From b7d19f43bd729e505d12979350082bf0c26b5b40 Mon Sep 17 00:00:00 2001 From: Denis Egorenko Date: Wed, 29 Jul 2015 13:46:20 +0300 Subject: [PATCH] Remove deprecated parameter stack_user_domain According to [1], stack_user_domain parameter is deprecated, and now will be used stack_user_domain_name parameter instead. [1] http://docs.openstack.org/kilo/config-reference/content/orchestration-configuring-api.html Change-Id: I558eaf311af8751897c402b3d3c2d82b4fadb07d --- .../provider/heat_domain_id_setter/ruby.rb | 189 ------------------ lib/puppet/type/heat_domain_id_setter.rb | 31 --- manifests/keystone/domain.pp | 13 +- spec/classes/heat_keystone_domain_spec.rb | 12 +- .../heat_domain_id_setter/heat_spec.rb | 177 ---------------- 5 files changed, 3 insertions(+), 419 deletions(-) delete mode 100644 lib/puppet/provider/heat_domain_id_setter/ruby.rb delete mode 100644 lib/puppet/type/heat_domain_id_setter.rb delete mode 100644 spec/unit/provider/heat_domain_id_setter/heat_spec.rb diff --git a/lib/puppet/provider/heat_domain_id_setter/ruby.rb b/lib/puppet/provider/heat_domain_id_setter/ruby.rb deleted file mode 100644 index 12ce71ac..00000000 --- a/lib/puppet/provider/heat_domain_id_setter/ruby.rb +++ /dev/null @@ -1,189 +0,0 @@ -## NB: This must work with Ruby 1.8! - -# This provider permits the stack_user_domain parameter in heat.conf -# to be set by providing a domain_name to the Puppet module and -# using the Keystone REST API to translate the name into the corresponding -# UUID. -# -# This requires that tenant names be unique. If there are multiple matches -# for a given tenant name, this provider will raise an exception. - -require 'rubygems' -require 'net/http' -require 'json' - -class KeystoneError < Puppet::Error -end - -class KeystoneConnectionError < KeystoneError -end - -class KeystoneAPIError < KeystoneError -end - -# Provides common request handling semantics to the other methods in -# this module. -# -# +req+:: -# An HTTPRequest object -# +url+:: -# A parsed URL (returned from URI.parse) -def handle_request(req, url) - begin - # There is issue with ipv6 where address has to be in brackets, this causes the - # underlying ruby TCPSocket to fail. Net::HTTP.new will fail without brackets on - # joining the ipv6 address with :port or passing brackets to TCPSocket. It was - # found that if we use Net::HTTP.start with url.hostname the incriminated code - # won't be hit. - use_ssl = url.scheme == "https" ? true : false - res = Net::HTTP.start(url.hostname, url.port, {:use_ssl => use_ssl}) {|http| - http.request(req) - } - - if res.code != '200' - raise KeystoneAPIError, "Received error response from Keystone server at #{url}: #{res.message}" - end - rescue Errno::ECONNREFUSED => detail - raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}" - rescue SocketError => detail - raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}" - end - - res -end - -# Authenticates to a Keystone server and obtains an authentication token. -# It returns a 2-element +[token, authinfo]+, where +token+ is a token -# suitable for passing to openstack apis in the +X-Auth-Token+ header, and -# +authinfo+ is the complete response from Keystone, including the service -# catalog (if available). -# -# +auth_url+:: -# Keystone endpoint URL. This function assumes API version -# 2.0 and an administrative endpoint, so this will typically look like -# +http://somehost:35357/v2.0+. -# -# +username+:: -# Username for authentication. -# -# +password+:: -# Password for authentication -# -# +tenantID+:: -# Tenant UUID -# -# +tenantName+:: -# Tenant name -# -def heat_handle_requests(auth_url, - username, - password, - tenantId=nil, - tenantName=nil) - - post_args = { - 'auth' => { - 'passwordCredentials' => { - 'username' => username, - 'password' => password - }, - }} - - if tenantId - post_args['auth']['tenantId'] = tenantId - end - - if tenantName - post_args['auth']['tenantName'] = tenantName - end - - url = URI.parse("#{auth_url}/tokens") - req = Net::HTTP::Post.new url.path - req['content-type'] = 'application/json' - req.body = post_args.to_json - - res = handle_request(req, url) - data = JSON.parse res.body - return data['access']['token']['id'], data -end - -# Queries a Keystone server to a list of all tenants. -# -# +auth_url+:: -# Keystone endpoint. See the notes for +auth_url+ in -# +heat_handle_requests+. -# -# +token+:: -# A Keystone token that will be passed in requests as the value of the -# +X-Auth-Token+ header. -# -def keystone_v3_domains(auth_url, - token) - - auth_url.sub!('v2.0', 'v3') - url = URI.parse("#{auth_url}/domains") - req = Net::HTTP::Get.new url.path - req['content-type'] = 'application/json' - req['x-auth-token'] = token - - res = handle_request(req, url) - data = JSON.parse res.body - data['domains'] -end - -Puppet::Type.type(:heat_domain_id_setter).provide(:ruby) do - def authenticate - token, authinfo = heat_handle_requests( - @resource[:auth_url], - @resource[:auth_username], - @resource[:auth_password], - nil, - @resource[:auth_tenant_name]) - - return token - end - - def find_domain_by_name(token) - domains = keystone_v3_domains( - @resource[:auth_url], - token) - domains.select{|domain| domain['name'] == @resource[:domain_name]} - end - - def exists? - false - end - - def create - config - end - - # This looks for the domain specified by the 'domain_name' parameter to - # the resource and returns the corresponding UUID if there is a single - # match. - # - # Raises a KeystoneAPIError if: - # - # - There are multiple matches, or - # - There are zero matches - def get_domain_id - token = authenticate - domains = find_domain_by_name(token) - - if domains.length == 1 - return domains[0]['id'] - elsif domains.length > 1 - name = domains[0]['name'] - raise KeystoneAPIError, 'Found multiple matches for domain name "#{name}"' - else - raise KeystoneAPIError, 'Unable to find matching domain' - end - end - - def config - Puppet::Type.type(:heat_config).new( - {:name => 'DEFAULT/stack_user_domain', :value => "#{get_domain_id}"} - ).create - end - -end diff --git a/lib/puppet/type/heat_domain_id_setter.rb b/lib/puppet/type/heat_domain_id_setter.rb deleted file mode 100644 index d6e1eeef..00000000 --- a/lib/puppet/type/heat_domain_id_setter.rb +++ /dev/null @@ -1,31 +0,0 @@ -Puppet::Type.newtype(:heat_domain_id_setter) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'The name of the setting to update' - end - - newparam(:domain_name) do - desc 'The heat domain name' - end - - newparam(:auth_url) do - desc 'The Keystone endpoint URL' - defaultto 'http://localhost:35357/v2.0' - end - - newparam(:auth_username) do - desc 'Username with which to authenticate' - defaultto 'admin' - end - - newparam(:auth_password) do - desc 'Password with which to authenticate' - end - - newparam(:auth_tenant_name) do - desc 'Tenant name with which to authenticate' - defaultto 'admin' - end -end diff --git a/manifests/keystone/domain.pp b/manifests/keystone/domain.pp index 35f675ff..4c97399d 100644 --- a/manifests/keystone/domain.pp +++ b/manifests/keystone/domain.pp @@ -57,19 +57,10 @@ class heat::keystone::domain ( logoutput => 'on_failure' } - heat_domain_id_setter { 'heat_domain_id': - ensure => present, - domain_name => $domain_name, - auth_url => $auth_url, - auth_username => $keystone_admin, - auth_password => $keystone_password, - auth_tenant_name => $keystone_tenant, - require => Exec['heat_domain_create'], - } - heat_config { - 'DEFAULT/stack_domain_admin': value => $domain_admin; + 'DEFAULT/stack_domain_admin': value => $domain_admin; 'DEFAULT/stack_domain_admin_password': value => $domain_password, secret => true; + 'DEFAULT/stack_user_domain_name': value => $domain_name; } } diff --git a/spec/classes/heat_keystone_domain_spec.rb b/spec/classes/heat_keystone_domain_spec.rb index 0eba85d8..4a2ad703 100644 --- a/spec/classes/heat_keystone_domain_spec.rb +++ b/spec/classes/heat_keystone_domain_spec.rb @@ -18,17 +18,7 @@ describe 'heat::keystone::domain' do is_expected.to contain_heat_config('DEFAULT/stack_domain_admin').with_value(params[:domain_admin]) is_expected.to contain_heat_config('DEFAULT/stack_domain_admin_password').with_value(params[:domain_password]) is_expected.to contain_heat_config('DEFAULT/stack_domain_admin_password').with_secret(true) - end - - it 'should configure heat domain id' do - is_expected.to contain_heat_domain_id_setter('heat_domain_id').with( - :ensure => 'present', - :domain_name => params[:domain_name], - :auth_url => params[:auth_url], - :auth_username => params[:keystone_admin], - :auth_password => params[:keystone_password], - :auth_tenant_name => params[:keystone_tenant] - ) + is_expected.to contain_heat_config('DEFAULT/stack_user_domain_name').with_value(params[:domain_name]) end it 'should exec helper script' do diff --git a/spec/unit/provider/heat_domain_id_setter/heat_spec.rb b/spec/unit/provider/heat_domain_id_setter/heat_spec.rb deleted file mode 100644 index a6bc4d9c..00000000 --- a/spec/unit/provider/heat_domain_id_setter/heat_spec.rb +++ /dev/null @@ -1,177 +0,0 @@ -require 'spec_helper' -require 'puppet' -require 'puppet/type/heat_domain_id_setter' - -provider_class = Puppet::Type.type(:heat_domain_id_setter).provider(:ruby) - -# used to simulate an authentication response from Keystone -# (POST v2.0/tokens) -auth_response = { - 'access' => { - 'token' => { - 'id' => 'TOKEN', - } - } -} - -# used to simulate a response to GET v3/domains -domains_response = { - 'domains' => [ - { - 'name' => 'heat', - 'id' => 'UUID_HEAT' - }, - { - 'name' => 'multiple_matches_domain', - 'id' => 'UUID1' - }, - { - 'name' => 'multiple_matches_domain', - 'id' => 'UUID2' - }, - ] -} - -# Stub for ini_setting resource -Puppet::Type.newtype(:ini_setting) do -end - -# Stub for ini_setting provider -Puppet::Type.newtype(:ini_setting).provide(:ruby) do - def create - end -end - -describe 'Puppet::Type.type(:heat_keystone_domain_id_setter)' do - let :params do - { - :name => 'heat_domain_id', - :ensure => 'present', - :domain_name => 'heat', - :auth_url => 'http://127.0.0.1:35357/v2.0', - :auth_username => 'admin', - :auth_password => 'admin_passwd', - :auth_tenant_name => 'admin', - } - end - - it 'should have a non-nil provider' do - expect(provider_class).not_to be_nil - end - - context 'when url is correct' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens"). - to_return(:status => 200, - :body => auth_response.to_json, - :headers => {}) - stub_request(:get, "http://127.0.0.1:35357/v3/domains"). - with(:headers => {'X-Auth-Token'=>'TOKEN'}). - to_return(:status => 200, - :body => domains_response.to_json, - :headers => {}) - end - - it 'should create a resource' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect(provider.create).to be_nil - end - end - - # What happens if we ask for a domain that does not exist? - context 'when domain cannot be found' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens"). - to_return(:status => 200, - :body => auth_response.to_json, - :headers => {}) - stub_request(:get, "http://127.0.0.1:35357/v3/domains"). - with(:headers => {'X-Auth-Token'=>'TOKEN'}). - to_return(:status => 200, - :body => domains_response.to_json, - :headers => {}) - - params.merge!(:domain_name => 'bad_domain_name') - end - - it 'should receive an api error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneAPIError, /Unable to find matching domain/ - end - end - - # What happens if we ask for a domain name that results in multiple - # matches? - context 'when there are multiple matching domains' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens"). - to_return(:status => 200, - :body => auth_response.to_json, - :headers => {}) - stub_request(:get, "http://127.0.0.1:35357/v3/domains"). - with(:headers => {'X-Auth-Token'=>'TOKEN'}). - to_return(:status => 200, - :body => domains_response.to_json, - :headers => {}) - - params.merge!(:domain_name => 'multiple_matches_domain') - end - - it 'should receive an api error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneAPIError, /Found multiple matches for domain name/ - end - end - - # What happens if we pass a bad password? - context 'when password is incorrect' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens"). - to_return(:status => 401, - :body => auth_response.to_json, - :headers => {}) - end - - it 'should receive an authentication error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneAPIError - end - end - - # What happens if the server is not listening? - context 'when keystone server is unavailable' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").to_raise Errno::ECONNREFUSED - end - - it 'should receive a connection error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneConnectionError - end - end - - # What happens if we mistype the hostname? - context 'when keystone server is unknown' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").to_raise SocketError, 'getaddrinfo: Name or service not known' - end - - it 'should receive a connection error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneConnectionError - end - end - -end