Merge "Remove deprecated watcher::api::watcher_clients_*"

2022-09-07 18:38:35 +00:00 · 2022-09-07 18:38:35 +00:00 · cdaf69080f
parent cacf558e92 9667d6a166
commit cdaf69080f
4 changed files with 42 additions and 185 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -85,90 +85,22 @@
 #   Require validate set at True.
 #   Defaults to undef
 #
-# [*watcher_client_auth_uri*]
-#   (Optional) Public Identity API endpoint.
-#   Defaults to undef
-#
-# [*watcher_client_default_domain_name*]
-#   (Optional)domain name to use with v3 API and v2 parameters. It will
-#   be used for both the user and project domain in v3 and ignored in v2
-#   authentication.
-#   Defaults to undef
-#
-# [*watcher_client_password*]
-#   (optional) User's password
-#   Defaults to undef
-#
-# [*watcher_client_username*]
-#   (optional) The name of the auth user
-#   Defaults to undef
-#
-# [*watcher_client_auth_url*]
-#   Specifies the admin Identity URI for Watcher to use.
-#   Defaults to undef
-#
-# [*watcher_client_project_name*]
-#   (Optional) Service project name.
-#   Defaults to undef
-#
-# [*watcher_client_certfile*]
-#   (Optional) PEM encoded client certificate cert file.
-#   Defaults to undef
-#
-# [*watcher_client_cafile*]
-#   (Optional)PEM encoded Certificate Authority to use when verifying HTTPs
-#   connections.
-#   Defaults to undef
-#
-# [*watcher_client_project_domain_name*]
-#   (Optional) Domain name containing project.
-#   Defaults to undef
-#
-# [*watcher_client_user_domain_name*]
-#   (Optional) User Domain name.
-#   Defaults to undef
-#
-# [*watcher_client_insecure*]
-#   (Optional) Verify HTTPS connections.
-#   Defaults to undef
-#
-# [*watcher_client_keyfile*]
-#   (Optional) PEM encoded client certificate key file.
-#   Defaults to undef
-#
-# [*watcher_client_auth_type*]
-#   (Optional) Authentication type to load.
-#   Defaults to undef
-#
 class watcher::api (
-  $package_ensure                     = 'present',
-  $enabled                            = true,
-  $manage_service                     = true,
-  $port                               = $::os_service_default,
-  $max_limit                          = $::os_service_default,
-  $bind_host                          = $::os_service_default,
-  $workers                            = $::os_workers,
-  $enable_ssl_api                     = $::os_service_default,
-  $service_name                       = $::watcher::params::api_service_name,
-  $create_db_schema                   = false,
-  $upgrade_db                         = false,
-  $auth_strategy                      = 'keystone',
+  $package_ensure     = 'present',
+  $enabled            = true,
+  $manage_service     = true,
+  $port               = $::os_service_default,
+  $max_limit          = $::os_service_default,
+  $bind_host          = $::os_service_default,
+  $workers            = $::os_workers,
+  $enable_ssl_api     = $::os_service_default,
+  $service_name       = $::watcher::params::api_service_name,
+  $create_db_schema   = false,
+  $upgrade_db         = false,
+  $auth_strategy      = 'keystone',
  # DEPRECATED PARAMETERS
-  $validate                           = undef,
-  $validation_options                 = undef,
-  $watcher_client_auth_uri            = undef,
-  $watcher_client_default_domain_name = undef,
-  $watcher_client_password            = undef,
-  $watcher_client_username            = undef,
-  $watcher_client_auth_url            = undef,
-  $watcher_client_project_name        = undef,
-  $watcher_client_certfile            = undef,
-  $watcher_client_cafile              = undef,
-  $watcher_client_project_domain_name = undef,
-  $watcher_client_user_domain_name    = undef,
-  $watcher_client_insecure            = undef,
-  $watcher_client_keyfile             = undef,
-  $watcher_client_auth_type           = undef,
+  $validate           = undef,
+  $validation_options = undef,
 ) inherits watcher::params {

  include watcher::policy
@ -243,26 +175,4 @@ as a standalone service, or httpd for being run by a httpd server")
    'api/workers':        value => $workers;
    'api/enable_ssl_api': value => $enable_ssl_api;
  }
-
-  if $watcher_client_auth_uri != undef {
-    warning('The watcher_client_auth_uri is deprecated and has no effect.')
-  }
-  watcher_config {
-    'watcher_clients_auth/auth_uri': ensure => absent;
-  }
-
-  if $watcher_client_default_domain_name != undef {
-    warning('The watcher_client_default_domain_name parameter is deprecated and has no effect.')
-  }
-
-  [ 'password', 'auth_url', 'username', 'project_name', 'project_domain_name',
-    'user_domain_anme', 'auth_type', 'insecure', 'keyfile', 'certfile',
-    'cafile' ].each |String $client_opt|{
-    if getvar("watcher_client_${client_opt}") != undef {
-      warning("The watcher_client_${client_opt} parameter is deprecated. \
-Use the watcher_clients_auth class instead.")
-    }
-    include watcher::watcher_clients_auth
-  }
-
 }
--- a/manifests/watcher_clients_auth.pp
+++ b/manifests/watcher_clients_auth.pp
@ -53,7 +53,7 @@
 #   Defaults to $::os_service_default
 #
 class watcher::watcher_clients_auth (
-  $password            = false,
+  $password,
  $auth_url            = 'http://localhost:5000/',
  $username            = 'watcher',
  $project_name        = 'services',
@ -69,40 +69,26 @@ class watcher::watcher_clients_auth (

  include watcher::deps

-  $password_real = pick($::watcher::api::watcher_client_password, $password)
-  if ! $password_real {
-    fail('password is required')
-  }
-
  if is_service_default($system_scope) {
-    $project_name_real = pick($::watcher::api::watcher_client_project_name, $project_name)
-    $project_domain_name_real = pick($::watcher::api::watcher_client_project_domain_name, $project_domain_name)
+    $project_name_real = $project_name
+    $project_domain_name_real = $project_domain_name
  } else {
    $project_name_real = $::os_service_default
    $project_domain_name_real = $::os_service_default
  }

-  $auth_url_real = pick($::watcher::api::watcher_client_auth_url, $auth_url)
-  $username_real = pick($::watcher::api::watcher_client_username, $username)
-  $user_domain_name_real = pick($::watcher::api::watcher_client_user_domain_name, $user_domain_name)
-  $auth_type_real = pick($::watcher::api::watcher_client_auth_type, $auth_type)
-  $insecure_real = pick($::watcher::api::watcher_client_insecure, $insecure)
-  $certfile_real = pick($::watcher::api::watcher_client_certfile, $certfile)
-  $cafile_real = pick($::watcher::api::watcher_client_cafile, $cafile)
-  $keyfile_real = pick($::watcher::api::watcher_client_keyfile, $keyfile)
-
  watcher_config {
-    'watcher_clients_auth/password':            value => $password_real, secret => true;
-    'watcher_clients_auth/username':            value => $username_real;
-    'watcher_clients_auth/auth_url':            value => $auth_url_real;
+    'watcher_clients_auth/password':            value => $password, secret => true;
+    'watcher_clients_auth/username':            value => $username;
+    'watcher_clients_auth/auth_url':            value => $auth_url;
    'watcher_clients_auth/project_name':        value => $project_name_real;
    'watcher_clients_auth/project_domain_name': value => $project_domain_name_real;
-    'watcher_clients_auth/user_domain_name':    value => $user_domain_name_real;
+    'watcher_clients_auth/user_domain_name':    value => $user_domain_name;
    'watcher_clients_auth/system_scope':        value => $system_scope;
-    'watcher_clients_auth/insecure':            value => $insecure_real;
-    'watcher_clients_auth/auth_type':           value => $auth_type_real;
-    'watcher_clients_auth/cafile':              value => $cafile_real;
-    'watcher_clients_auth/certfile':            value => $certfile_real;
-    'watcher_clients_auth/keyfile':             value => $keyfile_real;
+    'watcher_clients_auth/insecure':            value => $insecure;
+    'watcher_clients_auth/auth_type':           value => $auth_type;
+    'watcher_clients_auth/cafile':              value => $cafile;
+    'watcher_clients_auth/certfile':            value => $certfile;
+    'watcher_clients_auth/keyfile':             value => $keyfile;
  }
 }
--- a/releasenotes/notes/cleanup-watcher_clients-f84a02181142a249.yaml
+++ b/releasenotes/notes/cleanup-watcher_clients-f84a02181142a249.yaml
@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The deprecated ``watcher::api::watcher_clinet_*`` parameters have been
+    removed.
--- a/spec/classes/watcher_api_spec.rb
+++ b/spec/classes/watcher_api_spec.rb
@ -3,18 +3,21 @@ require 'spec_helper'
 describe 'watcher::api' do

  let :params do
-    { :watcher_client_password => 'password',
-      :enabled           => true,
-      :package_ensure    => 'latest',
+    {
+      :enabled        => true,
+      :package_ensure => 'latest',
    }
  end

-  shared_examples 'watcher-api' do
+  let :pre_condition do
+    "include watcher::db
+     class { 'watcher': }
+     class { 'watcher::keystone::authtoken':
+       password => 'a_big_secret',
+     }"
+  end

-    context 'without required parameter watcher_client_password' do
-      before { params.delete(:watcher_client_password) }
-      it { expect { is_expected.to raise_error(Puppet::Error) } }
-    end
+  shared_examples 'watcher-api' do

    it { is_expected.to contain_class('watcher::params') }
    it { is_expected.to contain_class('watcher::deps') }
@ -70,53 +73,6 @@ describe 'watcher::api' do
      end
    end

-    context 'watcher clients auth section with default parameters' do
-      it 'configures watcher clients auth' do
-        is_expected.to contain_watcher_config('watcher_clients_auth/username').with_value('watcher')
-        is_expected.to contain_watcher_config('watcher_clients_auth/password').with_value( params[:watcher_client_password] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/auth_url').with_value('http://localhost:5000/')
-        is_expected.to contain_watcher_config('watcher_clients_auth/project_name').with_value('services')
-        is_expected.to contain_watcher_config('watcher_clients_auth/project_domain_name').with_value('Default')
-        is_expected.to contain_watcher_config('watcher_clients_auth/user_domain_name').with_value('Default')
-        is_expected.to contain_watcher_config('watcher_clients_auth/insecure').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_watcher_config('watcher_clients_auth/auth_type').with_value('password')
-        is_expected.to contain_watcher_config('watcher_clients_auth/cafile').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_watcher_config('watcher_clients_auth/certfile').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_watcher_config('watcher_clients_auth/keyfile').with_value('<SERVICE DEFAULT>')
-      end
-    end
-
-    context 'watcher clients auth section with overridden parameters' do
-      before do
-        params.merge! ({
-          :watcher_client_username            => 'watcher_user',
-          :watcher_client_password            => 'PassWoRD',
-          :watcher_client_auth_url            => 'http://localhost:35358/',
-          :watcher_client_project_name        => 'ProjectZero',
-          :watcher_client_project_domain_name => 'WatcherDomain',
-          :watcher_client_user_domain_name    => 'WatcherUserDomain',
-          :watcher_client_insecure            => 'true',
-          :watcher_client_auth_type           => 'password',
-          :watcher_client_cafile              => '/tmp/ca.crt',
-          :watcher_client_certfile            => '/tmp/watcher.com.crt',
-          :watcher_client_keyfile             => '/tmp/key.pm',
-        })
-      end
-      it 'configures watcher clients auth' do
-        is_expected.to contain_watcher_config('watcher_clients_auth/username').with_value( params[:watcher_client_username] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/password').with_value( params[:watcher_client_password] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/auth_url').with_value('http://localhost:35358/')
-        is_expected.to contain_watcher_config('watcher_clients_auth/project_name').with_value( params[:watcher_client_project_name] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/project_domain_name').with_value( params[:watcher_client_project_domain_name] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/user_domain_name').with_value( params[:watcher_client_user_domain_name] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/insecure').with_value( params[:watcher_client_insecure] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/auth_type').with_value( params[:watcher_client_auth_type] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/cafile').with_value( params[:watcher_client_cafile] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/certfile').with_value( params[:watcher_client_certfile] )
-        is_expected.to contain_watcher_config('watcher_clients_auth/keyfile').with_value( params[:watcher_client_keyfile] )
-      end
-    end
-
    context 'when running watcher-api in wsgi' do
      before do
        params.merge!({ :service_name => 'httpd' })