openstack/puppet-nova
Code Issues Proposed changes

cinder: Remove credential parameters if password is not set

Browse Source 
The admin credential in [cinder] section is only required in compute
nodes while some parameters in the same section like catalog_info is
used by both controller nodes and compute nodes.

This change makes all credential parameters unset unless the password
is given. If the parameters are intentionally set the provided values
are honored.

Change-Id: I08d787817257d8b2e4a5c1ebf9c6763f6276a7e9
This commit is contained in:
Takashi Kajinami
2022-01-12 20:28:37 +09:00
parent 44b3a2b331
commit 65eea0d9c5
2 changed files with 68 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
manifests/cinder.pp
View File

@@ -5,19 +5,19 @@
# === Parameters:
#
# [*password*]
# (required) Password for connecting to Cinder services in
# (optional) Password for connecting to Cinder services in
# admin context through the OpenStack Identity service.
# Defaults to $::os_service_default
#
# [*auth_type*]
# (optional) Name of the auth type to load (string value)
# Defaults to 'password'
# Defaults to 'password' if password is set
#
# [*auth_url*]
# (optional) Points to the OpenStack Identity server IP and port.
# This is the Identity (keystone) admin API server IP and port value,
# and not the Identity service API IP and port.
# Defaults to $::os_service_default
# Defaults to 'http://127.0.0.1:5000' if password is set
#
# [*timeout*]
# (optional) Timeout value for connecting to cinder in seconds.
@@ -31,22 +31,22 @@
# [*project_name*]
# (optional) Project name for connecting to Cinder services in
# admin context through the OpenStack Identity service.
# Defaults to 'services'
# Defaults to 'services' if password is set
#
# [*project_domain_name*]
# (optional) Project Domain name for connecting to Cinder services in
# admin context through the OpenStack Identity service.
# Defaults to 'Default'
# Defaults to 'Default' if password is set
#
# [*username*]
# (optional) Username for connecting to Cinder services in admin context
# through the OpenStack Identity service.
# Defaults to 'cinder'
# Defaults to 'cinder' if password is set
#
# [*user_domain_name*]
# (optional) User Domain name for connecting to Cinder services in
# admin context through the OpenStack Identity service.
# Defaults to 'Default'
# Defaults to 'Default' if password is set
#
# [*os_region_name*]
# (optional) Sets the os_region_name flag. For environments with
@@ -69,14 +69,14 @@
#
class nova::cinder (
$password = $::os_service_default,
$auth_type = 'password',
$auth_url = $::os_service_default,
$auth_type = undef,
$auth_url = undef,
$timeout = $::os_service_default,
$region_name = $::os_service_default,
$project_name = 'services',
$project_domain_name = 'Default',
$username = 'cinder',
$user_domain_name = 'Default',
$project_name = undef,
$project_domain_name = undef,
$username = undef,
$user_domain_name = undef,
$os_region_name = $::os_service_default,
$catalog_info = $::os_service_default,
$http_retries = $::os_service_default,
@@ -87,16 +87,32 @@ class nova::cinder (
$os_region_name_real = pick($::nova::os_region_name, $os_region_name)
$catalog_info_real = pick($::nova::cinder_catalog_info, $catalog_info)
if is_service_default($password) {
$auth_type_real = pick($auth_type, $::os_service_default)
$auth_url_real = pick($auth_url, $::os_service_default)
$project_name_real = pick($project_name, $::os_service_default)
$project_domain_name_real = pick($project_domain_name, $::os_service_default)
$username_real = pick($username, $::os_service_default)
$user_domain_name_real = pick($user_domain_name, $::os_service_default)
} else {
$auth_type_real = pick($auth_type, 'password')
$auth_url_real = pick($auth_url, 'http://127.0.0.1:5000/')
$project_name_real = pick($project_name, 'services')
$project_domain_name_real = pick($project_domain_name, 'Default')
$username_real = pick($username, 'cinder')
$user_domain_name_real = pick($user_domain_name, 'Default')
}
nova_config {
'cinder/password': value => $password, secret => true;
'cinder/auth_type': value => $auth_type;
'cinder/auth_url': value => $auth_url;
'cinder/auth_type': value => $auth_type_real;
'cinder/auth_url': value => $auth_url_real;
'cinder/region_name': value => $region_name;
'cinder/timeout': value => $timeout;
'cinder/project_name': value => $project_name;
'cinder/project_domain_name': value => $project_domain_name;
'cinder/username': value => $username;
'cinder/user_domain_name': value => $user_domain_name;
'cinder/project_name': value => $project_name_real;
'cinder/project_domain_name': value => $project_domain_name_real;
'cinder/username': value => $username_real;
'cinder/user_domain_name': value => $user_domain_name_real;
'cinder/os_region_name': value => $os_region_name_real;
'cinder/catalog_info': value => $catalog_info_real;
'cinder/http_retries': value => $http_retries;

45
spec/classes/nova_cinder_spec.rb
View File

@@ -3,14 +3,36 @@ require 'spec_helper'
describe 'nova::cinder' do
shared_examples 'nova::cinder' do
context 'with required parameters' do
context 'with defaults' do
it 'configures cinder in nova.conf' do
should contain_nova_config('cinder/password').with_value('<SERVICE DEFAULT>').with_secret(true)
should contain_nova_config('cinder/auth_type').with_value('password')
should contain_nova_config('cinder/auth_type').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/auth_url').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/timeout').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/region_name').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/project_name').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/project_domain_name').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/username').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/user_domain_name').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/os_region_name').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/catalog_info').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/http_retries').with_value('<SERVICE DEFAULT>')
end
end
context 'with password' do
let :params do
{
:password => 's3cr3t',
}
end
it 'configures cinder in nova.conf' do
should contain_nova_config('cinder/password').with_value('s3cr3t').with_secret(true)
should contain_nova_config('cinder/auth_type').with_value('password')
should contain_nova_config('cinder/auth_url').with_value('http://127.0.0.1:5000/')
should contain_nova_config('cinder/timeout').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/region_name').with_value('<SERVICE DEFAULT>')
should contain_nova_config('cinder/project_name').with_value('services')
should contain_nova_config('cinder/project_domain_name').with_value('Default')
should contain_nova_config('cinder/username').with_value('cinder')
@@ -21,18 +43,17 @@ describe 'nova::cinder' do
end
end
context 'when specified parameters' do
let :params do
{
:password => 's3cr3t',
:auth_type => 'v3password',
:auth_url => 'http://10.0.0.10:5000/v3',
:timeout => 60,
:region_name => 'RegionOne',
:os_region_name => 'RegionOne',
:catalog_info => 'volumev3:cinderv3:publicURL',
:http_retries => 3,
:password => 's3cr3t',
:auth_type => 'v3password',
:auth_url => 'http://10.0.0.10:5000/v3',
:timeout => 60,
:region_name => 'RegionOne',
:os_region_name => 'RegionOne',
:catalog_info => 'volumev3:cinderv3:publicURL',
:http_retries => 3,
}
end