diff --git a/manifests/inspector.pp b/manifests/inspector.pp index 17ef07de..17b4f72a 100644 --- a/manifests/inspector.pp +++ b/manifests/inspector.pp @@ -77,70 +77,6 @@ # (optional) Method for storing introspection data # Defaults to 'none' # -# [*ironic_auth_type*] -# (optional) Authentication plugin for accessing Ironic -# Defaults to 'password' -# -# [*ironic_username*] -# (optional) User name for accessing Ironic API -# Defaults to 'ironic' -# -# [*ironic_password*] -# (optional) Password for accessing Ironic API -# Defaults to undef. Set a value unless using noauth. -# -# [*ironic_tenant_name*] -# (optional) Tenant name for accessing Ironic API -# Defaults to 'services' -# -# [*ironic_project_domain_name*] -# (Optional) Name of domain for $ironic_tenant_name -# Defaults to 'Default' -# -# [*ironic_user_domain_name*] -# (Optional) Name of domain for $ironic_username -# Defaults to 'Default' -# -# [*ironic_auth_url*] -# (optional) Keystone authentication URL for Ironic -# Defautls to 'http://127.0.0.1:5000/v3' -# -# [*ironic_max_retries*] -# (optional) Maximum number of retries in case of conflict error -# Defaults to 30 -# -# [*ironic_retry_interval*] -# (optional) Interval between retries in case of conflict error -# Defaults to 2 -# -# [*swift_auth_type*] -# (optional) Authentication plugin for accessing Swift -# Defaults to 'password' -# -# [*swift_username*] -# (optional) User name for accessing Swift API -# Defaults to 'ironic' -# -# [*swift_password*] -# (optional) Password for accessing Swift API -# Defaults to undef. Set a value if using Swift. -# -# [*swift_tenant_name*] -# (optional) Tenant name for accessing Swift API -# Defaults to 'services' -# -# [*swift_project_domain_name*] -# (Optional) Name of domain for $swift_tenant_name -# Defaults to 'Default' -# -# [*swift_user_domain_name*] -# (Optional) Name of domain for $swift_username -# Defaults to 'Default' -# -# [*swift_auth_url*] -# (optional) Keystone authentication URL for Swift -# Defautls to 'http://127.0.0.1:5000/v3' -# # [*dnsmasq_ip_subnets*] # (optional) List of hashes with keys: 'tag', 'ip_range', 'netmask', # 'gateway' and 'classless_static_routes'. 'ip_range' is the only required @@ -235,17 +171,83 @@ # transport://user:pass@host1:port[,hostN:portN]/virtual_host # Defaults to 'fake://' # +# DEPRECATED PARAMETERS +# +# [*swift_auth_type*] +# (optional) Authentication plugin for accessing Swift +# Defaults to undef. +# +# [*swift_username*] +# (optional) User name for accessing Swift API +# Defaults to undef. +# +# [*swift_password*] +# (optional) Password for accessing Swift API +# Defaults to undef. +# +# [*swift_tenant_name*] +# (optional) Tenant name for accessing Swift API +# Defaults to undef. +# +# [*swift_project_domain_name*] +# (Optional) Name of domain for $swift_tenant_name +# Defaults to undef. +# +# [*swift_user_domain_name*] +# (Optional) Name of domain for $swift_username +# Defaults to undef. +# +# [*swift_auth_url*] +# (optional) Keystone authentication URL for Swift +# Defautls to undef. +# +# [*swift_container*] +# (optional) Default Swift container name to use when creating objects. +# String value +# Defaults to undef. +# +# [*ironic_auth_type*] +# (optional) Authentication plugin for accessing Ironic +# Defaults to undef +# +# [*ironic_username*] +# (optional) User name for accessing Ironic API +# Defaults to undef +# +# [*ironic_password*] +# (optional) Password for accessing Ironic API +# Defaults to undef. +# +# [*ironic_tenant_name*] +# (optional) Tenant name for accessing Ironic API +# Defaults to undef. +# +# [*ironic_project_domain_name*] +# (Optional) Name of domain for $ironic_tenant_name +# Defaults to undef. +# +# [*ironic_user_domain_name*] +# (Optional) Name of domain for $ironic_username +# Defaults to undef. +# +# [*ironic_auth_url*] +# (optional) Keystone authentication URL for Ironic +# Defautls to undef. +# # [*ironic_url*] # (optional) Ironic API URL, used to set Ironic API URL when auth_strategy # option is noauth or auth_type is "none" to work with standalone Ironic # without keystone. String value # Defaults to 'undef' # -# [*swift_container*] -# (optional) Default Swift container name to use when creating objects. -# String value -# Defaults to $::os_service_default - +# [*ironic_max_retries*] +# (optional) Maximum number of retries in case of conflict error +# Defaults to undef. +# +# [*ironic_retry_interval*] +# (optional) Interval between retries in case of conflict error +# Defaults to undef. +# class ironic::inspector ( $package_ensure = 'present', $enabled = true, @@ -261,24 +263,6 @@ class ironic::inspector ( $add_ports = $::os_service_default, $keep_ports = 'all', $store_data = 'none', - $ironic_auth_type = 'password', - $ironic_username = 'ironic', - $ironic_password = undef, - $ironic_tenant_name = 'services', - $ironic_project_domain_name = 'Default', - $ironic_user_domain_name = 'Default', - $ironic_auth_url = 'http://127.0.0.1:5000/v3', - $ironic_url = undef, - $ironic_max_retries = 30, - $ironic_retry_interval = 2, - $swift_auth_type = 'password', - $swift_username = 'ironic', - $swift_password = undef, - $swift_tenant_name = 'services', - $swift_project_domain_name = 'Default', - $swift_user_domain_name = 'Default', - $swift_auth_url = 'http://127.0.0.1:5000/v3', - $swift_container = $::os_service_default, $dnsmasq_ip_subnets = [], $dnsmasq_local_ip = '192.168.0.1', $dnsmasq_dhcp_hostsdir = undef, @@ -297,12 +281,38 @@ class ironic::inspector ( $discovery_default_driver = $::os_service_default, $enable_ppc64le = false, $default_transport_url = 'fake://', + # DEPRECATED PARAMETERS + $swift_auth_type = undef, + $swift_username = undef, + $swift_password = undef, + $swift_tenant_name = undef, + $swift_project_domain_name = undef, + $swift_user_domain_name = undef, + $swift_auth_url = undef, + $swift_container = undef, + $ironic_auth_type = undef, + $ironic_username = undef, + $ironic_password = undef, + $ironic_tenant_name = undef, + $ironic_project_domain_name = undef, + $ironic_user_domain_name = undef, + $ironic_auth_url = undef, + $ironic_url = undef, + $ironic_max_retries = undef, + $ironic_retry_interval = undef, ) { include ironic::deps include ironic::params include ironic::pxe::common include ironic::inspector::db + include ironic::inspector::swift + include ironic::inspector::ironic + + if $ironic_url != undef { + warn('ironic::inspector::ironic_url is now deprecated and has no effect. \ +Use ironic::inspector::ironic::endpoint_override instead.') + } if $auth_strategy == 'keystone' { include ironic::inspector::authtoken @@ -388,24 +398,6 @@ class ironic::inspector ( 'processing/add_ports': value => $add_ports; 'processing/keep_ports': value => $keep_ports; 'processing/store_data': value => $store_data; - 'ironic/auth_type': value => $ironic_auth_type; - 'ironic/username': value => $ironic_username; - 'ironic/password': value => $ironic_password, secret => true; - 'ironic/project_name': value => $ironic_tenant_name; - 'ironic/project_domain_name': value => $ironic_project_domain_name; - 'ironic/user_domain_name': value => $ironic_user_domain_name; - 'ironic/auth_url': value => $ironic_auth_url; - 'ironic/ironic_url': value => $ironic_url; - 'ironic/max_retries': value => $ironic_max_retries; - 'ironic/retry_interval': value => $ironic_retry_interval; - 'swift/auth_type': value => $swift_auth_type; - 'swift/username': value => $swift_username; - 'swift/password': value => $swift_password, secret => true; - 'swift/project_name': value => $swift_tenant_name; - 'swift/project_domain_name': value => $swift_project_domain_name; - 'swift/user_domain_name': value => $swift_user_domain_name; - 'swift/auth_url': value => $swift_auth_url; - 'swift/container': value => $swift_container; # Here we use oslo.config interpolation with another option default_processing_hooks, # which we don't change as it might break introspection completely. 'processing/processing_hooks': value => $p_hooks; diff --git a/manifests/inspector/ironic.pp b/manifests/inspector/ironic.pp new file mode 100644 index 00000000..e17e875a --- /dev/null +++ b/manifests/inspector/ironic.pp @@ -0,0 +1,98 @@ +# Licensed under the Apache License, Version 2.0 (the "License")_real; you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: ironic::inspector::ironic +# +# [*auth_type*] +# The authentication plugin to use when connecting to ironic. +# Defaults to 'password' +# +# [*auth_url*] +# The address of the keystone api endpoint. +# Defaults to 'http://127.0.0.1:5000/v3' +# +# [*project_name*] +# The Keystone project name. +# Defaults to 'services' +# +# [*username*] +# The admin username for ironic-inspector to connect to ironic. +# Defaults to 'ironic'. +# +# [*password*] +# The admin password for ironic-inspector to connect to ironic. +# Defaults to $::os_service_default +# +# [*user_domain_name*] +# The name of user's domain (required for Identity V3). +# Defaults to 'Default' +# +# [*project_domain_name*] +# The name of project's domain (required for Identity V3). +# Defaults to 'Default' +# +# [*region_name*] +# (optional) Region name for connecting to ironic in admin context +# through the OpenStack Identity service. +# Defaults to $::os_service_default +# +# [*endpoint_override*] +# The endpoint URL for requests for this client +# Defaults to $::os_service_default +# +# [*max_retries*] +# (optional) Maximum number of retries in case of conflict error +# Defaults to 30 +# +# [*retry_interval*] +# (optional) Interval between retries in case of conflict error +# Defaults to 2 +# +class ironic::inspector::ironic ( + $auth_type = 'password', + $auth_url = 'http://127.0.0.1:5000/v3', + $project_name = 'services', + $username = 'ironic', + $password = $::os_service_default, + $user_domain_name = 'Default', + $project_domain_name = 'Default', + $region_name = $::os_service_default, + $endpoint_override = $::os_service_default, + $max_retries = 30, + $retry_interval = 2, +) { + + $auth_type_real = pick($::ironic::inspector::ironic_auth_type, $auth_type) + $auth_url_real = pick($::ironic::inspector::ironic_auth_url, $auth_url) + $username_real = pick($::ironic::inspector::ironic_username, $username) + $password_real = pick($::ironic::inspector::ironic_password, $password) + $project_name_real = pick($::ironic::inspector::ironic_tenant_name, $project_name) + $user_domain_name_real = pick($::ironic::inspector::ironic_user_domain_name, $user_domain_name) + $project_domain_name_real = pick($::ironic::inspector::ironic_project_domain_name, $project_domain_name) + $region_name_real = pick($::ironic::inspector::ironic_region_name, $region_name) + $max_retries_real = pick($::ironic::inspector::ironic_max_retries, $max_retries) + $retry_interval_real = pick($::ironic::inspector::ironic_retry_interval, $retry_interval) + + ironic_inspector_config { + 'ironic/auth_type': value => $auth_type_real; + 'ironic/username': value => $username_real; + 'ironic/password': value => $password_real, secret => true; + 'ironic/auth_url': value => $auth_url_real; + 'ironic/project_name': value => $project_name_real; + 'ironic/user_domain_name': value => $user_domain_name_real; + 'ironic/project_domain_name': value => $project_domain_name_real; + 'ironic/region_name': value => $region_name_real; + 'ironic/endpoint_override': value => $endpoint_override; + 'ironic/max_retries': value => $max_retries_real; + 'ironic/retry_interval': value => $retry_interval_real; + } +} diff --git a/manifests/inspector/service_catalog.pp b/manifests/inspector/service_catalog.pp new file mode 100644 index 00000000..c37e3253 --- /dev/null +++ b/manifests/inspector/service_catalog.pp @@ -0,0 +1,77 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: ironic::inspector::service_catalog +# +# [*auth_type*] +# The authentication plugin to use when connecting to the service catalog. +# Defaults to 'password' +# +# [*auth_url*] +# The address of the keystone api endpoint. +# Defaults to $::os_service_default +# +# [*project_name*] +# The Keystone project name. +# Defaults to 'services' +# +# [*username*] +# The admin username for ironic-inspector to connect to the service catalog. +# Defaults to 'ironic'. +# +# [*password*] +# The admin password for ironic-inspector to connect to the service catalog. +# Defaults to $::os_service_default +# +# [*user_domain_name*] +# The name of user's domain (required for Identity V3). +# Defaults to 'Default' +# +# [*project_domain_name*] +# The name of project's domain (required for Identity V3). +# Defaults to 'Default' +# +# [*region_name*] +# (optional) Region name for accessing Keystone catalog +# through the OpenStack Identity service. +# Defaults to $::os_service_default +# +# [*endpoint_override*] +# The endpoint URL for requests for this client +# Defaults to $::os_service_default +# +class ironic::inspector::service_catalog ( + $auth_type = 'password', + $auth_url = $::os_service_default, + $project_name = 'services', + $username = 'ironic', + $password = $::os_service_default, + $user_domain_name = 'Default', + $project_domain_name = 'Default', + $region_name = $::os_service_default, + $endpoint_override = $::os_service_default, +) { + + include ironic::deps + + ironic_inspector_config { + 'service_catalog/auth_type': value => $auth_type; + 'service_catalog/username': value => $username; + 'service_catalog/password': value => $password, secret => true; + 'service_catalog/auth_url': value => $auth_url; + 'service_catalog/project_name': value => $project_name; + 'service_catalog/user_domain_name': value => $user_domain_name; + 'service_catalog/project_domain_name': value => $project_domain_name; + 'service_catalog/region_name': value => $region_name; + 'service_catalog/endpoint_override': value => $endpoint_override; + } +} diff --git a/manifests/inspector/swift.pp b/manifests/inspector/swift.pp new file mode 100644 index 00000000..3efb3c1b --- /dev/null +++ b/manifests/inspector/swift.pp @@ -0,0 +1,92 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: ironic::inspector::swift +# +# [*auth_type*] +# The authentication plugin to use when connecting to swift. +# Defaults to 'password' +# +# [*auth_url*] +# The address of the keystone api endpoint. +# Defaults to $::os_service_default +# +# [*project_name*] +# The Keystone project name. +# Defaults to 'services' +# +# [*username*] +# The admin username for ironic-inspector to connect to swift. +# Defaults to 'ironic'. +# +# [*password*] +# The admin password for ironic-inspector to connect to swift. +# Defaults to $::os_service_default +# +# [*user_domain_name*] +# The name of user's domain (required for Identity V3). +# Defaults to 'Default' +# +# [*project_domain_name*] +# The name of project's domain (required for Identity V3). +# Defaults to 'Default' +# +# [*region_name*] +# (optional) Region name for connecting to swift in admin context +# through the OpenStack Identity service. +# Defaults to $::os_service_default +# +# [*endpoint_override*] +# The endpoint URL for requests for this client +# Defaults to $::os_service_default +# +# [*container*] +# (optional) Default Swift container name to use when creating objects. +# String value +# Defaults to $::os_service_default +# +class ironic::inspector::swift ( + $auth_type = 'password', + $auth_url = $::os_service_default, + $project_name = 'services', + $username = 'ironic', + $password = $::os_service_default, + $user_domain_name = 'Default', + $project_domain_name = 'Default', + $region_name = $::os_service_default, + $endpoint_override = $::os_service_default, + $container = $::os_service_default, +) { + + $auth_type_real = pick($::ironic::inspector::swift_auth_type, $auth_type) + $auth_url_real = pick($::ironic::inspector::swift_auth_url, $auth_url) + $username_real = pick($::ironic::inspector::swift_username, $username) + $password_real = pick($::ironic::inspector::swift_password, $password) + $project_name_real = pick($::ironic::inspector::swift_tenant_name, $project_name) + $user_domain_name_real = pick($::ironic::inspector::swift_user_domain_name, $user_domain_name) + $project_domain_name_real = pick($::ironic::inspector::swift_project_domain_name, $project_domain_name) + $region_name_real = pick($::ironic::inspector::swift_region_name, $region_name) + $container_real = pick($::ironic::inspector::swift_container, $container) + + ironic_inspector_config { + 'swift/auth_type': value => $auth_type_real; + 'swift/username': value => $username_real; + 'swift/password': value => $password_real, secret => true; + 'swift/auth_url': value => $auth_url_real; + 'swift/project_name': value => $project_name_real; + 'swift/user_domain_name': value => $user_domain_name_real; + 'swift/project_domain_name': value => $project_domain_name_real; + 'swift/region_name': value => $region_name_real; + 'swift/endpoint_override': value => $endpoint_override; + 'swift/container': value => $container_real; + } +} diff --git a/releasenotes/notes/inspector-keystone-auth-febd922f52f63b53.yaml b/releasenotes/notes/inspector-keystone-auth-febd922f52f63b53.yaml new file mode 100644 index 00000000..01ea0520 --- /dev/null +++ b/releasenotes/notes/inspector-keystone-auth-febd922f52f63b53.yaml @@ -0,0 +1,21 @@ +--- +features: + - | + The following classes were added to configure keystone credentials used in + ironic-inspector. + + - ``ironic::inspector::ironic`` + - ``ironic::inspector::service_catalog`` + - ``ironic::inspector::swift`` +deprecations: + - | + The ``swift_*`` parameters and ``ironic_*`` parameters in + the ``ironic::inspector`` class are deprecated and will be removed in + a future release. Use parameters in the following new classes instead. + + - ``ironic::inspector::ironic`` + - ``ironic::inspector::service_catalog`` + - ``ironic::inspector::swift`` + - | + The ``ironic::inspector::ironic_url`` parameter is deprecated and now has + no effect. Use ``ironic::inspector::ironic::endpoint_override`` instead. diff --git a/spec/classes/ironic_inspector_ironic_spec.rb b/spec/classes/ironic_inspector_ironic_spec.rb new file mode 100644 index 00000000..93ddfe01 --- /dev/null +++ b/spec/classes/ironic_inspector_ironic_spec.rb @@ -0,0 +1,99 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for ironic::inspector::ironic +# + +require 'spec_helper' + +describe 'ironic::inspector::ironic' do + + let :default_params do + { :auth_type => 'password', + :auth_url => 'http://127.0.0.1:5000/v3', + :project_name => 'services', + :username => 'ironic', + :max_retries => 30, + :retry_interval => 2, + } + end + + let :params do + {} + end + + shared_examples_for 'ironic-inspector ironic configuration' do + let :p do + default_params.merge(params) + end + + it 'configures ironic.conf' do + is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:auth_url]) + is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_inspector_config('ironic/username').with_value(p[:username]) + is_expected.to contain_ironic_inspector_config('ironic/password').with_value('').with_secret(true) + is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value('Default') + is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('Default') + is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value('') + is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value('') + is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:max_retries]) + is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value(p[:retry_interval]) + end + + context 'when overriding parameters' do + before :each do + params.merge!( + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :user_domain_name => 'NonDefault', + :project_domain_name => 'NonDefault', + :region_name => 'regionTwo', + :endpoint_override => 'http://example2.com', + :max_retries => 60, + :retry_interval => 10, + ) + end + + it 'should replace default parameter with new value' do + is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:auth_url]) + is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_inspector_config('ironic/username').with_value(p[:username]) + is_expected.to contain_ironic_inspector_config('ironic/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value(p[:user_domain_name]) + is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value(p[:project_domain_name]) + is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value(p[:region_name]) + is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value(p[:endpoint_override]) + is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:max_retries]) + is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value(p[:retry_interval]) + end + end + + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'ironic-inspector ironic configuration' + end + end + +end diff --git a/spec/classes/ironic_inspector_service_catalog_spec.rb b/spec/classes/ironic_inspector_service_catalog_spec.rb new file mode 100644 index 00000000..90def994 --- /dev/null +++ b/spec/classes/ironic_inspector_service_catalog_spec.rb @@ -0,0 +1,90 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for ironic::inspector::service_catalog +# + +require 'spec_helper' + +describe 'ironic::inspector::service_catalog' do + + let :default_params do + { :auth_type => 'password', + :project_name => 'services', + :username => 'ironic', + } + end + + let :params do + {} + end + + shared_examples_for 'ironic-inspector service catalog access configuration' do + let :p do + default_params.merge(params) + end + + it 'configures ironic-inspector.conf' do + is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value('') + is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value(p[:username]) + is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value('').with_secret(true) + is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value('Default') + is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('Default') + is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value('') + is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value('') + end + + context 'when overriding parameters' do + before :each do + params.merge!( + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :user_domain_name => 'NonDefault', + :project_domain_name => 'NonDefault', + :region_name => 'regionTwo', + :endpoint_override => 'http://example2.com', + ) + end + + it 'should replace default parameter with new value' do + is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value(p[:auth_url]) + is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value(p[:username]) + is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value(p[:user_domain_name]) + is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value(p[:project_domain_name]) + is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value(p[:region_name]) + is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value(p[:endpoint_override]) + end + end + + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'ironic-inspector service catalog access configuration' + end + end + +end diff --git a/spec/classes/ironic_inspector_swift_spec.rb b/spec/classes/ironic_inspector_swift_spec.rb new file mode 100644 index 00000000..93ddd241 --- /dev/null +++ b/spec/classes/ironic_inspector_swift_spec.rb @@ -0,0 +1,93 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for ironic::inspector::swift +# + +require 'spec_helper' + +describe 'ironic::inspector::swift' do + + let :default_params do + { :auth_type => 'password', + :project_name => 'services', + :username => 'ironic', + } + end + + let :params do + {} + end + + shared_examples_for 'ironic-inspector swift configuration' do + let :p do + default_params.merge(params) + end + + it 'configures ironic-inspector.conf' do + is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value('') + is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_inspector_config('swift/username').with_value(p[:username]) + is_expected.to contain_ironic_inspector_config('swift/password').with_value('').with_secret(true) + is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value('Default') + is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('Default') + is_expected.to contain_ironic_inspector_config('swift/region_name').with_value('') + is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value('') + is_expected.to contain_ironic_inspector_config('swift/container').with_value('') + end + + context 'when overriding parameters' do + before :each do + params.merge!( + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :user_domain_name => 'NonDefault', + :project_domain_name => 'NonDefault', + :region_name => 'regionTwo', + :endpoint_override => 'http://example2.com', + :container => 'mycontainer', + ) + end + + it 'should replace default parameter with new value' do + is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value(p[:auth_url]) + is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_inspector_config('swift/username').with_value(p[:username]) + is_expected.to contain_ironic_inspector_config('swift/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value(p[:user_domain_name]) + is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value(p[:project_domain_name]) + is_expected.to contain_ironic_inspector_config('swift/region_name').with_value(p[:region_name]) + is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value(p[:endpoint_override]) + is_expected.to contain_ironic_inspector_config('swift/container').with_value(p[:container]) + end + end + + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'ironic-inspector swift configuration' + end + end + +end