openstack/puppet-manila
Code Issues Proposed changes

Set credential parameters when auth_type != password

Browse Source 
Currently some classes ignore keystone credential parameters like
username, but it causes the problem with some other "auth_type"s like
v3password, which require these credential parameters.

This change makes sure that all credential parameters are set
regardless of auth_type value.

Change-Id: Ifa605ced3f6cb1472535e0ce9dd776a4a47c0328
This commit is contained in:
Takashi Kajinami 2020-08-22 21:26:25 +09:00
parent fe08c435f0
commit 167e104ef5
7 changed files with 61 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
manifests/compute/nova.pp
View File

@ -48,8 +48,7 @@
# #
# [*password*] # [*password*]
# (optional) User's password # (optional) User's password
# Only required if auth_type has been set to "password" # Defaults to $::os_service_default
# Defaults to undef
# #
class manila::compute::nova ( class manila::compute::nova (
$insecure = $::os_service_default, $insecure = $::os_service_default,
@ -62,27 +61,22 @@ class manila::compute::nova (
$region_name = $::os_service_default, $region_name = $::os_service_default,
$endpoint_type = $::os_service_default, $endpoint_type = $::os_service_default,
$username = 'nova', $username = 'nova',
$password = undef, $password = $::os_service_default,
) { ) {
include manila::deps include manila::deps
manila_config { manila_config {
'nova/insecure': value => $insecure; 'nova/insecure': value => $insecure;
'nova/auth_url': value => $auth_url; 'nova/auth_url': value => $auth_url;
'nova/auth_type': value => $auth_type; 'nova/auth_type': value => $auth_type;
'nova/cafile': value => $cafile; 'nova/cafile': value => $cafile;
'nova/region_name': value => $region_name; 'nova/region_name': value => $region_name;
'nova/endpoint_type': value => $endpoint_type; 'nova/endpoint_type': value => $endpoint_type;
} 'nova/username': value => $username;
'nova/user_domain_name': value => $user_domain_name;
if $auth_type == 'password' { 'nova/password': value => $password, secret => true;
manila_config { 'nova/project_name': value => $project_name;
'nova/username': value => $username; 'nova/project_domain_name': value => $project_domain_name;
'nova/user_domain_name': value => $user_domain_name;
'nova/password': value => $password, secret => true;
'nova/project_name': value => $project_name;
'nova/project_domain_name': value => $project_domain_name;
}
} }
} }

19
manifests/network/neutron.pp
View File

@ -52,7 +52,7 @@
# #
# [*password*] # [*password*]
# (optional) User's password # (optional) User's password
# Defaults to undef # Defaults to $::os_service_default
# #
# [*network_plugin_ipv4_enabled*] # [*network_plugin_ipv4_enabled*]
# (optional) Whether to support Ipv4 network resource # (optional) Whether to support Ipv4 network resource
@ -74,7 +74,7 @@ class manila::network::neutron (
$timeout = $::os_service_default, $timeout = $::os_service_default,
$endpoint_type = $::os_service_default, $endpoint_type = $::os_service_default,
$username = 'neutron', $username = 'neutron',
$password = undef, $password = $::os_service_default,
$network_plugin_ipv4_enabled = $::os_service_default, $network_plugin_ipv4_enabled = $::os_service_default,
$network_plugin_ipv6_enabled = $::os_service_default, $network_plugin_ipv6_enabled = $::os_service_default,
) { ) {
@ -90,17 +90,12 @@ class manila::network::neutron (
'neutron/region_name': value => $region_name; 'neutron/region_name': value => $region_name;
'neutron/timeout': value => $timeout; 'neutron/timeout': value => $timeout;
'neutron/endpoint_type': value => $endpoint_type; 'neutron/endpoint_type': value => $endpoint_type;
'neutron/username': value => $username;
'neutron/user_domain_name': value => $user_domain_name;
'neutron/password': value => $password, secret => true;
'neutron/project_name': value => $project_name;
'neutron/project_domain_name': value => $project_domain_name;
'DEFAULT/network_plugin_ipv4_enabled': value => $network_plugin_ipv4_enabled; 'DEFAULT/network_plugin_ipv4_enabled': value => $network_plugin_ipv4_enabled;
'DEFAULT/network_plugin_ipv6_enabled': value => $network_plugin_ipv6_enabled; 'DEFAULT/network_plugin_ipv6_enabled': value => $network_plugin_ipv6_enabled;
}
if $auth_type == 'password' {
manila_config {
'neutron/username': value => $username;
'neutron/user_domain_name': value => $user_domain_name;
'neutron/password': value => $password, secret => true;
'neutron/project_name': value => $project_name;
'neutron/project_domain_name': value => $project_domain_name;
}
} }
} }

38
manifests/volume/cinder.pp
View File

@ -48,8 +48,7 @@
# #
# [*password*] # [*password*]
# (optional) User's password # (optional) User's password
# Only required if auth_type has been set to "password" # Defaults to $::os_service_default
# Defaults to undef
# #
# [*http_retries*] # [*http_retries*]
# (optional) Number of cinderclient retries on failed http calls. # (optional) Number of cinderclient retries on failed http calls.
@ -92,7 +91,7 @@
# #
# [*cinder_admin_password*] # [*cinder_admin_password*]
# (optional) Cinder admin password. # (optional) Cinder admin password.
# Defaults to undef # Defaults to $::os_service_default
# #
# [*cinder_admin_tenant_name*] # [*cinder_admin_tenant_name*]
# (optional) Cinder admin tenant name # (optional) Cinder admin tenant name
@ -113,7 +112,7 @@ class manila::volume::cinder (
$region_name = $::os_service_default, $region_name = $::os_service_default,
$endpoint_type = $::os_service_default, $endpoint_type = $::os_service_default,
$username = 'cinder', $username = 'cinder',
$password = undef, $password = $::os_service_default,
$http_retries = $::os_service_default, $http_retries = $::os_service_default,
$cross_az_attach = $::os_service_default, $cross_az_attach = $::os_service_default,
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
@ -176,23 +175,18 @@ class manila::volume::cinder (
$cross_az_attach_real = pick($cinder_cross_az_attach, $cross_az_attach) $cross_az_attach_real = pick($cinder_cross_az_attach, $cross_az_attach)
manila_config { manila_config {
'cinder/insecure': value => $insecure_real; 'cinder/insecure': value => $insecure_real;
'cinder/auth_url': value => $auth_url_real; 'cinder/auth_url': value => $auth_url_real;
'cinder/auth_type': value => $auth_type; 'cinder/auth_type': value => $auth_type;
'cinder/cafile': value => $cafile_real; 'cinder/cafile': value => $cafile_real;
'cinder/region_name': value => $region_name; 'cinder/region_name': value => $region_name;
'cinder/endpoint_type': value => $endpoint_type; 'cinder/endpoint_type': value => $endpoint_type;
'cinder/http_retries': value => $http_retries_real; 'cinder/username': value => $username_real;
'cinder/cross_az_attach': value => $cross_az_attach_real; 'cinder/user_domain_name': value => $user_domain_name;
} 'cinder/password': value => $password_real, secret => true;
'cinder/project_name': value => $project_name_real;
if $auth_type == 'password' { 'cinder/project_domain_name': value => $project_domain_name;
manila_config { 'cinder/http_retries': value => $http_retries_real;
'cinder/username': value => $username_real; 'cinder/cross_az_attach': value => $cross_az_attach_real;
'cinder/user_domain_name': value => $user_domain_name;
'cinder/password': value => $password_real, secret => true;
'cinder/project_name': value => $project_name_real;
'cinder/project_domain_name': value => $project_domain_name;
}
} }
} }

10
releasenotes/notes/auth_type-fix-62bc3acab9700deb.yaml Normal file
View File

@ -0,0 +1,10 @@
---
fixes:
- |
Now the following classes set keystone_credential parameters lik username
in manila.conf, even auth_type is not ``password``. This fixes the problem
with the other auth_type value like ``v3password``.
- ``manila::compute::nova``
- ``manila::network::neutron``
- ``manila::volume::cinder``

12
spec/classes/manila_compute_nova_spec.rb
View File

@ -8,15 +8,13 @@ describe 'manila::compute::nova' do
is_expected.to contain_manila_config('nova/auth_url').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('nova/auth_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('nova/auth_type').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('nova/auth_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('nova/cafile').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('nova/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('nova/user_domain_name').with_value('Default')
is_expected.to contain_manila_config('nova/project_domain_name').with_value('Default')
is_expected.to contain_manila_config('nova/project_name').with_value('services')
is_expected.to contain_manila_config('nova/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('nova/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('nova/endpoint_type').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('nova/endpoint_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('nova/username').with_value('nova')
# These should be added only when auth_type is 'password' is_expected.to contain_manila_config('nova/password').with_value('<SERVICE DEFAULT>')
is_expected.not_to contain_manila_config('nova/user_domain_name')
is_expected.not_to contain_manila_config('nova/project_domain_name')
is_expected.not_to contain_manila_config('nova/project_name')
is_expected.not_to contain_manila_config('nova/username')
is_expected.not_to contain_manila_config('nova/password')
end end
end end

12
spec/classes/manila_network_neutron_spec.rb
View File

@ -8,18 +8,16 @@ describe 'manila::network::neutron' do
is_expected.to contain_manila_config('neutron/auth_url').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('neutron/auth_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('neutron/auth_type').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('neutron/auth_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('neutron/cafile').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('neutron/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('neutron/user_domain_name').with_value('Default')
is_expected.to contain_manila_config('neutron/project_domain_name').with_value('Default')
is_expected.to contain_manila_config('neutron/project_name').with_value('services')
is_expected.to contain_manila_config('neutron/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('neutron/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('neutron/timeout').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('neutron/timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('neutron/endpoint_type').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('neutron/endpoint_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('neutron/username').with_value('neutron')
is_expected.to contain_manila_config('neutron/password').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('DEFAULT/network_plugin_ipv4_enabled').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('DEFAULT/network_plugin_ipv4_enabled').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('DEFAULT/network_plugin_ipv6_enabled').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('DEFAULT/network_plugin_ipv6_enabled').with_value('<SERVICE DEFAULT>')
# These should be added only when auth_type is 'password'
is_expected.not_to contain_manila_config('neutron/user_domain_name')
is_expected.not_to contain_manila_config('neutron/project_domain_name')
is_expected.not_to contain_manila_config('neutron/project_name')
is_expected.not_to contain_manila_config('neutron/username')
is_expected.not_to contain_manila_config('neutron/password')
end end
end end

12
spec/classes/manila_volume_cinder.rb
View File

@ -10,15 +10,13 @@ describe 'manila::volume::cinder' do
is_expected.to contain_manila_config('cinder/cafile').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('cinder/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('cinder/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('cinder/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('cinder/endpoint_type').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('cinder/endpoint_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('cinder/user_domain_name').with_value('Default')
is_expected.to contain_manila_config('cinder/project_domain_name').with_value('Default')
is_expected.to contain_manila_config('cinder/project_name').with_value('services')
is_expected.to contain_manila_config('cinder/username').with_value('cinder')
is_expected.to contain_manila_config('cinder/password').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('cinder/http_retries').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('cinder/http_retries').with_value('<SERVICE DEFAULT>')
is_expected.to contain_manila_config('cinder/cross_az_attach').with_value('<SERVICE DEFAULT>') is_expected.to contain_manila_config('cinder/cross_az_attach').with_value('<SERVICE DEFAULT>')
# These should be added only when auth_type is 'password'
is_expected.not_to contain_manila_config('cinder/user_domain_name')
is_expected.not_to contain_manila_config('cinder/project_domain_name')
is_expected.not_to contain_manila_config('cinder/project_name')
is_expected.not_to contain_manila_config('cinder/username')
is_expected.not_to contain_manila_config('cinder/password')
end end
end end