diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp index 7d795699a..55bc4abb4 100644 --- a/manifests/keystone/auth.pp +++ b/manifests/keystone/auth.pp @@ -25,29 +25,41 @@ # Defaults to the value of auth_name_v3, but must differ from the value # of service_name. # -# [*public_address*] -# (optional) The public nova-api endpoint -# Defaults to '127.0.0.1' +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8774/v2/%(tenant_id)s') +# This url should *not* contain any version or trailing '/'. # -# [*admin_address*] -# (optional) The admin nova-api endpoint -# Defaults to '127.0.0.1' +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8774/v2/%(tenant_id)s') +# This url should *not* contain any version or trailing '/'. # -# [*internal_address*] -# (optional) The internal nova-api endpoint -# Defaults to '127.0.0.1' +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8774/v2/%(tenant_id)s') +# This url should *not* contain any version or trailing '/'. # -# [*compute_port*] -# (optional) The port to use for the compute endpoint -# Defaults to '8774' +# [*public_url_v3*] +# (optional) The v3 endpoint's public url. (Defaults to 'http://127.0.0.1:8774/v3') +# This url should *not* contain any version or trailing '/'. # -# [*ec2_port*] -# (optional) The port to use for the ec2 endpoint -# Defaults to '8773' +# [*internal_url_v3*] +# (optional) The v3 endpoint's internal url. (Defaults to 'http://127.0.0.1:8774/v3') +# This url should *not* contain any version or trailing '/'. # -# [*compute_version*] -# (optional) The version of the compute api to put in the endpoint -# Defaults to 'v2' +# [*admin_url_v3*] +# (optional) The v3 endpoint's admin url. (Defaults to 'http://127.0.0.1:8774/v3') +# This url should *not* contain any version or trailing '/'. +# +# [*ec2_public_url*] +# (optional) The endpoint's public url for EC2. +# (Defaults to 'http://127.0.0.1:8773/services/Cloud') +# +# [*ec2_internal_url*] +# (optional) The endpoint's internal url for EC2. +# (Defaults to 'http://127.0.0.1:8773/services/Cloud') +# +# [*ec2_admin_url*] +# (optional) The endpoint's admin url for EC2. +# (Defaults to 'http://127.0.0.1:8773/services/Admin') # # [*region*] # (optional) The region in which to place the endpoints @@ -81,15 +93,50 @@ # (optional) Whether to configure the admin role for the service user. # Defaults to true # -# [*public_protocol*] -# (optional) Protocol to use for the public endpoint. Can be http or https. -# Defaults to 'http' +# [*compute_version*] +# (optional) DEPRECATED: Use public_url, internal_url and admin_url OR +# public_url_v3, internal_url_v3 and admin_url_v3 instead. +# The version of the compute api to put in the endpoint. (Defaults to v2) +# Setting this parameter overrides public_url, internal_url and admin_url parameters. # -# [*admin_protocol*] -# Protocol for admin endpoints. Defaults to 'http'. +# [*compute_port*] +# (optional) DEPRECATED: Use public_url, internal_url and admin_url instead. +# Port for endpoint. (Defaults to 9696) +# Setting this parameter overrides public_url, internal_url and admin_url parameters. +# +# [*ec2_port*] +# (optional) DEPRECATED: Use ec2_public_url, ec2_internal_url and ec2_admin_url instead. +# (optional) The port to use for the ec2 endpoint. (Defaults to 8773) +# +# [*public_protocol*] +# (optional) DEPRECATED: Use public_url and ec2_public_url instead. +# Protocol for public endpoint. (Defaults to 'http') +# Setting this parameter overrides public_url and ec2_public_url parameters. +# +# [*public_address*] +# (optional) DEPRECATED: Use public_url and ec2_public_url instead. +# Public address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides public_url and ec2_public_url parameters. # # [*internal_protocol*] -# Protocol for internal endpoints. Defaults to 'http'. +# (optional) DEPRECATED: Use internal_url and ec2_internal_url instead. +# Protocol for internal endpoint. (Defaults to 'http') +# Setting this parameter overrides internal_url and ec2_internal_url parameters. +# +# [*internal_address*] +# (optional) DEPRECATED: Use internal_url and ec2_internal_url instead. +# Internal address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides internal_url and ec2_internal_url parameters. +# +# [*admin_protocol*] +# (optional) DEPRECATED: Use admin_url and ec2_admin_url instead. +# Protocol for admin endpoint. (Defaults to 'http') +# Setting this parameter overrides admin_url and ec2_admin_url parameters. +# +# [*admin_address*] +# (optional) DEPRECATED: Use admin_url and ec2_admin_url instead. +# Admin address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides admin_url and ec2_admin_url parameters. # class nova::keystone::auth( $password, @@ -97,25 +144,89 @@ class nova::keystone::auth( $auth_name_v3 = 'novav3', $service_name = undef, $service_name_v3 = undef, - $public_address = '127.0.0.1', - $admin_address = '127.0.0.1', - $internal_address = '127.0.0.1', - $compute_port = '8774', - $ec2_port = '8773', - $compute_version = 'v2', $region = 'RegionOne', $tenant = 'services', $email = 'nova@localhost', + $public_url = 'http://127.0.0.1:8774/v2/%(tenant_id)s', + $internal_url = 'http://127.0.0.1:8774/v2/%(tenant_id)s', + $admin_url = 'http://127.0.0.1:8774/v2/%(tenant_id)s', + $public_url_v3 = 'http://127.0.0.1:8774/v3', + $internal_url_v3 = 'http://127.0.0.1:8774/v3', + $admin_url_v3 = 'http://127.0.0.1:8774/v3', + $ec2_public_url = 'http://127.0.0.1:8773/services/Cloud', + $ec2_internal_url = 'http://127.0.0.1:8773/services/Cloud', + $ec2_admin_url = 'http://127.0.0.1:8773/services/Admin', $configure_ec2_endpoint = true, - $public_protocol = 'http', $configure_endpoint = true, $configure_endpoint_v3 = true, $configure_user = true, $configure_user_role = true, - $admin_protocol = 'http', - $internal_protocol = 'http' + # DEPRECATED PARAMETERS + $compute_version = undef, + $compute_port = undef, + $ec2_port = undef, + $public_protocol = undef, + $public_address = undef, + $admin_protocol = undef, + $admin_address = undef, + $internal_protocol = undef, + $internal_address = undef, ) { + if $compute_version { + warning('The compute_version parameter is deprecated, use public_url, internal_url and admin_url instead.') + } + + if $compute_port { + warning('The compute_port parameter is deprecated, use public_url, internal_url and admin_url instead.') + } + + if $ec2_port { + warning('The ec2_port parameter is deprecated, use ec2_public_url, ec2_internal_url and ec2_admin_url instead.') + } + + if $public_protocol { + warning('The public_protocol parameter is deprecated, use public_url instead.') + if $configure_ec2_endpoint { + warning('The public_protocol parameter is deprecated, use ec2_public_url instead.') + } + } + + if $internal_protocol { + warning('The internal_protocol parameter is deprecated, use internal_url instead.') + if $configure_ec2_endpoint { + warning('The internal_protocol parameter is deprecated, use ec2_public_url instead.') + } + } + + if $admin_protocol { + warning('The admin_protocol parameter is deprecated, use admin_url instead.') + if $configure_ec2_endpoint { + warning('The admin_protocol parameter is deprecated, use ec2_admin_url instead.') + } + } + + if $public_address { + warning('The public_address parameter is deprecated, use public_url instead.') + if $configure_ec2_endpoint { + warning('The public_address parameter is deprecated, use ec2_public_url instead.') + } + } + + if $internal_address { + warning('The internal_address parameter is deprecated, use internal_url instead.') + if $configure_ec2_endpoint { + warning('The internal_address parameter is deprecated, use ec2_internal_url instead.') + } + } + + if $admin_address { + warning('The admin_address parameter is deprecated, use admin_url instead.') + if $configure_ec2_endpoint { + warning('The admin_address parameter is deprecated, use ec2_admin_url instead.') + } + } + if $service_name == undef { $real_service_name = $auth_name } else { @@ -132,6 +243,64 @@ class nova::keystone::auth( fail('nova::keystone::auth parameters service_name and service_name_v3 must be different.') } + if ($public_protocol or $public_address or $compute_port) { + $public_url_real = sprintf('%s://%s:%s/%s/%%(tenant_id)s', + pick($public_protocol, 'http'), + pick($public_address, '127.0.0.1'), + pick($compute_port, '8774'), + pick($compute_version, 'v2')) + } else { + $public_url_real = $public_url + } + + if ($internal_protocol or $internal_address or $compute_port) { + $internal_url_real = sprintf('%s://%s:%s/%s/%%(tenant_id)s', + pick($internal_protocol, 'http'), + pick($internal_address, '127.0.0.1'), + pick($compute_port, '8774'), + pick($compute_version, 'v2')) + } else { + $internal_url_real = $internal_url + } + + if ($admin_protocol or $admin_address or $compute_port) { + $admin_url_real = sprintf('%s://%s:%s/%s/%%(tenant_id)s', + pick($admin_protocol, 'http'), + pick($admin_address, '127.0.0.1'), + pick($compute_port, '8774'), + pick($compute_version, 'v2')) + } else { + $admin_url_real = $admin_url + } + + # EC2 endpoints + if ($public_protocol or $public_address or $ec2_port) { + $ec2_public_url_real = sprintf('%s://%s:%s/services/Cloud', + pick($public_protocol, 'http'), + pick($public_address, '127.0.0.1'), + pick($ec2_port, '8773')) + } else { + $ec2_public_url_real = $ec2_public_url + } + + if ($internal_protocol or $internal_address or $ec2_port) { + $ec2_internal_url_real = sprintf('%s://%s:%s/services/Cloud', + pick($internal_protocol, 'http'), + pick($internal_address, '127.0.0.1'), + pick($ec2_port, '8773')) + } else { + $ec2_internal_url_real = $ec2_internal_url + } + + if ($admin_protocol or $admin_address or $ec2_port) { + $ec2_admin_url_real = sprintf('%s://%s:%s/services/Admin', + pick($admin_protocol, 'http'), + pick($admin_address, '127.0.0.1'), + pick($ec2_port, '8773')) + } else { + $ec2_admin_url_real = $ec2_admin_url + } + if $configure_endpoint { Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'nova-api' |> } @@ -148,9 +317,9 @@ class nova::keystone::auth( password => $password, email => $email, tenant => $tenant, - public_url => "${public_protocol}://${public_address}:${compute_port}/${compute_version}/%(tenant_id)s", - admin_url => "${admin_protocol}://${admin_address}:${compute_port}/${compute_version}/%(tenant_id)s", - internal_url => "${internal_protocol}://${internal_address}:${compute_port}/${compute_version}/%(tenant_id)s", + public_url => $public_url_real, + admin_url => $admin_url_real, + internal_url => $internal_url_real, } keystone::resource::service_identity { "nova v3 service, user ${auth_name_v3}": @@ -163,9 +332,9 @@ class nova::keystone::auth( service_name => $real_service_name_v3, region => $region, auth_name => $auth_name_v3, - public_url => "${public_protocol}://${public_address}:${compute_port}/v3", - admin_url => "${admin_protocol}://${admin_address}:${compute_port}/v3", - internal_url => "${internal_protocol}://${internal_address}:${compute_port}/v3", + public_url => $public_url_v3, + admin_url => $admin_url_v3, + internal_url => $internal_url_v3, } keystone::resource::service_identity { "nova ec2 service, user ${auth_name}_ec2": @@ -178,9 +347,9 @@ class nova::keystone::auth( service_name => "${real_service_name}_ec2", region => $region, auth_name => "${auth_name}_ec2", - public_url => "${public_protocol}://${public_address}:${ec2_port}/services/Cloud", - admin_url => "${admin_protocol}://${admin_address}:${ec2_port}/services/Admin", - internal_url => "${internal_protocol}://${internal_address}:${ec2_port}/services/Cloud", + public_url => $ec2_public_url_real, + admin_url => $ec2_admin_url_real, + internal_url => $ec2_internal_url_real, } } diff --git a/spec/classes/nova_keystone_endpoint_spec.rb b/spec/classes/nova_keystone_endpoint_spec.rb index 038001b5a..5da3568e5 100644 --- a/spec/classes/nova_keystone_endpoint_spec.rb +++ b/spec/classes/nova_keystone_endpoint_spec.rb @@ -6,6 +6,23 @@ describe 'nova::keystone::auth' do {:password => 'nova_password'} end + let :default_params do + { :auth_name => 'nova', + :region => 'RegionOne', + :tenant => 'services', + :email => 'nova@localhost', + :public_url => 'http://127.0.0.1:8774/v2/%(tenant_id)s', + :internal_url => 'http://127.0.0.1:8774/v2/%(tenant_id)s', + :admin_url => 'http://127.0.0.1:8774/v2/%(tenant_id)s', + :public_url_v3 => 'http://127.0.0.1:8774/v3', + :internal_url_v3 => 'http://127.0.0.1:8774/v3', + :admin_url_v3 => 'http://127.0.0.1:8774/v3', + :configure_ec2_endpoint => true, + :ec2_public_url => 'http://127.0.0.1:8773/services/Cloud', + :ec2_internal_url => 'http://127.0.0.1:8773/services/Cloud', + :ec2_admin_url => 'http://127.0.0.1:8773/services/Admin' } + end + context 'with default parameters' do it { is_expected.to contain_keystone_user('nova').with( @@ -15,7 +32,7 @@ describe 'nova::keystone::auth' do it { is_expected.to contain_keystone_user_role('nova@services').with( :ensure => 'present', - :roles => 'admin' + :roles => ['admin'] )} it { is_expected.to contain_keystone_service('nova').with( @@ -71,7 +88,7 @@ describe 'nova::keystone::auth' do it { is_expected.to contain_keystone_user_role('foo@services').with( :ensure => 'present', - :roles => 'admin' + :roles => ['admin'] )} it { is_expected.to contain_keystone_service('foo').with( @@ -133,7 +150,45 @@ describe 'nova::keystone::auth' do end - context 'when overriding endpoint params' do + context 'when overriding endpoint parameters' do + before do + params.merge!( + :region => 'RegionTwo', + :public_url => 'https://10.0.0.1:9774/v2.2/%(tenant_id)s', + :internal_url => 'https://10.0.0.3:9774/v2.2/%(tenant_id)s', + :admin_url => 'https://10.0.0.2:9774/v2.2/%(tenant_id)s', + :public_url_v3 => 'https://10.0.3.1:9774/v3', + :internal_url_v3 => 'https://10.0.3.3:9774/v3', + :admin_url_v3 => 'https://10.0.3.2:9774/v3', + :ec2_public_url => 'https://10.0.9.1:9773/services/Cloud', + :ec2_internal_url => 'https://10.0.9.2:9773/services/Cloud', + :ec2_admin_url => 'https://10.0.9.3:9773/services/Admin', + ) + end + + it { is_expected.to contain_keystone_endpoint('RegionTwo/nova').with( + :ensure => 'present', + :public_url => params[:public_url], + :internal_url => params[:internal_url], + :admin_url => params[:admin_url] + )} + + it { is_expected.to contain_keystone_endpoint('RegionTwo/novav3').with( + :ensure => 'present', + :public_url => params[:public_url_v3], + :internal_url => params[:internal_url_v3], + :admin_url => params[:admin_url_v3] + )} + + it { is_expected.to contain_keystone_endpoint('RegionTwo/nova_ec2').with( + :ensure => 'present', + :public_url => params[:ec2_public_url], + :internal_url => params[:ec2_internal_url], + :admin_url => params[:ec2_admin_url] + )} + end + + context 'when providing deprecated endpoint parameters' do before do params.merge!( :public_address => '10.0.0.1', @@ -162,7 +217,6 @@ describe 'nova::keystone::auth' do :admin_url => 'https://10.0.0.2:9773/services/Admin', :internal_url => 'https://10.0.0.3:9773/services/Cloud' )} - end describe 'when disabling endpoint configuration' do @@ -188,9 +242,7 @@ describe 'nova::keystone::auth' do end it { is_expected.to_not contain_keystone_user('nova') } - it { is_expected.to contain_keystone_user_role('nova@services') } - it { is_expected.to contain_keystone_service('nova').with( :ensure => 'present', :type => 'compute', @@ -208,9 +260,7 @@ describe 'nova::keystone::auth' do end it { is_expected.to_not contain_keystone_user('nova') } - it { is_expected.to_not contain_keystone_user_role('nova@services') } - it { is_expected.to contain_keystone_service('nova').with( :ensure => 'present', :type => 'compute', @@ -234,7 +284,7 @@ describe 'nova::keystone::auth' do } end - it { is_expected.to contain_keystone_endpoint('RegionOne/nova').with_notify('Service[nova-api]') } + it { is_expected.to contain_keystone_endpoint('RegionOne/nova').with_notify(['Service[nova-api]']) } end describe 'when overriding service names' do