require 'spec_helper'
describe 'ironic::inspector::ironic' do
let :default_params do
{ :auth_type => 'password',
:auth_url => 'http://127.0.0.1:5000/v3',
:project_name => 'services',
:username => 'ironic',
:max_retries => 30,
:retry_interval => 2,
}
end
let :params do
{}
end
shared_examples_for 'ironic-inspector ironic configuration' do
let :p do
default_params.merge(params)
end
it 'configures ironic.conf' do
is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:auth_url])
is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_inspector_config('ironic/username').with_value(p[:username])
is_expected.to contain_ironic_inspector_config('ironic/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:max_retries])
is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value(p[:retry_interval])
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:max_retries => 60,
:retry_interval => 10,
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:auth_url])
is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_inspector_config('ironic/username').with_value(p[:username])
is_expected.to contain_ironic_inspector_config('ironic/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value(p[:endpoint_override])
is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:max_retries])
is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value(p[:retry_interval])
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic-inspector ironic configuration'
end
end
end

90
spec/classes/ironic_inspector_service_catalog_spec.rb Normal file
View File

@@ -0,0 +1,90 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::service_catalog
#
require 'spec_helper'
describe 'ironic::inspector::service_catalog' do
let :default_params do
{ :auth_type => 'password',
:project_name => 'services',
:username => 'ironic',
}
end
let :params do
{}
end
shared_examples_for 'ironic-inspector service catalog access configuration' do
let :p do
default_params.merge(params)
end
it 'configures ironic-inspector.conf' do
is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value(p[:username])
is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value(p[:auth_url])
is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value(p[:username])
is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value(p[:endpoint_override])
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic-inspector service catalog access configuration'
end
end
end

93
spec/classes/ironic_inspector_swift_spec.rb Normal file
View File

@@ -0,0 +1,93 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::swift
#
require 'spec_helper'
describe 'ironic::inspector::swift' do
let :default_params do
{ :auth_type => 'password',
:project_name => 'services',
:username => 'ironic',
}
end
let :params do
{}
end
shared_examples_for 'ironic-inspector swift configuration' do
let :p do
default_params.merge(params)
end
it 'configures ironic-inspector.conf' do
is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_inspector_config('swift/username').with_value(p[:username])
is_expected.to contain_ironic_inspector_config('swift/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('swift/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/container').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:container => 'mycontainer',
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value(p[:auth_url])
is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_inspector_config('swift/username').with_value(p[:username])
is_expected.to contain_ironic_inspector_config('swift/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_inspector_config('swift/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value(p[:endpoint_override])
is_expected.to contain_ironic_inspector_config('swift/container').with_value(p[:container])
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic-inspector swift configuration'
end
end
end