From 6da1886edc623aaa927c4303a43a61cf529be8e6 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Thu, 16 Nov 2023 15:34:53 +0900 Subject: [PATCH] Stop reading keystone_authtoken options Using credentials in keystone_authtoken options for sahara_* resources was deprecated some cycles ago[1]. [1] 67d927581e6bace11b644a059a445aef8d3a7717 Change-Id: I1d0e5bd29034daf70b8fc8ec531f071e8b640475 --- lib/puppet/provider/sahara.rb | 89 +------------------ ...ading-authtoken-opts-d06097cb2053aa42.yaml | 8 ++ spec/unit/provider/sahara_spec.rb | 48 ---------- 3 files changed, 10 insertions(+), 135 deletions(-) create mode 100644 releasenotes/notes/stop-reading-authtoken-opts-d06097cb2053aa42.yaml delete mode 100644 spec/unit/provider/sahara_spec.rb diff --git a/lib/puppet/provider/sahara.rb b/lib/puppet/provider/sahara.rb index 6fd158b2..076e6289 100644 --- a/lib/puppet/provider/sahara.rb +++ b/lib/puppet/provider/sahara.rb @@ -1,94 +1,10 @@ -require 'puppet/util/inifile' require 'puppet/provider/openstack' require 'puppet/provider/openstack/auth' -require 'puppet/provider/openstack/credentials' class Puppet::Provider::Sahara < Puppet::Provider::Openstack extend Puppet::Provider::Openstack::Auth - def self.conf_filename - '/etc/sahara/sahara.conf' - end - - def self.sahara_conf - return @sahara_conf if @sahara_conf - @sahara_conf = Puppet::Util::IniConfig::File.new - @sahara_conf.read(conf_filename) - @sahara_conf - end - - def self.request(service, action, properties=nil) - begin - super - rescue Puppet::Error::OpenstackAuthInputError, Puppet::Error::OpenstackUnauthorizedError => error - sahara_request(service, action, error, properties) - end - end - - def self.sahara_request(service, action, error, properties=nil) - warning('Usage of keystone_authtoken parameters is deprecated.') - properties ||= [] - @credentials.username = sahara_credentials['username'] - @credentials.password = sahara_credentials['password'] - @credentials.project_name = sahara_credentials['project_name'] - @credentials.auth_url = auth_endpoint - if sahara_credentials['region_name'] - @credentials.region_name = sahara_credentials['region_name'] - end - if @credentials.version == '3' - @credentials.user_domain_name = sahara_credentials['user_domain_name'] - @credentials.project_domain_name = sahara_credentials['project_domain_name'] - end - raise error unless @credentials.set? - Puppet::Provider::Openstack.request(service, action, properties, @credentials) - end - - def self.sahara_credentials - @sahara_credentials ||= get_sahara_credentials - end - - def sahara_credentials - self.class.sahara_credentials - end - - def self.get_sahara_credentials - auth_keys = ['auth_url', 'project_name', 'username', - 'password'] - conf = sahara_conf - if conf and conf['keystone_authtoken'] and - auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?} - creds = Hash[ auth_keys.map \ - { |k| [k, conf['keystone_authtoken'][k].strip] } ] - if conf['project_domain_name'] - creds['project_domain_name'] = conf['project_domain_name'] - else - creds['project_domain_name'] = 'Default' - end - if conf['user_domain_name'] - creds['user_domain_name'] = conf['user_domain_name'] - else - creds['user_domain_name'] = 'Default' - end - if conf['keystone_authtoken']['region_name'] - creds['region_name'] = conf['keystone_authtoken']['region_name'] - end - return creds - else - raise(Puppet::Error, "File: #{conf_filename} does not contain all " + - "required sections. Can not to authenticate Sahara.") - end - end - - def self.get_auth_endpoint - q = sahara_credentials - "#{q['auth_url']}" - end - - def self.auth_endpoint - @auth_endpoint ||= get_auth_endpoint - end - def self.flavors_list unless @flavors_hash list = request('flavor', 'list') @@ -106,8 +22,7 @@ class Puppet::Provider::Sahara < Puppet::Provider::Openstack end def self.reset - @sahara_conf = nil - @sahara_credentials = nil - @auth_endpoint = nil + @flavors_hash = nil + @network_hash = nil end end diff --git a/releasenotes/notes/stop-reading-authtoken-opts-d06097cb2053aa42.yaml b/releasenotes/notes/stop-reading-authtoken-opts-d06097cb2053aa42.yaml new file mode 100644 index 00000000..36d7b57e --- /dev/null +++ b/releasenotes/notes/stop-reading-authtoken-opts-d06097cb2053aa42.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + The following resource types no longer attempts to load user credentials + from the ``[keystone_authtoken]`` section in ``sahara.conf``. + + - ``sahara_cluster_template`` + - ``sahara_node_group_template`` diff --git a/spec/unit/provider/sahara_spec.rb b/spec/unit/provider/sahara_spec.rb deleted file mode 100644 index 19e755fa..00000000 --- a/spec/unit/provider/sahara_spec.rb +++ /dev/null @@ -1,48 +0,0 @@ -require 'puppet' -require 'spec_helper' -require 'puppet/provider/sahara' -require 'tempfile' - -klass = Puppet::Provider::Sahara - -describe Puppet::Provider::Sahara do - - after :each do - klass.reset - end - - describe 'when retrieving the auth credentials' do - - it 'should fail if no auth params are passed and the glance config file does not have the expected contents' do - mock = {} - expect(Puppet::Util::IniConfig::File).to receive(:new).and_return(mock) - expect(mock).to receive(:read).with('/etc/sahara/sahara.conf') - expect do - klass.sahara_credentials - end.to raise_error(Puppet::Error, /Can not to authenticate Sahara/) - end - - it 'should read conf file with all sections' do - creds_hash = { - 'auth_url' => 'https://192.168.56.210:5000/v3/', - 'project_name' => 'admin_tenant', - 'username' => 'admin', - 'password' => 'password', - 'project_domain_name' => 'Default', - 'user_domain_name' => 'Default', - } - mock = { - 'keystone_authtoken' => { - 'auth_url' => 'https://192.168.56.210:5000/v3/', - 'project_name' => 'admin_tenant', - 'username' => 'admin', - 'password' => 'password', - } - } - expect(Puppet::Util::IniConfig::File).to receive(:new).and_return(mock) - expect(mock).to receive(:read).with('/etc/sahara/sahara.conf') - expect(klass.sahara_credentials).to eq(creds_hash) - end - - end -end