From aa87b39e7382cf09cd4225d2b57feccd65e60053 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Fri, 20 Oct 2017 07:47:21 -0700
Subject: [PATCH] Fix key_manager config for Queens

keymgr_api_class is now deprecated in favor of keymgr_backend, with
full backward compatibility for users.
keymgr_backend is set to cinder.keymgr.conf_key_mgr.ConfKeyManager
by default and configure key_manager/backend instead of
key_manager/api_class. It reflects what openstack/cinder did in Queens
cycle.

Change-Id: I6f015a4ed4980d37622bb2931477af916cfc9003
Related-Bug: #1725298
---
 manifests/api.pp                              | 27 ++++++++++++++-----
 .../api_key_backend-f3272420502b4206.yaml     |  9 +++++++
 spec/classes/cinder_api_spec.rb               | 17 +++++++++---
 3 files changed, 43 insertions(+), 10 deletions(-)
 create mode 100644 releasenotes/notes/api_key_backend-f3272420502b4206.yaml

diff --git a/manifests/api.pp b/manifests/api.pp
index b7106a81..183a0bc9 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -26,11 +26,6 @@
 #   (optional) Auth URL associated with the OpenStack privileged account.
 #   Defaults to $::os_service_default.
 #
-# [*keymgr_api_class*]
-#   (optional) Key Manager service class.
-#   Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
-#   Defaults to $::os_service_default
-#
 # [*keymgr_encryption_api_url*]
 #   (optional) Key Manager service URL
 #   Example of valid value: https://localhost:9311/v1
@@ -151,6 +146,11 @@
 #   If this value is modified the catalog URLs in the keystone::auth class
 #   will also need to be changed to match.
 #
+# [*keymgr_backend*]
+#   (optional) Key Manager service class.
+#   Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+#   Defaults to 'cinder.keymgr.conf_key_mgr.ConfKeyManager'.
+#
 # DEPRECATED PARAMETERS
 #
 # [*validation_options*]
@@ -169,6 +169,11 @@
 #       try_sleep: 10
 #   Defaults to {}
 #
+# [*keymgr_api_class*]
+#   (optional) Deprecated. Key Manager service class.
+#   Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+#   Defaults to undef.
+#
 class cinder::api (
   $nova_catalog_info              = 'compute:Compute Service:publicURL',
   $nova_catalog_admin_info        = 'compute:Compute Service:adminURL',
@@ -178,7 +183,6 @@ class cinder::api (
   $os_privileged_user_password    = $::os_service_default,
   $os_privileged_user_tenant      = $::os_service_default,
   $os_privileged_user_auth_url    = $::os_service_default,
-  $keymgr_api_class               = $::os_service_default,
   $keymgr_encryption_api_url      = $::os_service_default,
   $keymgr_encryption_auth_url     = $::os_service_default,
   $service_workers                = $::os_workers,
@@ -203,8 +207,10 @@ class cinder::api (
   $ca_file                        = $::os_service_default,
   $auth_strategy                  = 'keystone',
   $osapi_volume_listen_port       = $::os_service_default,
+  $keymgr_backend                 = 'cinder.keymgr.conf_key_mgr.ConfKeyManager',
   # DEPRECATED PARAMETERS
   $validation_options             = {},
+  $keymgr_api_class               = undef,
 ) inherits cinder::params {
 
   include ::cinder::deps
@@ -229,6 +235,13 @@ class cinder::api (
     }
   }
 
+  if $keymgr_api_class {
+    warning('The keymgr_api_class parameter is deprecated, use keymgr_backend')
+    $keymgr_backend_real = $keymgr_api_class
+  } else {
+    $keymgr_backend_real = $keymgr_backend
+  }
+
   if $::cinder::params::api_package {
     package { 'cinder-api':
       ensure => $package_ensure,
@@ -317,7 +330,7 @@ running as a standalone service, or httpd for being run by a httpd server")
   }
 
   cinder_config {
-    'key_manager/api_class':      value => $keymgr_api_class;
+    'key_manager/backend':        value => $keymgr_backend_real;
     'barbican/barbican_endpoint': value => $keymgr_encryption_api_url;
     'barbican/auth_endpoint':     value => $keymgr_encryption_auth_url;
   }
diff --git a/releasenotes/notes/api_key_backend-f3272420502b4206.yaml b/releasenotes/notes/api_key_backend-f3272420502b4206.yaml
new file mode 100644
index 00000000..ecbaaea3
--- /dev/null
+++ b/releasenotes/notes/api_key_backend-f3272420502b4206.yaml
@@ -0,0 +1,9 @@
+---
+fixes:
+  - |
+    keymgr_api_class is now deprecated in favor of keymgr_backend, with
+    full backward compatibility for users.
+    keymgr_backend is set to cinder.keymgr.conf_key_mgr.ConfKeyManager
+    by default and configure key_manager/backend instead of
+    key_manager/api_class. It reflects what openstack/cinder did in Queens
+    cycle.
diff --git a/spec/classes/cinder_api_spec.rb b/spec/classes/cinder_api_spec.rb
index 1e4fa3df..fa05221d 100644
--- a/spec/classes/cinder_api_spec.rb
+++ b/spec/classes/cinder_api_spec.rb
@@ -60,7 +60,7 @@ describe 'cinder::api' do
         is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_password').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_tenant').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_auth_url').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_cinder_config('key_manager/api_class').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cinder_config('key_manager/backend').with_value('cinder.keymgr.conf_key_mgr.ConfKeyManager')
         is_expected.to contain_cinder_config('barbican/barbican_endpoint').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_cinder_config('barbican/auth_endpoint').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_cinder_config('oslo_middleware/enable_proxy_headers_parsing').with('value' => '<SERVICE DEFAULT>')
@@ -360,18 +360,29 @@ describe 'cinder::api' do
     describe 'with barbican parameters' do
       let :params do
         req_params.merge!({
-          :keymgr_api_class           => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
+          :keymgr_backend             => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
           :keymgr_encryption_api_url  => 'https://localhost:9311/v1',
           :keymgr_encryption_auth_url => 'https://localhost:5000/v3',
         })
       end
       it 'should set keymgr parameters' do
-        is_expected.to contain_cinder_config('key_manager/api_class').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
+        is_expected.to contain_cinder_config('key_manager/backend').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
         is_expected.to contain_cinder_config('barbican/barbican_endpoint').with_value('https://localhost:9311/v1')
         is_expected.to contain_cinder_config('barbican/auth_endpoint').with_value('https://localhost:5000/v3')
       end
     end
 
+    describe 'with barbican deprecated parameters' do
+      let :params do
+        req_params.merge!({
+          :keymgr_api_class           => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
+        })
+      end
+      it 'should set keymgr parameter' do
+        is_expected.to contain_cinder_config('key_manager/backend').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
+      end
+    end
+
   end
 
   on_supported_os({