From d87c1e8fe77bef596438fb1e8eaef48ba55c2005 Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Tue, 27 Jan 2015 21:24:14 -0500
Subject: [PATCH] Add support for identity_uri.

This patch adds the ability to set a new identity_uri parameter.
It also deprecates the old auth_host, auth_port, auth_protocol,
and auth_admin_prefix parameters. Logic is in place so that
users of the deprecated settings should have a smooth upgrade
process and get deprecation warnings until they adopt the
new settings.

Change-Id: Ideefb4d824cbd5b4b83f9eb773a75e536e3458fb
---
 manifests/api.pp              | 86 +++++++++++++++++++++++++----------
 spec/classes/nova_api_spec.rb | 33 ++++++++++++++
 2 files changed, 96 insertions(+), 23 deletions(-)

diff --git a/manifests/api.pp b/manifests/api.pp
index 856b7bac2..21c7af155 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -20,23 +20,27 @@
 #   Defaults to 'present'
 #
 # [*auth_host*]
-#   (optional) The IP of the server running keystone
+#   (optional) DEPRECATED. The IP of the server running keystone
 #   Defaults to '127.0.0.1'
 #
 # [*auth_port*]
-#   (optional) The port to use when authenticating against Keystone
+#   (optional) DEPRECATED. The port to use when authenticating against Keystone
 #   Defaults to 35357
 #
 # [*auth_protocol*]
-#   (optional) The protocol to use when authenticating against Keystone
+#   (optional) DEPRECATED. The protocol to use when authenticating against Keystone
 #   Defaults to 'http'
 #
 # [*auth_uri*]
-#   (optional) The uri of a Keystone service to authenticate against
+#   (optional) Complete public Identity API endpoint.
 #   Defaults to false
 #
+# [*identity_uri*]
+#   (optional) Complete admin Identity API endpoint.
+#   Defaults to: false
+#
 # [*auth_admin_prefix*]
-#   (optional) Prefix to prepend at the beginning of the keystone path
+#   (optional) DEPRECATED. Prefix to prepend at the beginning of the keystone path
 #   Defaults to false
 #
 # [*auth_version*]
@@ -147,11 +151,8 @@ class nova::api(
   $enabled               = false,
   $manage_service        = true,
   $ensure_package        = 'present',
-  $auth_host             = '127.0.0.1',
-  $auth_port             = 35357,
-  $auth_protocol         = 'http',
   $auth_uri              = false,
-  $auth_admin_prefix     = false,
+  $identity_uri          = false,
   $auth_version          = false,
   $admin_tenant_name     = 'services',
   $admin_user            = 'nova',
@@ -174,6 +175,10 @@ class nova::api(
   $validate              = false,
   $validation_options    = {},
   # DEPRECATED PARAMETER
+  $auth_protocol         = 'http',
+  $auth_port             = 35357,
+  $auth_host             = '127.0.0.1',
+  $auth_admin_prefix     = false,
   $conductor_workers     = undef,
 ) {
 
@@ -240,32 +245,67 @@ class nova::api(
   }
   nova_config { 'keystone_authtoken/auth_uri': value => $auth_uri_real; }
 
+  if $identity_uri {
+    nova_config { 'keystone_authtoken/identity_uri': value => $identity_uri; }
+  } else {
+    nova_config { 'keystone_authtoken/identity_uri': ensure => absent; }
+  }
+
   if $auth_version {
     nova_config { 'keystone_authtoken/auth_version': value => $auth_version; }
   } else {
     nova_config { 'keystone_authtoken/auth_version': ensure => absent; }
   }
 
+  # if both auth_uri and identity_uri are set we skip these deprecated settings entirely
+  if !$auth_uri or !$identity_uri {
+
+    if $auth_host {
+      warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      nova_config { 'keystone_authtoken/auth_host': value => $auth_host; }
+    } else {
+      nova_config { 'keystone_authtoken/auth_host': ensure => absent; }
+    }
+
+    if $auth_port {
+      warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      nova_config { 'keystone_authtoken/auth_port': value => $auth_port; }
+    } else {
+      nova_config { 'keystone_authtoken/auth_port': ensure => absent; }
+    }
+
+    if $auth_protocol {
+      warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      nova_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; }
+    } else {
+      nova_config { 'keystone_authtoken/auth_protocol': ensure => absent; }
+    }
+
+    if $auth_admin_prefix {
+      warning('The auth_admin_prefix  parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+      nova_config {
+        'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
+      }
+    } else {
+      nova_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; }
+    }
+
+  } else {
+    nova_config {
+      'keystone_authtoken/auth_host': ensure => absent;
+      'keystone_authtoken/auth_port': ensure => absent;
+      'keystone_authtoken/auth_protocol': ensure => absent;
+      'keystone_authtoken/auth_admin_prefix': ensure => absent;
+    }
+  }
+
   nova_config {
-    'keystone_authtoken/auth_host':         value => $auth_host;
-    'keystone_authtoken/auth_port':         value => $auth_port;
-    'keystone_authtoken/auth_protocol':     value => $auth_protocol;
     'keystone_authtoken/admin_tenant_name': value => $admin_tenant_name;
     'keystone_authtoken/admin_user':        value => $admin_user;
     'keystone_authtoken/admin_password':    value => $admin_password, secret => true;
   }
 
-  if $auth_admin_prefix {
-    validate_re($auth_admin_prefix, '^(/.+[^/])?$')
-    nova_config {
-      'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
-    }
-  } else {
-    nova_config {
-      'keystone_authtoken/auth_admin_prefix': ensure => absent;
-    }
-  }
-
   if $keystone_ec2_url {
     nova_config {
       'DEFAULT/keystone_ec2_url': value => $keystone_ec2_url;
diff --git a/spec/classes/nova_api_spec.rb b/spec/classes/nova_api_spec.rb
index ab76d995c..b5c5f6832 100644
--- a/spec/classes/nova_api_spec.rb
+++ b/spec/classes/nova_api_spec.rb
@@ -256,6 +256,39 @@ describe 'nova::api' do
       it { should contain_nova_config('database/idle_timeout').with_value('30') }
     end
 
+    context 'with custom keystone identity_uri' do
+      before do
+        params.merge!({
+          :identity_uri => 'https://foo.bar:1234/',
+        })
+      end
+      it 'configures identity_uri' do
+        should contain_nova_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/");
+        # since only auth_uri is set the deprecated auth parameters should
+        # still get set in case they are still in use
+        should contain_nova_config('keystone_authtoken/auth_host').with_value('127.0.0.1');
+        should contain_nova_config('keystone_authtoken/auth_port').with_value('35357');
+        should contain_nova_config('keystone_authtoken/auth_protocol').with_value('http');
+      end
+    end
+
+    context 'with custom keystone identity_uri and auth_uri' do
+      before do
+        params.merge!({
+          :identity_uri => 'https://foo.bar:35357/',
+          :auth_uri => 'https://foo.bar:5000/v2.0/',
+        })
+      end
+      it 'configures identity_uri' do
+        should contain_nova_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
+        should contain_nova_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
+        should contain_nova_config('keystone_authtoken/auth_host').with_ensure('absent')
+        should contain_nova_config('keystone_authtoken/auth_port').with_ensure('absent')
+        should contain_nova_config('keystone_authtoken/auth_protocol').with_ensure('absent')
+        should contain_nova_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
+      end
+    end
+
   end
 
   context 'on Debian platforms' do