Drop use of deprecated neutron auth options

puppet-nova no longer works with upstream Mitaka because
deprecated auth options were recently dropped from the
Nova source code in a67394a05872c89699487fc3e1e6a1801a7714c2.

This patch updates nova::network::neutron so that we no longer use
the previously deprecated (now missing) auth options. This includes:

 - using neutron_password instead of neutron_admin_password
 - using neutron_auth_plugin instead of neutron_auth_strategy
 - using neutron_tenant_name instead of neutron_admin_tenant_name
 - using neutron_username instead of neutron_admin_username
 - using neutron_auth_url instead of neutron_admin_auth_url

Warnings and errors have been added where appropriate. Includes
a new test case for deprecated parameters.

Change-Id: I2a9a519882d9575d25403c04be5089b9bb8c75bd
Closes-bug: #1525957

manifests/network/neutron.pp

@@ -4,13 +4,13 @@
 #
 # === Parameters:
 #
-# [*neutron_admin_password*]
+# [*neutron_password*]
 #   (required) Password for connecting to Neutron network services in
 #   admin context through the OpenStack Identity service.
 #
-# [*neutron_auth_strategy*]
+# [*neutron_auth_plugin*]
-#   (optional) Should be kept as default 'keystone' for all production deployments.
+#   Name of the plugin to load (string value)
-#   Defaults to 'keystone'
+#   Defaults to 'password'
 #
 # [*neutron_url*]
 #   (optional) URL for connecting to the Neutron networking service.
@@ -20,7 +20,7 @@
 #   (optional) Timeout value for connecting to neutron in seconds.
 #   Defaults to '30'
 #
-# [*neutron_admin_tenant_name*]
+# [*neutron_tenant_name*]
 #   (optional) Tenant name for connecting to Neutron network services in
 #   admin context through the OpenStack Identity service.
 #   Defaults to 'services'
@@ -34,7 +34,7 @@
 #   through the OpenStack Identity service.
 #   Defaults to 'RegionOne'
 #
-# [*neutron_admin_username*]
+# [*neutron_username*]
 #   (optional) Username for connecting to Neutron network services in admin context
 #   through the OpenStack Identity service.
 #   Defaults to 'neutron'
@@ -51,11 +51,11 @@
 #   (optional) Location of ca certicates file to use for neutronclient requests.
 #   Defaults to 'None'
 #
-# [*neutron_admin_auth_url*]
+# [*neutron_auth_url*]
 #   (optional) Points to the OpenStack Identity server IP and port.
 #   This is the Identity (keystone) admin API server IP and port value,
 #   and not the Identity service API IP and port.
-#   Defaults to 'http://127.0.0.1:35357/v2.0'
+#   Defaults to 'http://127.0.0.1:35357'
 #
 # [*network_api_class*]
 #   (optional) The full class name of the network API class.
@@ -91,16 +91,41 @@
 #   (optional) domain to use for building the hostnames
 #   Defaults to 'novalocal'
 #
+# DEPRECATED PARAMETERS
+# [*neutron_auth_strategy*]
+#   (optional) DEPRECATED.
+#
+# [*neutron_admin_password*]
+#   DEPRECATED. Password for connecting to Neutron network services
+#   in admin context through the OpenStack Identity service.
+#   Use neutron_password instead.
+#
+# [*neutron_admin_tenant_name*]
+#   (optional) DEPRECATED. Tenant name for connecting to Neutron network
+#   services in admin context through the OpenStack Identity service.
+#   Use neutron_tenant_name instead.
+#
+# [*neutron_admin_username*]
+#   (optional) DEPRECATED. Username for connecting to Neutron network services
+#   in admin context through the OpenStack Identity service.
+#   Use neutron_username instead.
+#
+# [*neutron_admin_auth_url*]
+#   (optional) DEPRECATED. Points to the OpenStack Identity server IP and port.
+#   This is the Identity (keystone) admin API server IP and port value,
+#   and not the Identity service API IP and port.
+#   Use neutron_auth_url instead.
+#
 class nova::network::neutron (
-  $neutron_admin_password,
+  $neutron_password                = false,
-  $neutron_auth_strategy           = 'keystone',
+  $neutron_auth_plugin             = 'password',
+  $neutron_tenant_name             = 'services',
+  $neutron_username                = 'neutron',
+  $neutron_auth_url                = 'http://127.0.0.1:35357',
   $neutron_url                     = 'http://127.0.0.1:9696',
   $neutron_url_timeout             = '30',
-  $neutron_admin_tenant_name       = 'services',
   $neutron_default_tenant_id       = 'default',
   $neutron_region_name             = 'RegionOne',
-  $neutron_admin_username          = 'neutron',
-  $neutron_admin_auth_url          = 'http://127.0.0.1:35357/v2.0',
   $neutron_ovs_bridge              = 'br-int',
   $neutron_extension_sync_interval = '600',
   $neutron_ca_certificates_file    = undef,
@@ -110,10 +135,57 @@ class nova::network::neutron (
   $vif_plugging_is_fatal           = true,
   $vif_plugging_timeout            = '300',
   $dhcp_domain                     = 'novalocal',
+  # DEPRECATED PARAMETERS
+  $neutron_admin_password          = false,
+  $neutron_auth_strategy           = undef,
+  $neutron_admin_tenant_name       = undef,
+  $neutron_admin_username          = undef,
+  $neutron_admin_auth_url          = undef,
 ) {
 
   include ::nova::deps
 
+  # neutron_admin params removed in Mitaka
+  if $neutron_password {
+    $neutron_password_real = $neutron_password
+  } else {
+    if $neutron_admin_password {
+      warning('neutron_admin_password is deprecated. Use neutron_password')
+      $neutron_password_real = $neutron_admin_password
+    } else {
+      fail('neutron_password is required')
+    }
+  }
+
+  if $neutron_admin_tenant_name {
+    warning('neutron_admin_tenant_name is deprecated. Use neutron_tenant_name')
+    $neutron_tenant_name_real = $neutron_admin_tenant_name
+  } else {
+    $neutron_tenant_name_real = $neutron_tenant_name
+  }
+
+  if $neutron_admin_username {
+    warning('neutron_admin_username is deprecated. Use neutron_username')
+    $neutron_username_real = $neutron_admin_username
+  } else {
+    $neutron_username_real = $neutron_username
+  }
+
+  if $neutron_admin_auth_url {
+    warning('neutron_admin_auth_url is deprecated. Use neutron_auth_url')
+    $neutron_auth_url_real = $neutron_admin_auth_url
+  } else {
+    $neutron_auth_url_real = $neutron_auth_url
+  }
+
+  # neutron_auth_strategy removed in Mitaka
+  if $neutron_auth_strategy {
+    warning('neutron_auth_strategy is deprecated')
+  }
+  nova_config {
+    'neutron/auth_strategy': ensure => absent;
+  }
+
   nova_config {
     'DEFAULT/dhcp_domain':             value => $dhcp_domain;
     'DEFAULT/firewall_driver':         value => $firewall_driver;
@@ -121,17 +193,17 @@ class nova::network::neutron (
     'DEFAULT/security_group_api':      value => $security_group_api;
     'DEFAULT/vif_plugging_is_fatal':   value => $vif_plugging_is_fatal;
     'DEFAULT/vif_plugging_timeout':    value => $vif_plugging_timeout;
-    'neutron/auth_strategy':           value => $neutron_auth_strategy;
     'neutron/url':                     value => $neutron_url;
     'neutron/timeout':                 value => $neutron_url_timeout;
-    'neutron/admin_tenant_name':       value => $neutron_admin_tenant_name;
+    'neutron/tenant_name':             value => $neutron_tenant_name_real;
     'neutron/default_tenant_id':       value => $neutron_default_tenant_id;
     'neutron/region_name':             value => $neutron_region_name;
-    'neutron/admin_username':          value => $neutron_admin_username;
+    'neutron/username':                value => $neutron_username_real;
-    'neutron/admin_password':          value => $neutron_admin_password, secret => true;
+    'neutron/password':                value => $neutron_password_real, secret => true;
-    'neutron/admin_auth_url':          value => $neutron_admin_auth_url;
+    'neutron/auth_url':                value => $neutron_auth_url_real;
     'neutron/ovs_bridge':              value => $neutron_ovs_bridge;
     'neutron/extension_sync_interval': value => $neutron_extension_sync_interval;
+    'neutron/auth_plugin':             value => $neutron_auth_plugin;
   }
 
   if ! $neutron_ca_certificates_file {

spec/classes/nova_network_neutron_spec.rb

@@ -3,14 +3,14 @@ require 'spec_helper'
 describe 'nova::network::neutron' do
 
   let :default_params do
-    { :neutron_auth_strategy           => 'keystone',
+    { :neutron_auth_plugin             => 'password',
       :neutron_url                     => 'http://127.0.0.1:9696',
       :neutron_url_timeout             => '30',
-      :neutron_admin_tenant_name       => 'services',
+      :neutron_tenant_name             => 'services',
       :neutron_default_tenant_id       => 'default',
       :neutron_region_name             => 'RegionOne',
-      :neutron_admin_username          => 'neutron',
+      :neutron_username                => 'neutron',
-      :neutron_admin_auth_url          => 'http://127.0.0.1:35357/v2.0',
+      :neutron_auth_url                => 'http://127.0.0.1:35357',
       :neutron_ovs_bridge              => 'br-int',
       :neutron_extension_sync_interval => '600',
       :security_group_api              => 'neutron',
@@ -22,23 +22,23 @@ describe 'nova::network::neutron' do
   end
 
   let :params do
-    { :neutron_admin_password => 's3cr3t' }
+    { :neutron_password => 's3cr3t' }
   end
 
 
   context 'with required parameters' do
     it 'configures neutron endpoint in nova.conf' do
-      is_expected.to contain_nova_config('neutron/admin_password').with_value(params[:neutron_admin_password]).with_secret(true)
+      is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
       is_expected.to contain_nova_config('DEFAULT/network_api_class').with_value('nova.network.neutronv2.api.API')
       is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(default_params[:dhcp_domain])
-      is_expected.to contain_nova_config('neutron/auth_strategy').with_value(default_params[:neutron_auth_strategy])
+      is_expected.to contain_nova_config('neutron/auth_plugin').with_value(default_params[:neutron_auth_plugin])
       is_expected.to contain_nova_config('neutron/url').with_value(default_params[:neutron_url])
       is_expected.to contain_nova_config('neutron/timeout').with_value(default_params[:neutron_url_timeout])
-      is_expected.to contain_nova_config('neutron/admin_tenant_name').with_value(default_params[:neutron_admin_tenant_name])
+      is_expected.to contain_nova_config('neutron/tenant_name').with_value(default_params[:neutron_tenant_name])
       is_expected.to contain_nova_config('neutron/default_tenant_id').with_value(default_params[:neutron_default_tenant_id])
       is_expected.to contain_nova_config('neutron/region_name').with_value(default_params[:neutron_region_name])
-      is_expected.to contain_nova_config('neutron/admin_username').with_value(default_params[:neutron_admin_username])
+      is_expected.to contain_nova_config('neutron/username').with_value(default_params[:neutron_username])
-      is_expected.to contain_nova_config('neutron/admin_auth_url').with_value(default_params[:neutron_admin_auth_url])
+      is_expected.to contain_nova_config('neutron/auth_url').with_value(default_params[:neutron_auth_url])
       is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(default_params[:neutron_extension_sync_interval])
     end
     it 'configures Nova to use Neutron Bridge Security Groups and Firewall' do
@@ -57,11 +57,11 @@ describe 'nova::network::neutron' do
       params.merge!(
         :neutron_url                     => 'http://10.0.0.1:9696',
         :neutron_url_timeout             => '30',
-        :neutron_admin_tenant_name       => 'openstack',
+        :neutron_tenant_name       => 'openstack',
         :neutron_default_tenant_id       => 'default',
         :neutron_region_name             => 'RegionTwo',
-        :neutron_admin_username          => 'neutron2',
+        :neutron_username          => 'neutron2',
-        :neutron_admin_auth_url          => 'http://10.0.0.1:35357/v2.0',
+        :neutron_auth_url          => 'http://10.0.0.1:35357',
         :network_api_class               => 'network.api.class',
         :security_group_api              => 'nova',
         :firewall_driver                 => 'nova.virt.firewall.IptablesFirewallDriver',
@@ -74,17 +74,17 @@ describe 'nova::network::neutron' do
     end
 
     it 'configures neutron endpoint in nova.conf' do
-      is_expected.to contain_nova_config('neutron/auth_strategy').with_value(default_params[:neutron_auth_strategy])
+      is_expected.to contain_nova_config('neutron/auth_strategy').with_ensure('absent')
-      is_expected.to contain_nova_config('neutron/admin_password').with_value(params[:neutron_admin_password]).with_secret(true)
+      is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
       is_expected.to contain_nova_config('DEFAULT/network_api_class').with_value('network.api.class')
       is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
       is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
       is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
-      is_expected.to contain_nova_config('neutron/admin_tenant_name').with_value(params[:neutron_admin_tenant_name])
+      is_expected.to contain_nova_config('neutron/tenant_name').with_value(params[:neutron_tenant_name])
       is_expected.to contain_nova_config('neutron/default_tenant_id').with_value(params[:neutron_default_tenant_id])
       is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
-      is_expected.to contain_nova_config('neutron/admin_username').with_value(params[:neutron_admin_username])
+      is_expected.to contain_nova_config('neutron/username').with_value(params[:neutron_username])
-      is_expected.to contain_nova_config('neutron/admin_auth_url').with_value(params[:neutron_admin_auth_url])
+      is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url])
       is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
     end
     it 'configures Nova to use Neutron Security Groups and Firewall' do
@@ -97,4 +97,53 @@ describe 'nova::network::neutron' do
       is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
     end
   end
+
+  context 'with deprecated class parameters' do
+    before do
+      params.merge!(
+        :neutron_url                     => 'http://10.0.0.1:9696',
+        :neutron_url_timeout             => '30',
+        :neutron_admin_tenant_name       => 'openstack',
+        :neutron_default_tenant_id       => 'default',
+        :neutron_region_name             => 'RegionTwo',
+        :neutron_admin_username          => 'neutron2',
+        :neutron_admin_auth_url          => 'http://10.0.0.1:35357',
+        :network_api_class               => 'network.api.class',
+        :security_group_api              => 'nova',
+        :firewall_driver                 => 'nova.virt.firewall.IptablesFirewallDriver',
+        :neutron_ovs_bridge              => 'br-int',
+        :neutron_extension_sync_interval => '600',
+        :vif_plugging_is_fatal           => false,
+        :vif_plugging_timeout            => '0',
+	:dhcp_domain                     => 'foo'
+      )
+    end
+
+    it 'configures neutron endpoint in nova.conf' do
+      is_expected.to contain_nova_config('neutron/auth_strategy').with_ensure('absent')
+      is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
+      is_expected.to contain_nova_config('DEFAULT/network_api_class').with_value('network.api.class')
+      is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
+      is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
+      is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
+      is_expected.to contain_nova_config('neutron/tenant_name').with_value(params[:neutron_admin_tenant_name])
+      is_expected.to contain_nova_config('neutron/default_tenant_id').with_value(params[:neutron_default_tenant_id])
+      is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
+      is_expected.to contain_nova_config('neutron/username').with_value(params[:neutron_admin_username])
+      is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_admin_auth_url])
+      is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
+    end
+    it 'configures Nova to use Neutron Security Groups and Firewall' do
+      is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
+      is_expected.to contain_nova_config('DEFAULT/security_group_api').with_value(params[:security_group_api])
+      is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
+    end
+    it 'configures neutron vif plugging events in nova.conf' do
+      is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal])
+      is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
+    end
+  end
+
+
+
 end