Introduce public_url(_s3), internal_url(_s3) and admin_url(_s3)

This change deprecates the following parameters: - endpoint_prefix: replaced by public/internal/admin_url - port: replaced by public/internal/admin_url(_s3) - public_port: replaced by public_url(_s3) - public_protocol: replaced by public_url(_s3) - public_address: replaced by public_url(_s3) - public_port: replaced by public_url - internal_protocol: replaced by internal_url - internal_address: replaced by internal_url - admin_protocol: replaced by admin_url - admin_address: replaced by admin_url Add deprecation warnings if any of those values are provided while maintaining full backward compatibility. Co-Authored-By: David Moreau Simard <dmsimard@iweb.com> Co-Authored-By: Richard Raseley <richard@raseley.com> Closes-bug: #1274979 Change-Id: Ie4afc21ac6e9539edd70635de7f3db957a22467e
2015-06-11 17:52:18 -04:00 · 2015-06-11 17:52:18 -04:00 · f87e43e8a8
commit f87e43e8a8
parent 4a6e4cbb33
2 changed files with 277 additions and 107 deletions
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@ -15,14 +15,6 @@
 #  String. The user's password.
 #  Optional. Defaults to 'swift_password'.
 #
-# [*port*]
-#   (Optional) Port for endpoint.
-#   Defaults to '8080'.
-#
-# [*public_port*]
-#   (Optional) Port for endpoint.
-#   Defaults to '8080'.
-#
 # [*tenant*]
 #   (Optional) The tenant to use for the swift service user
 #   Defaults to 'services'
@ -39,29 +31,6 @@
 #  (Optional) Array of strings. List of roles Swift considers as admin.
 #  Defaults to '['admin', 'SwiftOperator']'
 #
-# [*public_protocol*]
-#   (Optional) Protocol to use for the public endpoint. Can be http or https.
-#   Defaults to 'http'
-#
-# [*public_address*]
-#   (Optional) Public address for endpoint.
-#   Defaults to '127.0.0.1'.
-#
-# [*admin_protocol*]
-#   (Optional) Protocol for admin endpoints.
-#   Defaults to 'http'.
-#
-# [*admin_address*]
-#   (Optional) Admin address for endpoint.
-#   Defaults to '127.0.0.1'.
-#
-# [*internal_protocol*]
-#   Protocol for internal endpoints. Defaults to 'http'.
-#
-# [*internal_address*]
-#   (Optional) Internal address for endpoint.
-#   Defaults to '127.0.0.1'.
-#
 # [*configure_endpoint*]
 #   (optional) Whether to create the endpoint.
 #   Defaults to true
@ -70,10 +39,6 @@
 #   (optional) Whether to create the S3 endpoint.
 #   Defaults to true
 #
-# [*endpoint_prefix*]
-#   (optional) The prefix endpoint, used for endpoint URL.
-#   Defaults to 'AUTH'
-#
 # [*service_name*]
 #   (optional) Name of the service.
 #   Defaults to the value of auth_name, but must differ from the value
@ -84,27 +49,212 @@
 #   Defaults to the value of auth_name_s3, but must differ from the value
 #   of service_name.
 #
+# [*public_url*]
+#   (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s')
+#   This url should *not* contain any trailing '/'.
+#
+# [*admin_url*]
+#   (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8080')
+#   This url should *not* contain any trailing '/'.
+#
+# [*internal_url*]
+#   (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s')
+#   This url should *not* contain any trailing '/'.
+#
+# [*public_url_s3*]
+#   (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8080')
+#   This url should *not* contain any trailing '/'.
+#
+# [*admin_url_s3*]
+#   (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8080')
+#   This url should *not* contain any trailing '/'.
+#
+# [*internal_url_s3*]
+#   (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8080')
+#   This url should *not* contain any trailing '/'.
+#
+# [*endpoint_prefix*]
+#   (optional) DEPRECATED: Use public_url, internal_url and admin_url instead.
+#   The prefix endpoint, used for endpoint URL. (Defaults to 'AUTH')
+#   Setting this parameter overrides public_url, internal_url and admin_url parameters.
+#
+# [*port*]
+#   (optional) DEPRECATED: Use public_url(_s3), internal_url(_s3) and admin_url(_s3) instead.
+#   Default port for endpoints. (Defaults to 8080)
+#   Setting this parameter overrides public_url(_s3), internal_url(_s3) and admin_url(_s3) parameters.
+#
+# [*public_port*]
+#   (optional) DEPRECATED: Use public_url(_s3) instead.
+#   Default port for endpoints. (Defaults to $port)
+#   Setting this parameter overrides public_url(_s3) parameter.
+#
+# [*public_protocol*]
+#   (optional) DEPRECATED: Use public_url instead.
+#   Protocol for public endpoint. (Defaults to 'http')
+#   Setting this parameter overrides public_url parameter.
+#
+# [*public_address*]
+#   (optional) DEPRECATED: Use public_url instead.
+#   Public address for endpoint. (Defaults to '127.0.0.1')
+#   Setting this parameter overrides public_url parameter.
+#
+# [*internal_protocol*]
+#   (optional) DEPRECATED: Use internal_url instead.
+#   Protocol for internal endpoint. (Defaults to 'http')
+#   Setting this parameter overrides internal_url parameter.
+#
+# [*internal_address*]
+#   (optional) DEPRECATED: Use internal_url instead.
+#   Internal address for endpoint. (Defaults to '127.0.0.1')
+#   Setting this parameter overrides internal_url parameter.
+#
+# [*admin_protocol*]
+#   (optional) DEPRECATED: Use admin_url instead.
+#   Protocol for admin endpoint. (Defaults to 'http')
+#   Setting this parameter overrides admin_url parameter.
+#
+# [*admin_address*]
+#   (optional) DEPRECATED: Use admin_url instead.
+#   Admin address for endpoint. (Defaults to '127.0.0.1')
+#   Setting this parameter overrides admin_url parameter.
+#
+# === Deprecation notes
+#
+# If any value is provided for public_protocol, public_address or port parameters,
+# public_url will be completely ignored. The same applies for internal and admin parameters.
+#
+# === Examples
+#
+#  class { 'swift::keystone::auth':
+#    public_url      => 'https://10.0.0.10:8080/v1/AUTH_%(tenant_id)s',
+#    internal_url    => 'https://10.0.0.11:8080/v1/AUTH_%(tenant_id)s',
+#    admin_url       => 'https://10.0.0.11:8080',
+#    public_url_s3   => 'https://10.0.0.10:8080',
+#    internal_url_s3 => 'https://10.0.0.11:8080',
+#    admin_url_s3    => 'https://10.0.0.11:8080',
+#  }
+#
 class swift::keystone::auth(
  $auth_name              = 'swift',
  $password               = 'swift_password',
-  $port                   = '8080',
  $tenant                 = 'services',
  $email                  = 'swift@localhost',
  $region                 = 'RegionOne',
  $operator_roles         = ['admin', 'SwiftOperator'],
  $service_name           = undef,
  $service_name_s3        = undef,
-  $public_protocol        = 'http',
-  $public_address         = '127.0.0.1',
-  $public_port            = undef,
-  $admin_protocol         = 'http',
-  $admin_address          = undef,
-  $internal_protocol      = 'http',
-  $internal_address       = undef,
  $configure_endpoint     = true,
  $configure_s3_endpoint  = true,
-  $endpoint_prefix        = 'AUTH',
+  $public_url             = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
+  $admin_url              = 'http://127.0.0.1:8080',
+  $internal_url           = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
+  $public_url_s3          = 'http://127.0.0.1:8080',
+  $admin_url_s3           = 'http://127.0.0.1:8080',
+  $internal_url_s3        = 'http://127.0.0.1:8080',
+  # DEPRECATED PARAMETERS
+  $endpoint_prefix        = undef,
+  $port                   = undef,
+  $public_port            = undef,
+  $public_protocol        = undef,
+  $public_address         = undef,
+  $internal_protocol      = undef,
+  $internal_address       = undef,
+  $admin_protocol         = undef,
+  $admin_address          = undef,
 ) {
+
+  if $endpoint_prefix {
+    warning('The endpoint_prefix parameter is deprecated, use public_url, internal_url and admin_url instead.')
+  }
+
+  if $port {
+    warning('The port parameter is deprecated, use public_url, internal_url, admin_url, public_url_s3, internal_url_s3 and admin_url_s3 instead.')
+  }
+
+  if $public_port {
+    warning('The public_port parameter is deprecated, use public_url and public_url_s3 instead.')
+  }
+
+  if $public_protocol {
+    warning('The public_protocol parameter is deprecated, use public_url and public_url_s3 instead.')
+  }
+
+  if $internal_protocol {
+    warning('The internal_protocol parameter is deprecated, use internal_url and internal_url_s3 instead.')
+  }
+
+  if $admin_protocol {
+    warning('The admin_protocol parameter is deprecated, use admin_url and admin_url_s3 instead.')
+  }
+
+  if $public_address {
+    warning('The public_address parameter is deprecated, use public_url and public_url_s3 instead.')
+  }
+
+  if $internal_address {
+    warning('The internal_address parameter is deprecated, use internal_url and internal_url_s3 instead.')
+  }
+
+  if $admin_address {
+    warning('The admin_address parameter is deprecated, use admin_url and admin_url_s3 instead.')
+  }
+
+  if ($public_protocol or $public_address or $port or $public_port or $endpoint_prefix) {
+    $public_url_real = sprintf('%s://%s:%s/v1/%s_%%(tenant_id)s',
+      pick($public_protocol, 'http'),
+      pick($public_address, '127.0.0.1'),
+      pick($public_port, $port, '8080'),
+      pick($endpoint_prefix, 'AUTH'))
+  } else {
+    $public_url_real = $public_url
+  }
+
+  if ($admin_protocol or $admin_address or $public_address or $port) {
+    $admin_url_real = sprintf('%s://%s:%s',
+      pick($admin_protocol, 'http'),
+      pick($admin_address, $public_address, '127.0.0.1'),
+      pick($port, '8080'))
+  } else {
+    $admin_url_real = $admin_url
+  }
+
+  if ($internal_protocol or $internal_address or $public_address or $port or $endpoint_prefix) {
+    $internal_url_real = sprintf('%s://%s:%s/v1/%s_%%(tenant_id)s',
+      pick($internal_protocol, 'http'),
+      pick($internal_address, $public_address, '127.0.0.1'),
+      pick($port, '8080'),
+      pick($endpoint_prefix, 'AUTH'))
+  } else {
+    $internal_url_real = $internal_url
+  }
+
+  if ($public_protocol or $public_address or $port or $public_port) {
+    $public_url_s3_real = sprintf('%s://%s:%s',
+      pick($public_protocol, 'http'),
+      pick($public_address, '127.0.0.1'),
+      pick($public_port, $port, '8080'))
+  } else {
+    $public_url_s3_real = $public_url_s3
+  }
+
+  if ($admin_protocol or $admin_address or $public_address or $port) {
+    $admin_url_s3_real = sprintf('%s://%s:%s',
+      pick($admin_protocol, 'http'),
+      pick($admin_address, $public_address, '127.0.0.1'),
+      pick($port, '8080'))
+  } else {
+    $admin_url_s3_real = $admin_url_s3
+  }
+
+  if ($internal_protocol or $internal_address or $public_address or $port) {
+    $internal_url_s3_real = sprintf('%s://%s:%s',
+      pick($internal_protocol, 'http'),
+      pick($internal_address, $public_address, '127.0.0.1'),
+      pick($port, '8080'))
+  } else {
+    $internal_url_s3_real = $internal_url_s3
+  }
+
  $real_service_name    = pick($service_name, $auth_name)
  $real_service_name_s3 = pick($service_name_s3, "${auth_name}_s3")

@ -112,22 +262,6 @@ class swift::keystone::auth(
      fail('cinder::keystone::auth parameters service_name and service_name_s3 must be different.')
  }

-  if ! $public_port {
-    $real_public_port = $port
-  } else {
-    $real_public_port = $public_port
-  }
-  if ! $admin_address {
-    $real_admin_address = $public_address
-  } else {
-    $real_admin_address = $admin_address
-  }
-  if ! $internal_address {
-    $real_internal_address = $public_address
-  } else {
-    $real_internal_address = $internal_address
-  }
-
  keystone::resource::service_identity { 'swift':
    configure_endpoint  => $configure_endpoint,
    service_name        => $real_service_name,
@ -138,9 +272,9 @@ class swift::keystone::auth(
    password            => $password,
    email               => $email,
    tenant              => $tenant,
-    public_url          => "${public_protocol}://${public_address}:${real_public_port}/v1/${endpoint_prefix}_%(tenant_id)s",
-    admin_url           => "${admin_protocol}://${real_admin_address}:${port}/",
-    internal_url        => "${internal_protocol}://${real_internal_address}:${port}/v1/${endpoint_prefix}_%(tenant_id)s",
+    public_url          => $public_url_real,
+    admin_url           => $admin_url_real,
+    internal_url        => $internal_url_real,
  }

  keystone::resource::service_identity { 'swift_s3':
@ -152,9 +286,9 @@ class swift::keystone::auth(
    service_type        => 's3',
    service_description => 'Openstack S3 Service',
    region              => $region,
-    public_url          => "${public_protocol}://${public_address}:${real_public_port}",
-    admin_url           => "${admin_protocol}://${real_admin_address}:${port}",
-    internal_url        => "${internal_protocol}://${real_internal_address}:${port}",
+    public_url          => $public_url_s3_real,
+    admin_url           => $admin_url_s3_real,
+    internal_url        => $internal_url_s3_real,
  }

  if $operator_roles {
--- a/spec/classes/swift_keystone_auth_spec.rb
+++ b/spec/classes/swift_keystone_auth_spec.rb
@ -15,13 +15,12 @@ describe 'swift::keystone::auth' do
      :email             => 'swift@localhost',
      :region            => 'RegionOne',
      :operator_roles    => ['admin', 'SwiftOperator'],
-      :public_protocol   => 'http',
-      :public_address    => '127.0.0.1',
-      :admin_protocol    => 'http',
-      :admin_address     => '127.0.0.1',
-      :internal_protocol => 'http',
-      :internal_address  => '127.0.0.1',
-      :endpoint_prefix   => 'AUTH',
+      :public_url        => 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
+      :admin_url         => 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
+      :internal_url      => 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
+      :public_url_s3     => 'http://127.0.0.1:8080',
+      :admin_url_s3      => 'http://127.0.0.1:8080',
+      :internal_url_s3   => 'http://127.0.0.1:8080',
    }
  end

@ -34,7 +33,63 @@ describe 'swift::keystone::auth' do
      end
    end

-    context 'with custom class parameters' do
+    context 'with custom parameters' do
+      before do
+        params.merge!({
+          :auth_name       => 'object_store',
+          :password        => 'passw0rd',
+          :tenant          => 'admin',
+          :email           => 'object_store@localhost',
+          :region          => 'RegionTwo',
+          :operator_roles  => ['admin', 'SwiftOperator', 'Gopher'],
+          :public_url      => 'https://10.0.0.10:8080/v1/AUTH_%(tenant_id)s',
+          :internal_url    => 'https://10.0.0.11:8080/v1/AUTH_%(tenant_id)s',
+          :admin_url       => 'https://10.0.0.11:8080/v1/AUTH_%(tenant_id)s',
+          :public_url_s3   => 'https://10.0.0.10:8080',
+          :internal_url_s3 => 'https://10.0.0.11:8080',
+          :admin_url_s3    => 'https://10.0.0.11:8080',
+        })
+      end
+
+      it_configures 'keystone auth configuration'
+
+      ['admin', 'SwiftOperator', 'Gopher'].each do |role_name|
+        it { is_expected.to contain_keystone_role(role_name).with_ensure('present') }
+      end
+
+      it { is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}").with(
+        :ensure       => 'present',
+        :public_url   => params[:public_url],
+        :admin_url    => params[:admin_url],
+        :internal_url => params[:internal_url],
+      )}
+
+      it { is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}_s3").with(
+        :ensure       => 'present',
+        :public_url   => params[:public_url_s3],
+        :admin_url    => params[:admin_url_s3],
+        :internal_url => params[:internal_url_s3],
+      )}
+
+      context 'when disabling endpoint configuration' do
+        before do
+          params.merge!(:configure_endpoint => false)
+        end
+
+        it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift') }
+      end
+
+      context 'when disabling S3 endpoint' do
+        before do
+          params.merge!(:configure_s3_endpoint => false)
+        end
+
+        it { is_expected.to_not contain_keystone_service('swift_s3') }
+        it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift_s3') }
+      end
+    end
+
+    context 'with deprecated endpoint parameters' do
      before do
        params.merge!({
          :auth_name         => 'object_store',
@ -55,28 +110,23 @@ describe 'swift::keystone::auth' do
        })
      end

-      it_configures 'keystone auth configuration'
-
-      ['admin', 'SwiftOperator', 'Gopher'].each do |role_name|
-        it { is_expected.to contain_keystone_role(role_name).with_ensure('present') }
-      end
-    end
-
-    context 'when disabling endpoint configuration' do
-      before do
-        params.merge!(:configure_endpoint => false)
+      let :p do
+        default_params.merge( params )
      end

-      it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift') }
-    end
+      it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}").with(
+        :ensure       => 'present',
+        :public_url   => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:public_port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s",
+        :admin_url    => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}",
+        :internal_url => "#{p[:internal_protocol]}://#{p[:internal_address]}:#{p[:port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s"
+      )}

-    context 'when disabling S3 endpoint' do
-      before do
-        params.merge!(:configure_s3_endpoint => false)
-      end
-
-      it { is_expected.to_not contain_keystone_service('swift_s3') }
-      it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift_s3') }
+      it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}_s3").with(
+        :ensure       => 'present',
+        :public_url   => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:port]}",
+        :admin_url    => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}",
+        :internal_url => "#{p[:internal_protocol]}://#{p[:internal_address]}:#{p[:port]}"
+      )}
    end
  end

@ -102,25 +152,11 @@ describe 'swift::keystone::auth' do
      :description => 'Openstack Object-Store Service'
    )}

-    it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}").with(
-      :ensure       => 'present',
-          :public_url   => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s",
-      :admin_url    => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}/",
-      :internal_url => "#{p[:internal_protocol]}://#{p[:internal_address]}:#{p[:port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s"
-    )}
-
    it { is_expected.to contain_keystone_service("#{p[:auth_name]}_s3").with(
    :ensure      => 'present',
    :type        => 's3',
    :description => 'Openstack S3 Service'
    )}
-
-    it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}_s3").with(
-      :ensure       => 'present',
-      :public_url   => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:port]}",
-      :admin_url    => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}",
-      :internal_url => "#{p[:internal_protocol]}://#{p[:internal_address]}:#{p[:port]}"
-    )}
  end

  context 'on Debian platforms' do