Drop use of deprecated neutron auth options

puppet-nova no longer works with upstream Mitaka because deprecated auth options were recently dropped from the Nova source code in a67394a05872c89699487fc3e1e6a1801a7714c2. This patch updates nova::network::neutron so that we no longer use the previously deprecated (now missing) auth options. This includes: - using neutron_password instead of neutron_admin_password - using neutron_auth_plugin instead of neutron_auth_strategy - using neutron_tenant_name instead of neutron_admin_tenant_name - using neutron_username instead of neutron_admin_username - using neutron_auth_url instead of neutron_admin_auth_url Warnings and errors have been added where appropriate. Includes a new test case for deprecated parameters. Change-Id: I2a9a519882d9575d25403c04be5089b9bb8c75bd Closes-bug: #1525957
2015-12-14 13:26:48 -05:00
parent c339a86baf
commit 339a6fcb95
2 changed files with 157 additions and 36 deletions
--- a/manifests/network/neutron.pp
+++ b/manifests/network/neutron.pp
@@ -4,13 +4,13 @@
 #
 # === Parameters:
 #
-# [*neutron_admin_password*]
+# [*neutron_password*]
 #   (required) Password for connecting to Neutron network services in
 #   admin context through the OpenStack Identity service.
 #
-# [*neutron_auth_strategy*]
-#   (optional) Should be kept as default 'keystone' for all production deployments.
-#   Defaults to 'keystone'
+# [*neutron_auth_plugin*]
+#   Name of the plugin to load (string value)
+#   Defaults to 'password'
 #
 # [*neutron_url*]
 #   (optional) URL for connecting to the Neutron networking service.
@@ -20,7 +20,7 @@
 #   (optional) Timeout value for connecting to neutron in seconds.
 #   Defaults to '30'
 #
-# [*neutron_admin_tenant_name*]
+# [*neutron_tenant_name*]
 #   (optional) Tenant name for connecting to Neutron network services in
 #   admin context through the OpenStack Identity service.
 #   Defaults to 'services'
@@ -34,7 +34,7 @@
 #   through the OpenStack Identity service.
 #   Defaults to 'RegionOne'
 #
-# [*neutron_admin_username*]
+# [*neutron_username*]
 #   (optional) Username for connecting to Neutron network services in admin context
 #   through the OpenStack Identity service.
 #   Defaults to 'neutron'
@@ -51,11 +51,11 @@
 #   (optional) Location of ca certicates file to use for neutronclient requests.
 #   Defaults to 'None'
 #
-# [*neutron_admin_auth_url*]
+# [*neutron_auth_url*]
 #   (optional) Points to the OpenStack Identity server IP and port.
 #   This is the Identity (keystone) admin API server IP and port value,
 #   and not the Identity service API IP and port.
-#   Defaults to 'http://127.0.0.1:35357/v2.0'
+#   Defaults to 'http://127.0.0.1:35357'
 #
 # [*network_api_class*]
 #   (optional) The full class name of the network API class.
@@ -91,16 +91,41 @@
 #   (optional) domain to use for building the hostnames
 #   Defaults to 'novalocal'
 #
+# DEPRECATED PARAMETERS
+# [*neutron_auth_strategy*]
+#   (optional) DEPRECATED.
+#
+# [*neutron_admin_password*]
+#   DEPRECATED. Password for connecting to Neutron network services
+#   in admin context through the OpenStack Identity service.
+#   Use neutron_password instead.
+#
+# [*neutron_admin_tenant_name*]
+#   (optional) DEPRECATED. Tenant name for connecting to Neutron network
+#   services in admin context through the OpenStack Identity service.
+#   Use neutron_tenant_name instead.
+#
+# [*neutron_admin_username*]
+#   (optional) DEPRECATED. Username for connecting to Neutron network services
+#   in admin context through the OpenStack Identity service.
+#   Use neutron_username instead.
+#
+# [*neutron_admin_auth_url*]
+#   (optional) DEPRECATED. Points to the OpenStack Identity server IP and port.
+#   This is the Identity (keystone) admin API server IP and port value,
+#   and not the Identity service API IP and port.
+#   Use neutron_auth_url instead.
+#
 class nova::network::neutron (
-  $neutron_admin_password,
-  $neutron_auth_strategy           = 'keystone',
+  $neutron_password                = false,
+  $neutron_auth_plugin             = 'password',
+  $neutron_tenant_name             = 'services',
+  $neutron_username                = 'neutron',
+  $neutron_auth_url                = 'http://127.0.0.1:35357',
  $neutron_url                     = 'http://127.0.0.1:9696',
  $neutron_url_timeout             = '30',
-  $neutron_admin_tenant_name       = 'services',
  $neutron_default_tenant_id       = 'default',
  $neutron_region_name             = 'RegionOne',
-  $neutron_admin_username          = 'neutron',
-  $neutron_admin_auth_url          = 'http://127.0.0.1:35357/v2.0',
  $neutron_ovs_bridge              = 'br-int',
  $neutron_extension_sync_interval = '600',
  $neutron_ca_certificates_file    = undef,
@@ -110,10 +135,57 @@ class nova::network::neutron (
  $vif_plugging_is_fatal           = true,
  $vif_plugging_timeout            = '300',
  $dhcp_domain                     = 'novalocal',
+  # DEPRECATED PARAMETERS
+  $neutron_admin_password          = false,
+  $neutron_auth_strategy           = undef,
+  $neutron_admin_tenant_name       = undef,
+  $neutron_admin_username          = undef,
+  $neutron_admin_auth_url          = undef,
 ) {

  include ::nova::deps

+  # neutron_admin params removed in Mitaka
+  if $neutron_password {
+    $neutron_password_real = $neutron_password
+  } else {
+    if $neutron_admin_password {
+      warning('neutron_admin_password is deprecated. Use neutron_password')
+      $neutron_password_real = $neutron_admin_password
+    } else {
+      fail('neutron_password is required')
+    }
+  }
+
+  if $neutron_admin_tenant_name {
+    warning('neutron_admin_tenant_name is deprecated. Use neutron_tenant_name')
+    $neutron_tenant_name_real = $neutron_admin_tenant_name
+  } else {
+    $neutron_tenant_name_real = $neutron_tenant_name
+  }
+
+  if $neutron_admin_username {
+    warning('neutron_admin_username is deprecated. Use neutron_username')
+    $neutron_username_real = $neutron_admin_username
+  } else {
+    $neutron_username_real = $neutron_username
+  }
+
+  if $neutron_admin_auth_url {
+    warning('neutron_admin_auth_url is deprecated. Use neutron_auth_url')
+    $neutron_auth_url_real = $neutron_admin_auth_url
+  } else {
+    $neutron_auth_url_real = $neutron_auth_url
+  }
+
+  # neutron_auth_strategy removed in Mitaka
+  if $neutron_auth_strategy {
+    warning('neutron_auth_strategy is deprecated')
+  }
+  nova_config {
+    'neutron/auth_strategy': ensure => absent;
+  }
+
  nova_config {
    'DEFAULT/dhcp_domain':             value => $dhcp_domain;
    'DEFAULT/firewall_driver':         value => $firewall_driver;
@@ -121,17 +193,17 @@ class nova::network::neutron (
    'DEFAULT/security_group_api':      value => $security_group_api;
    'DEFAULT/vif_plugging_is_fatal':   value => $vif_plugging_is_fatal;
    'DEFAULT/vif_plugging_timeout':    value => $vif_plugging_timeout;
-    'neutron/auth_strategy':           value => $neutron_auth_strategy;
    'neutron/url':                     value => $neutron_url;
    'neutron/timeout':                 value => $neutron_url_timeout;
-    'neutron/admin_tenant_name':       value => $neutron_admin_tenant_name;
+    'neutron/tenant_name':             value => $neutron_tenant_name_real;
    'neutron/default_tenant_id':       value => $neutron_default_tenant_id;
    'neutron/region_name':             value => $neutron_region_name;
-    'neutron/admin_username':          value => $neutron_admin_username;
-    'neutron/admin_password':          value => $neutron_admin_password, secret => true;
-    'neutron/admin_auth_url':          value => $neutron_admin_auth_url;
+    'neutron/username':                value => $neutron_username_real;
+    'neutron/password':                value => $neutron_password_real, secret => true;
+    'neutron/auth_url':                value => $neutron_auth_url_real;
    'neutron/ovs_bridge':              value => $neutron_ovs_bridge;
    'neutron/extension_sync_interval': value => $neutron_extension_sync_interval;
+    'neutron/auth_plugin':             value => $neutron_auth_plugin;
  }

  if ! $neutron_ca_certificates_file {
--- a/spec/classes/nova_network_neutron_spec.rb
+++ b/spec/classes/nova_network_neutron_spec.rb
@@ -3,14 +3,14 @@ require 'spec_helper'
 describe 'nova::network::neutron' do

  let :default_params do
-    { :neutron_auth_strategy           => 'keystone',
+    { :neutron_auth_plugin             => 'password',
      :neutron_url                     => 'http://127.0.0.1:9696',
      :neutron_url_timeout             => '30',
-      :neutron_admin_tenant_name       => 'services',
+      :neutron_tenant_name             => 'services',
      :neutron_default_tenant_id       => 'default',
      :neutron_region_name             => 'RegionOne',
-      :neutron_admin_username          => 'neutron',
-      :neutron_admin_auth_url          => 'http://127.0.0.1:35357/v2.0',
+      :neutron_username                => 'neutron',
+      :neutron_auth_url                => 'http://127.0.0.1:35357',
      :neutron_ovs_bridge              => 'br-int',
      :neutron_extension_sync_interval => '600',
      :security_group_api              => 'neutron',
@@ -22,23 +22,23 @@ describe 'nova::network::neutron' do
  end

  let :params do
-    { :neutron_admin_password => 's3cr3t' }
+    { :neutron_password => 's3cr3t' }
  end


  context 'with required parameters' do
    it 'configures neutron endpoint in nova.conf' do
-      is_expected.to contain_nova_config('neutron/admin_password').with_value(params[:neutron_admin_password]).with_secret(true)
+      is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
      is_expected.to contain_nova_config('DEFAULT/network_api_class').with_value('nova.network.neutronv2.api.API')
      is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(default_params[:dhcp_domain])
-      is_expected.to contain_nova_config('neutron/auth_strategy').with_value(default_params[:neutron_auth_strategy])
+      is_expected.to contain_nova_config('neutron/auth_plugin').with_value(default_params[:neutron_auth_plugin])
      is_expected.to contain_nova_config('neutron/url').with_value(default_params[:neutron_url])
      is_expected.to contain_nova_config('neutron/timeout').with_value(default_params[:neutron_url_timeout])
-      is_expected.to contain_nova_config('neutron/admin_tenant_name').with_value(default_params[:neutron_admin_tenant_name])
+      is_expected.to contain_nova_config('neutron/tenant_name').with_value(default_params[:neutron_tenant_name])
      is_expected.to contain_nova_config('neutron/default_tenant_id').with_value(default_params[:neutron_default_tenant_id])
      is_expected.to contain_nova_config('neutron/region_name').with_value(default_params[:neutron_region_name])
-      is_expected.to contain_nova_config('neutron/admin_username').with_value(default_params[:neutron_admin_username])
-      is_expected.to contain_nova_config('neutron/admin_auth_url').with_value(default_params[:neutron_admin_auth_url])
+      is_expected.to contain_nova_config('neutron/username').with_value(default_params[:neutron_username])
+      is_expected.to contain_nova_config('neutron/auth_url').with_value(default_params[:neutron_auth_url])
      is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(default_params[:neutron_extension_sync_interval])
    end
    it 'configures Nova to use Neutron Bridge Security Groups and Firewall' do
@@ -57,11 +57,11 @@ describe 'nova::network::neutron' do
      params.merge!(
        :neutron_url                     => 'http://10.0.0.1:9696',
        :neutron_url_timeout             => '30',
-        :neutron_admin_tenant_name       => 'openstack',
+        :neutron_tenant_name       => 'openstack',
        :neutron_default_tenant_id       => 'default',
        :neutron_region_name             => 'RegionTwo',
-        :neutron_admin_username          => 'neutron2',
-        :neutron_admin_auth_url          => 'http://10.0.0.1:35357/v2.0',
+        :neutron_username          => 'neutron2',
+        :neutron_auth_url          => 'http://10.0.0.1:35357',
        :network_api_class               => 'network.api.class',
        :security_group_api              => 'nova',
        :firewall_driver                 => 'nova.virt.firewall.IptablesFirewallDriver',
@@ -74,17 +74,17 @@ describe 'nova::network::neutron' do
    end

    it 'configures neutron endpoint in nova.conf' do
-      is_expected.to contain_nova_config('neutron/auth_strategy').with_value(default_params[:neutron_auth_strategy])
-      is_expected.to contain_nova_config('neutron/admin_password').with_value(params[:neutron_admin_password]).with_secret(true)
+      is_expected.to contain_nova_config('neutron/auth_strategy').with_ensure('absent')
+      is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
      is_expected.to contain_nova_config('DEFAULT/network_api_class').with_value('network.api.class')
      is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
      is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
      is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
-      is_expected.to contain_nova_config('neutron/admin_tenant_name').with_value(params[:neutron_admin_tenant_name])
+      is_expected.to contain_nova_config('neutron/tenant_name').with_value(params[:neutron_tenant_name])
      is_expected.to contain_nova_config('neutron/default_tenant_id').with_value(params[:neutron_default_tenant_id])
      is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
-      is_expected.to contain_nova_config('neutron/admin_username').with_value(params[:neutron_admin_username])
-      is_expected.to contain_nova_config('neutron/admin_auth_url').with_value(params[:neutron_admin_auth_url])
+      is_expected.to contain_nova_config('neutron/username').with_value(params[:neutron_username])
+      is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url])
      is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
    end
    it 'configures Nova to use Neutron Security Groups and Firewall' do
@@ -97,4 +97,53 @@ describe 'nova::network::neutron' do
      is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
    end
  end
+
+  context 'with deprecated class parameters' do
+    before do
+      params.merge!(
+        :neutron_url                     => 'http://10.0.0.1:9696',
+        :neutron_url_timeout             => '30',
+        :neutron_admin_tenant_name       => 'openstack',
+        :neutron_default_tenant_id       => 'default',
+        :neutron_region_name             => 'RegionTwo',
+        :neutron_admin_username          => 'neutron2',
+        :neutron_admin_auth_url          => 'http://10.0.0.1:35357',
+        :network_api_class               => 'network.api.class',
+        :security_group_api              => 'nova',
+        :firewall_driver                 => 'nova.virt.firewall.IptablesFirewallDriver',
+        :neutron_ovs_bridge              => 'br-int',
+        :neutron_extension_sync_interval => '600',
+        :vif_plugging_is_fatal           => false,
+        :vif_plugging_timeout            => '0',
+	:dhcp_domain                     => 'foo'
+      )
+    end
+
+    it 'configures neutron endpoint in nova.conf' do
+      is_expected.to contain_nova_config('neutron/auth_strategy').with_ensure('absent')
+      is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
+      is_expected.to contain_nova_config('DEFAULT/network_api_class').with_value('network.api.class')
+      is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
+      is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
+      is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
+      is_expected.to contain_nova_config('neutron/tenant_name').with_value(params[:neutron_admin_tenant_name])
+      is_expected.to contain_nova_config('neutron/default_tenant_id').with_value(params[:neutron_default_tenant_id])
+      is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
+      is_expected.to contain_nova_config('neutron/username').with_value(params[:neutron_admin_username])
+      is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_admin_auth_url])
+      is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
+    end
+    it 'configures Nova to use Neutron Security Groups and Firewall' do
+      is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
+      is_expected.to contain_nova_config('DEFAULT/security_group_api').with_value(params[:security_group_api])
+      is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
+    end
+    it 'configures neutron vif plugging events in nova.conf' do
+      is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal])
+      is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
+    end
+  end
+
+
+
 end