[inspector] Update authentication parameters

Inspector has switched to keystoneauth and authentication plugins,
this change makes puppet-ironic use them. Also this change exposes
auth_strategy parameter disabling keystone support completely.

This change removes deprecation warnings on inspector start up.

Change-Id: Icb0948c3fc085c76c3309ab1ad194a978922bfdb

manifests/inspector.pp

@@ -37,6 +37,10 @@
 #   (optional) Enable debug logging
 #   Defaults to undef
 #
+# [*auth_strategy*]
+#   (optional) API authentication strategy: keystone or noauth
+#   Defaults to 'keystone'
+#
 # [*auth_uri*]
 #   (optional) Complete public Identity API endpoint
 #   Defaults to 'http://127.0.0.1:5000/v2.0'
@@ -82,6 +86,10 @@
 #   (optional) Method for storing introspection data
 #   Defaults to 'none'
 #
+# [*ironic_auth_type*]
+#   (optional) Authentication plugin for accessing Ironic
+#   Defaults to 'password'
+#
 # [*ironic_username*]
 #   (optional) User name for accessing Ironic API
 #   Defaults to 'ironic'
@@ -106,6 +114,10 @@
 #   (optional) Interval between retries in case of conflict error
 #   Defaults to 2
 #
+# [*swift_auth_type*]
+#   (optional) Authentication plugin for accessing Swift
+#   Defaults to 'password'
+#
 # [*swift_username*]
 #   (optional) User name for accessing Swift API
 #   Defaults to 'ironic'
@@ -156,6 +168,7 @@ class ironic::inspector (
   $pxe_transfer_protocol           = 'tftp',
   $enable_uefi                     = false,
   $debug                           = undef,
+  $auth_strategy                   = 'keystone',
   $auth_uri                        = 'http://127.0.0.1:5000/v2.0',
   $identity_uri                    = 'http://127.0.0.1:35357',
   $admin_user                      = 'ironic',
@@ -167,12 +180,14 @@ class ironic::inspector (
   $enable_setting_ipmi_credentials = false,
   $keep_ports                      = 'all',
   $store_data                      = 'none',
+  $ironic_auth_type                = 'password',
   $ironic_username                 = 'ironic',
   $ironic_password                 = undef,
   $ironic_tenant_name              = 'services',
   $ironic_auth_url                 = 'http://127.0.0.1:5000/v2.0',
   $ironic_max_retries              = 30,
   $ironic_retry_interval           = 2,
+  $swift_auth_type                 = 'password',
   $swift_username                  = 'ironic',
   $swift_password                  = undef,
   $swift_tenant_name               = 'services',
@@ -251,28 +266,38 @@ class ironic::inspector (
   }
 
   # Configure inspector.conf
+
+  if $auth_strategy == 'keystone' {
+    ironic_inspector_config {
+      'keystone_authtoken/auth_type':               value => 'password';
+      'keystone_authtoken/auth_uri':                value => $auth_uri;
+      'keystone_authtoken/auth_url':                value => $identity_uri;
+      'keystone_authtoken/username':                value => $admin_user;
+      'keystone_authtoken/password':                value => $admin_password, secret => true;
+      'keystone_authtoken/project_name':            value => $admin_tenant_name;
+    }
+  }
+
   ironic_inspector_config {
-    'keystone_authtoken/auth_uri':                value => $auth_uri;
-    'keystone_authtoken/identity_uri':            value => $identity_uri;
-    'keystone_authtoken/admin_user':              value => $admin_user;
-    'keystone_authtoken/admin_password':          value => $admin_password, secret => true;
-    'keystone_authtoken/admin_tenant_name':       value => $admin_tenant_name;
+    'DEFAULT/auth_strategy':                      value => $auth_strategy;
     'firewall/dnsmasq_interface':                 value => $dnsmasq_interface;
     'database/connection':                        value => $db_connection;
     'processing/ramdisk_logs_dir':                value => $ramdisk_logs_dir;
     'processing/enable_setting_ipmi_credentials': value => $enable_setting_ipmi_credentials;
     'processing/keep_ports':                      value => $keep_ports;
     'processing/store_data':                      value => $store_data;
-    'ironic/os_username':                         value => $ironic_username;
-    'ironic/os_password':                         value => $ironic_password, secret => true;
-    'ironic/os_tenant_name':                      value => $ironic_tenant_name;
-    'ironic/os_auth_url':                         value => $ironic_auth_url;
+    'ironic/auth_type':                           value => $ironic_auth_type;
+    'ironic/username':                            value => $ironic_username;
+    'ironic/password':                            value => $ironic_password, secret => true;
+    'ironic/project_name':                        value => $ironic_tenant_name;
+    'ironic/auth_url':                            value => $ironic_auth_url;
     'ironic/max_retries':                         value => $ironic_max_retries;
     'ironic/retry_interval':                      value => $ironic_retry_interval;
+    'swift/auth_type':                            value => $swift_auth_type;
     'swift/username':                             value => $swift_username;
     'swift/password':                             value => $swift_password, secret => true;
-    'swift/tenant_name':                          value => $swift_tenant_name;
-    'swift/os_auth_url':                          value => $swift_auth_url;
+    'swift/project_name':                         value => $swift_tenant_name;
+    'swift/auth_url':                             value => $swift_auth_url;
     # Here we use oslo.config interpolation with another option default_processing_hooks,
     # which we don't change as it might break introspection completely.
     'processing/processing_hooks':                value => join(delete_undef_values(['$default_processing_hooks', $additional_processing_hooks]), ',');

spec/classes/ironic_inspector_spec.rb

@@ -25,6 +25,7 @@ describe 'ironic::inspector' do
       :enabled                         => true,
       :pxe_transfer_protocol           => 'tftp',
       :enable_uefi                     => false,
+      :auth_strategy                   => 'keystone',
       :auth_uri                        => 'http://127.0.0.1:5000/v2.0',
       :identity_uri                    => 'http://127.0.0.1:35357',
       :admin_user                      => 'ironic',
@@ -35,11 +36,13 @@ describe 'ironic::inspector' do
       :enable_setting_ipmi_credentials => false,
       :keep_ports                      => 'all',
       :store_data                      => 'none',
+      :ironic_auth_type                => 'password',
       :ironic_username                 => 'ironic',
       :ironic_tenant_name              => 'services',
       :ironic_auth_url                 => 'http://127.0.0.1:5000/v2.0',
       :ironic_max_retries              => 30,
       :ironic_retry_interval           => 2,
+      :swift_auth_type                 => 'password',
       :swift_username                  => 'ironic',
       :swift_tenant_name               => 'services',
       :swift_auth_url                  => 'http://127.0.0.1:5000/v2.0',
@@ -86,24 +89,28 @@ describe 'ironic::inspector' do
     end
 
     it 'configures inspector.conf' do
+      is_expected.to contain_ironic_inspector_config('DEFAULT/auth_strategy').with_value(p[:auth_strategy])
+      is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_type').with_value('password')
       is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_uri').with_value(p[:auth_uri])
-      is_expected.to contain_ironic_inspector_config('keystone_authtoken/identity_uri').with_value(p[:identity_uri])
-      is_expected.to contain_ironic_inspector_config('keystone_authtoken/admin_user').with_value(p[:admin_user])
-      is_expected.to contain_ironic_inspector_config('keystone_authtoken/admin_tenant_name').with_value(p[:admin_tenant_name])
+      is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_url').with_value(p[:identity_uri])
+      is_expected.to contain_ironic_inspector_config('keystone_authtoken/username').with_value(p[:admin_user])
+      is_expected.to contain_ironic_inspector_config('keystone_authtoken/project_name').with_value(p[:admin_tenant_name])
       is_expected.to contain_ironic_inspector_config('firewall/dnsmasq_interface').with_value(p[:dnsmasq_interface])
       is_expected.to contain_ironic_inspector_config('database/connection').with_value(p[:db_connection])
       is_expected.to contain_ironic_inspector_config('processing/ramdisk_logs_dir').with_value(p[:ramdisk_logs_dir])
       is_expected.to contain_ironic_inspector_config('processing/enable_setting_ipmi_credentials').with_value(p[:enable_setting_ipmi_credentials])
       is_expected.to contain_ironic_inspector_config('processing/keep_ports').with_value(p[:keep_ports])
       is_expected.to contain_ironic_inspector_config('processing/store_data').with_value(p[:store_data])
-      is_expected.to contain_ironic_inspector_config('ironic/os_username').with_value(p[:ironic_username])
-      is_expected.to contain_ironic_inspector_config('ironic/os_tenant_name').with_value(p[:ironic_tenant_name])
-      is_expected.to contain_ironic_inspector_config('ironic/os_auth_url').with_value(p[:ironic_auth_url])
+      is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(p[:ironic_auth_type])
+      is_expected.to contain_ironic_inspector_config('ironic/username').with_value(p[:ironic_username])
+      is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(p[:ironic_tenant_name])
+      is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:ironic_auth_url])
       is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:ironic_max_retries])
       is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value(p[:ironic_retry_interval])
+      is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(p[:swift_auth_type])
       is_expected.to contain_ironic_inspector_config('swift/username').with_value(p[:swift_username])
-      is_expected.to contain_ironic_inspector_config('swift/tenant_name').with_value(p[:swift_tenant_name])
-      is_expected.to contain_ironic_inspector_config('swift/os_auth_url').with_value(p[:swift_auth_url])
+      is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(p[:swift_tenant_name])
+      is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value(p[:swift_auth_url])
       is_expected.to contain_ironic_inspector_config('processing/processing_hooks').with_value('$default_processing_hooks')
     end
 
@@ -159,12 +166,12 @@ describe 'ironic::inspector' do
       it 'should replace default parameter with new value' do
         is_expected.to contain_ironic_inspector_config('DEFAULT/debug').with_value(p[:debug])
         is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_uri').with_value(p[:auth_uri])
-        is_expected.to contain_ironic_inspector_config('keystone_authtoken/identity_uri').with_value(p[:identity_uri])
-        is_expected.to contain_ironic_inspector_config('keystone_authtoken/admin_password').with_value(p[:admin_password])
-        is_expected.to contain_ironic_inspector_config('ironic/os_password').with_value(p[:ironic_password])
-        is_expected.to contain_ironic_inspector_config('ironic/os_auth_url').with_value(p[:ironic_auth_url])
+        is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_url').with_value(p[:identity_uri])
+        is_expected.to contain_ironic_inspector_config('keystone_authtoken/password').with_value(p[:admin_password])
+        is_expected.to contain_ironic_inspector_config('ironic/password').with_value(p[:ironic_password])
+        is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:ironic_auth_url])
         is_expected.to contain_ironic_inspector_config('swift/password').with_value(p[:swift_password])
-        is_expected.to contain_ironic_inspector_config('swift/os_auth_url').with_value(p[:swift_auth_url])
+        is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value(p[:swift_auth_url])
         is_expected.to contain_ironic_inspector_config('processing/processing_hooks').with_value('$default_processing_hooks,hook1,hook2')
       end