Merge "Added service authentication options to LBaaS"

2017-07-28 11:59:11 +00:00
parent 4b5ff430a6 60c1efdac0
commit 342cc06f52
3 changed files with 134 additions and 2 deletions
--- a/manifests/services/lbaas/octavia.pp
+++ b/manifests/services/lbaas/octavia.pp
@@ -38,6 +38,41 @@
 # [*allocates_vip*]
 #   (optional) Whether Octavia is responsible for allocating
 #   the VIP.
+#
+# [*auth_url*]
+#   (optional) Keystone Authentication URL
+#   Defaults to $::os_service_default   Defaults to $::os_service_default
+#
+# [*admin_user*]
+#   (optional) User for LBaaS authentication
+#   Defaults to $::os_service_default
+#
+# [*admin_tenant_name*]
+#   (optional) Tenant for LBaaS authentication
+#   Defaults to 'services'
+#
+# [*admin_password*]
+#   (optional) Password for LBaaS authentication
+#   Defaults to $::os_service_default
+#
+# [*admin_user_domain*]
+#   (optional) User domain for LBaaS authentication
+#   Defaults to $::os_service_default
+#
+# [*admin_project_domain*]
+#   (optional) Project domain for LBaaS authentication
+#   Defaults to $::os_service_default
+#
+# [*auth_version*]
+#   (optional) Authentication version
+#   Defaults to $::os_service_default
+#
+# [*endpoint_type*]
+#   (optional) Endpoint type (public/private/internal)
+#   Defaults to $::os_service_default
+#
+# [*insecure*]
+#   (optional) Accept insecure certificates
 #   Defaults to $::os_service_default
 #

@@ -45,7 +80,16 @@ class neutron::services::lbaas::octavia(
  $base_url              = 'http://127.0.0.1:9876',
  $request_poll_interval = $::os_service_default,
  $request_poll_timeout  = $::os_service_default,
-  $allocates_vip         = $::os_service_default
+  $allocates_vip         = $::os_service_default,
+  $auth_url              = $::os_service_default,
+  $admin_user            = $::os_service_default,
+  $admin_tenant_name     = 'services',
+  $admin_password        = $::os_service_default,
+  $admin_user_domain     = $::os_service_default,
+  $admin_project_domain  = $::os_service_default,
+  $auth_version          = $::os_service_default,
+  $endpoint_type         = $::os_service_default,
+  $insecure              = $::os_service_default
 ) {

  include ::neutron::deps
@@ -56,4 +100,16 @@ class neutron::services::lbaas::octavia(
    'octavia/request_poll_timeout':  value => $request_poll_timeout;
    'octavia/allocates_vip':         value => $allocates_vip;
  }
+
+  neutron_config {
+    'service_auth/auth_url'             : value => $auth_url;
+    'service_auth/admin_user'           : value => $admin_user;
+    'service_auth/admin_tenant_name'    : value => $admin_tenant_name;
+    'service_auth/admin_password'       : value => $admin_password;
+    'service_auth/admin_user_domain'    : value => $admin_user_domain;
+    'service_auth/admin_project_domain' : value => $admin_project_domain;
+    'service_auth/auth_version'         : value => $auth_version;
+    'service_auth/endpoint_type'        : value => $endpoint_type;
+    'service_auth/insecure'             : value => $insecure;
+  }
 }
--- a/releasenotes/notes/add-lbaas-service-credentials-449198dd97813e8e.yaml
+++ b/releasenotes/notes/add-lbaas-service-credentials-449198dd97813e8e.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - It is now possible to configure the service credentials needed by the
+    LBaaS service , specifically the `service_auth` section in Neutron.
--- a/spec/classes/neutron_services_lbaas_octavia_spec.rb
+++ b/spec/classes/neutron_services_lbaas_octavia_spec.rb
@@ -26,7 +26,16 @@ describe 'neutron::services::lbaas::octavia' do
    { :base_url              => 'http://127.0.0.1:9876',
      :request_poll_interval => '<SERVICE DEFAULT>',
      :request_poll_timeout  => '<SERVICE DEFAULT>',
-      :allocates_vip         => '<SERVICE DEFAULT>'}
+      :allocates_vip         => '<SERVICE DEFAULT>',
+      :auth_url              => '<SERVICE DEFAULT>',
+      :admin_user            => '<SERVICE DEFAULT>',
+      :admin_tenant_name     => 'services',
+      :admin_password        => '<SERVICE DEFAULT>',
+      :admin_user_domain     => '<SERVICE DEFAULT>',
+      :admin_project_domain  => '<SERVICE DEFAULT>',
+      :auth_version          => '<SERVICE DEFAULT>',
+      :endpoint_type         => '<SERVICE DEFAULT>',
+      :insecure              => '<SERVICE DEFAULT>' }
  end

  context 'with default params' do
@@ -40,6 +49,18 @@ describe 'neutron::services::lbaas::octavia' do
      is_expected.to contain_neutron_config('octavia/request_poll_timeout').with_value('<SERVICE DEFAULT>')
      is_expected.to contain_neutron_config('octavia/allocates_vip').with_value('<SERVICE DEFAULT>')
    end
+
+    it 'configures octavia service authentication' do
+      is_expected.to contain_neutron_config('service_auth/auth_url').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_user').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_tenant_name').with_value('services')
+      is_expected.to contain_neutron_config('service_auth/admin_password').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_user_domain').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_project_domain').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/auth_version').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/endpoint_type').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/insecure').with_value('<SERVICE DEFAULT>')
+    end
  end

  context 'when base_url is set' do
@@ -59,5 +80,56 @@ describe 'neutron::services::lbaas::octavia' do
      is_expected.to contain_neutron_config('octavia/request_poll_timeout').with_value('100')
      is_expected.to contain_neutron_config('octavia/allocates_vip').with_value('false')
    end
+
+    it 'configures octavia service authentication' do
+      is_expected.to contain_neutron_config('service_auth/auth_url').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_user').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_tenant_name').with_value('services')
+      is_expected.to contain_neutron_config('service_auth/admin_password').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_user_domain').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_project_domain').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/auth_version').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/endpoint_type').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/insecure').with_value('<SERVICE DEFAULT>')
+    end
+  end
+
+  context 'when base_url and service credentials are set' do
+    let :params do
+      default_params.merge(
+        { :base_url              => 'http://octavia.example.org:9876',
+          :request_poll_interval => '3',
+          :request_poll_timeout  => '100',
+          :allocates_vip         => 'false',
+          :auth_url              => 'https://auth.openstack.cloud/v3',
+          :admin_user            => 'admin',
+          :admin_tenant_name     => 'service-tenant',
+          :admin_password        => 'secure123',
+          :admin_user_domain     => 'DefaultUsers',
+          :admin_project_domain  => 'DefaultProjects',
+          :auth_version          => '3',
+          :endpoint_type         => 'public',
+          :insecure              => 'false' }
+      )
+    end
+
+    it 'configures octavia service plugin custom parameters' do
+      is_expected.to contain_neutron_config('octavia/base_url').with_value('http://octavia.example.org:9876')
+      is_expected.to contain_neutron_config('octavia/request_poll_interval').with_value('3')
+      is_expected.to contain_neutron_config('octavia/request_poll_timeout').with_value('100')
+      is_expected.to contain_neutron_config('octavia/allocates_vip').with_value('false')
+    end
+
+    it 'configures octavia service authentication' do
+      is_expected.to contain_neutron_config('service_auth/auth_url').with_value('https://auth.openstack.cloud/v3')
+      is_expected.to contain_neutron_config('service_auth/admin_user').with_value('admin')
+      is_expected.to contain_neutron_config('service_auth/admin_tenant_name').with_value('service-tenant')
+      is_expected.to contain_neutron_config('service_auth/admin_password').with_value('secure123')
+      is_expected.to contain_neutron_config('service_auth/admin_user_domain').with_value('DefaultUsers')
+      is_expected.to contain_neutron_config('service_auth/admin_project_domain').with_value('DefaultProjects')
+      is_expected.to contain_neutron_config('service_auth/auth_version').with_value('3')
+      is_expected.to contain_neutron_config('service_auth/endpoint_type').with_value('public')
+      is_expected.to contain_neutron_config('service_auth/insecure').with_value('false')
+    end
  end
 end