openstack
/
puppet-ec2api
Code Issues Proposed changes

Move Ec2Api to authtoken 

In ec2api::api, use keystone::resource::authtoken
to configure keystone_authsection in the configuration
file.

Update parameters to have all parameters from the resource.

Change-Id: I8832cd537720a18bb7171c555107f3b6a9dd5b6f
Related-Bug: #1604463
This commit is contained in:
Iury Gregory Melo Ferreira 2016-07-21 00:10:40 -03:00
parent 7baa60f678
commit 5987c2312c
2 changed files with 183 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

189
manifests/api.pp
View File

@ -45,7 +45,51 @@
# Maximum time since last check-in for up service.
# Default: $::os_service_default
#
# === Keystone
# === KeystoneMiddleware
#
# [*password*]
# (required) Password for the user
#
# [*username*]
# (optional) The name of the service user
# Defaults to 'ec2api'
#
# [*auth_url*]
# (optional) The URL to use for authentication.
# Defaults to 'http://localhost:35357/'.
#
# [*auth_uri*]
# (optional) The URL to use for public authentication.
# Defaults to: 'http://localhost:5000/'.
#
# [*project_name*]
# (optional) Service project name
# Defaults to 'services'
#
# [*user_domain_name*]
# (optional) Name of domain for $username
# Defaults to $::os_service_default
#
# [*project_domain_name*]
# (optional) Name of domain for $project_name
# Defaults to $::os_service_default
#
# [*auth_section*]
# (optional) Config Section from which to load plugin specific options
# Defaults to $::os_service_default
#
# [*auth_type*]
# (optional) Authentication type to load
# Defaults to 'password'
#
# [*auth_version*]
# (optional) API version of the admin Identity API endpoint
# for example, use 'v3' for the keystone version 3.0 api
# Defaults to-$::os_service_default
#
# [*cache*]
# (optional) Env key for the swift cache.
# Defaults to $::os_service_default
#
# [*delay_auth_decision*]
# Do not handle authorization requests within the middleware, but delegate
@ -60,17 +104,6 @@
# How many times are we trying to reconnect when communicating with Identity API Server.
# Default: $::os_service_default
#
# [*keystone_admin_user*]
# Keystone account username
# Default: $::os_service_default
#
# [*keystone_admin_password*]
# (Required) Keystone account password
#
# [*keystone_admin_tenant_name*]
# Keystone service account tenant name to validate user tokens
# Default: $::os_service_default
#
# [*insecure*]
# Verify HTTPS connections
# Default: $::os_service_default
@ -90,7 +123,7 @@
# (in seconds). Set to -1 to disable caching completely
# Default: $::os_service_default
#
# [*cache_time*]
# [*revocation_cache_time*]
# Time to cache the revocation list and the revocation
# events (in seconds). This has no effect unless
# global and token caching are enabled.
@ -110,6 +143,41 @@
# is used for key derivation
# Default: $::os_service_default
#
# [*memcache_pool_conn_get_timeout*]
# (Optional) Number of seconds that an operation will wait to get a
# memcached
# client connection from the pool. Integer value
# Defaults to $::os_service_default.
#
# [*memcache_pool_dead_retry*]
# (Optional) Number of seconds memcached server is considered dead before it
# is tried again. Integer value
# Defaults to $::os_service_default.
#
# [*memcache_pool_maxsize*]
# (Optional) Maximum total number of open connections to every memcached
# server. Integer value
# Defaults to $::os_service_default.
#
# [*memcache_pool_socket_timeout*]
# (Optional) Number of seconds a connection to memcached is held unused in
# the pool before it is closed. Integer value
# Defaults to $::os_service_default.
#
# [*memcache_pool_unused_timeout*]
# (Optional) Number of seconds a connection to memcached is held unused in
# the pool before it is closed. Integer value
# Defaults to $::os_service_default.
#
# [*memcache_use_advanced_pool*]
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x Boolean value
# Defaults to $::os_service_default.
#
# [*region_name*]
# (Optional) The region in which the identity server can be found.
# Defaults to $::os_service_default.
#
# [*include_service_catalog*]
# (Optional) Indicates whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and
@ -147,15 +215,15 @@
# value for better performance
# Default: $::os_service_default
#
# [*keystone_certfile*]
# [*certfile*]
# Required if Keystone server requires client certificate
# Default: $::os_service_default
#
# [*keystone_keyfile*]
# [*keyfile*]
# Required if Keystone server requires client certificate
# Default: $::os_service_default
#
# [*keystone_cafile*]
# [*cafile*]
# A PEM encoded Certificate Authority to use when verifying HTTPs
# connections. Defaults to system CAs.
# Default: $::os_service_default
@ -355,26 +423,41 @@ class ec2api::api (
$ec2api_workers = $::os_service_default,
$service_down_time = $::os_service_default,
# Keystone
$username = 'ec2api',
$password,
$project_name = 'services',
$auth_url = 'http://localhost:35357/',
$auth_uri = 'http://localhost:5000/',
$auth_version = $::os_service_default,
$auth_type = 'password',
$auth_section = $::os_service_default,
$user_domain_name = $::os_service_default,
$project_domain_name = $::os_service_default,
$cache = $::os_service_default,
$delay_auth_decision = $::os_service_default,
$http_connect_timeout = $::os_service_default,
$http_request_max_retries = $::os_service_default,
$keystone_admin_user = $::os_service_default,
$keystone_admin_password,
$keystone_admin_tenant_name = $::os_service_default,
$insecure = $::os_service_default,
$signing_dir = $::os_service_default,
$token_cache_time = $::os_service_default,
$cache_time = $::os_service_default,
$revocation_cache_time = $::os_service_default,
$memcached_servers = $::os_service_default,
$memcache_security_strategy = $::os_service_default,
$memcache_secret_key = $::os_service_default,
$memcache_pool_conn_get_timeout = $::os_service_default,
$memcache_pool_dead_retry = $::os_service_default,
$memcache_pool_maxsize = $::os_service_default,
$memcache_pool_socket_timeout = $::os_service_default,
$memcache_pool_unused_timeout = $::os_service_default,
$memcache_use_advanced_pool = $::os_service_default,
$region_name = $::os_service_default,
$include_service_catalog = $::os_service_default,
$enforce_token_bind = $::os_service_default,
$check_revocations_for_cached = $::os_service_default,
$hash_algorithms = $::os_service_default,
$keystone_certfile = $::os_service_default,
$keystone_keyfile = $::os_service_default,
$keystone_cafile = $::os_service_default,
$certfile = $::os_service_default,
$keyfile = $::os_service_default,
$cafile = $::os_service_default,
# WSGI
$api_paste_config = $::os_service_default,
$ssl_cert_file = $::os_service_default,
@ -440,26 +523,6 @@ class ec2api::api (
'DEFAULT/ec2api_use_ssl': value => $ec2api_use_ssl;
'DEFAULT/ec2api_workers': value => $ec2api_workers;
'DEFAULT/service_down_time': value => $service_down_time;
'keystone_authtoken/delay_auth_decision': value => $delay_auth_decision;
'keystone_authtoken/http_connect_timeout': value => $http_connect_timeout;
'keystone_authtoken/http_request_max_retries': value => $http_request_max_retries;
'keystone_authtoken/admin_user': value => $keystone_admin_user;
'keystone_authtoken/admin_password': value => $keystone_admin_password;
'keystone_authtoken/admin_tenant': value => $keystone_admin_tenant_name;
'keystone_authtoken/insecure': value => $insecure;
'keystone_authtoken/signing_dir': value => $signing_dir;
'keystone_authtoken/token_cache_time': value => $token_cache_time;
'keystone_authtoken/cache_time': value => $cache_time;
'keystone_authtoken/memcached_servers': value => $memcached_servers;
'keystone_authtoken/memcache_security_strategy': value => $memcache_security_strategy;
'keystone_authtoken/memcache_secret_key': value => $memcache_secret_key;
'keystone_authtoken/include_service_catalog': value => $include_service_catalog;
'keystone_authtoken/enforce_token_bind': value => $enforce_token_bind;
'keystone_authtoken/check_revocations_for_cached': value => $check_revocations_for_cached;
'keystone_authtoken/hash_algorithms': value => $hash_algorithms;
'keystone_authtoken/certfile': value => $keystone_certfile;
'keystone_authtoken/keyfile': value => $keystone_keyfile;
'keystone_authtoken/cafile': value => $keystone_cafile;
'DEFAULT/api_paste_config': value => $api_paste_config;
'DEFAULT/ssl_cert_file': value => $ssl_cert_file;
'DEFAULT/ssl_key_file': value => $ssl_key_file;
@ -496,6 +559,46 @@ class ec2api::api (
'DEFAULT/debug': value => $debug;
}
keystone::resource::authtoken { 'ec2api_config':
username => $username,
password => $password,
project_name => $project_name,
auth_url => $auth_url,
auth_uri => $auth_uri,
auth_version => $auth_version,
auth_type => $auth_type,
auth_section => $auth_section,
user_domain_name => $user_domain_name,
project_domain_name => $project_domain_name,
insecure => $insecure,
cache => $cache,
cafile => $cafile,
certfile => $certfile,
check_revocations_for_cached => $check_revocations_for_cached,
delay_auth_decision => $delay_auth_decision,
enforce_token_bind => $enforce_token_bind,
hash_algorithms => $hash_algorithms,
http_connect_timeout => $http_connect_timeout,
http_request_max_retries => $http_request_max_retries,
include_service_catalog => $include_service_catalog,
keyfile => $keyfile,
memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
memcache_pool_dead_retry => $memcache_pool_dead_retry,
memcache_pool_maxsize => $memcache_pool_maxsize,
memcache_pool_socket_timeout => $memcache_pool_socket_timeout,
memcache_secret_key => $memcache_secret_key,
memcache_security_strategy => $memcache_security_strategy,
memcache_use_advanced_pool => $memcache_use_advanced_pool,
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
memcached_servers => $memcached_servers,
region_name => $region_name,
revocation_cache_time => $revocation_cache_time,
signing_dir => $signing_dir,
token_cache_time => $token_cache_time,
}
if $manage_service {
if $enabled {
$service_ensure = 'running'

59
spec/classes/ec2api_api_spec.rb
View File

@ -8,7 +8,7 @@ describe 'ec2api::api', type: :class do
let(:params) do
{
keystone_admin_password: 'my_password',
password: 'my_password',
}
end
@ -21,25 +21,6 @@ describe 'ec2api::api', type: :class do
DEFAULT/ec2api_use_ssl
DEFAULT/ec2api_workers
DEFAULT/service_down_time
keystone_authtoken/delay_auth_decision
keystone_authtoken/http_connect_timeout
keystone_authtoken/http_request_max_retries
keystone_authtoken/admin_user
keystone_authtoken/admin_tenant
keystone_authtoken/insecure
keystone_authtoken/signing_dir
keystone_authtoken/token_cache_time
keystone_authtoken/cache_time
keystone_authtoken/memcached_servers
keystone_authtoken/memcache_security_strategy
keystone_authtoken/memcache_secret_key
keystone_authtoken/include_service_catalog
keystone_authtoken/enforce_token_bind
keystone_authtoken/check_revocations_for_cached
keystone_authtoken/hash_algorithms
keystone_authtoken/certfile
keystone_authtoken/keyfile
keystone_authtoken/cafile
DEFAULT/api_paste_config
DEFAULT/ssl_cert_file
DEFAULT/ssl_key_file
@ -74,6 +55,35 @@ describe 'ec2api::api', type: :class do
DEFAULT/bindir
DEFAULT/state_path
DEFAULT/debug
keystone_authtoken/auth_version
keystone_authtoken/auth_section
keystone_authtoken/user_domain_name
keystone_authtoken/project_domain_name
keystone_authtoken/insecure
keystone_authtoken/cache
keystone_authtoken/cafile
keystone_authtoken/certfile
keystone_authtoken/check_revocations_for_cached
keystone_authtoken/delay_auth_decision
keystone_authtoken/enforce_token_bind
keystone_authtoken/hash_algorithms
keystone_authtoken/http_connect_timeout
keystone_authtoken/http_request_max_retries
keystone_authtoken/include_service_catalog
keystone_authtoken/keyfile
keystone_authtoken/memcache_pool_conn_get_timeout
keystone_authtoken/memcache_pool_dead_retry
keystone_authtoken/memcache_pool_maxsize
keystone_authtoken/memcache_pool_socket_timeout
keystone_authtoken/memcache_secret_key
keystone_authtoken/memcache_security_strategy
keystone_authtoken/memcache_use_advanced_pool
keystone_authtoken/memcache_pool_unused_timeout
keystone_authtoken/memcached_servers
keystone_authtoken/region_name
keystone_authtoken/revocation_cache_time
keystone_authtoken/signing_dir
keystone_authtoken/token_cache_time
)
context 'with default parameters' do
@ -87,7 +97,12 @@ describe 'ec2api::api', type: :class do
it { is_expected.to contain_ec2api_config(item).with_value('<SERVICE DEFAULT>') }
end
it { is_expected.to contain_ec2api_config('keystone_authtoken/admin_password').with_value('my_password') }
it { is_expected.to contain_ec2api_config('keystone_authtoken/password').with_value('my_password') }
it { is_expected.to contain_ec2api_config('keystone_authtoken/username').with_value('ec2api') }
it { is_expected.to contain_ec2api_config('keystone_authtoken/project_name').with_value('services') }
it {is_expected.to contain_ec2api_config('keystone_authtoken/auth_url').with_value('http://localhost:35357/') }
it { is_expected.to contain_ec2api_config('keystone_authtoken/auth_uri').with_value('http://localhost:5000/') }
it { is_expected.to contain_ec2api_config('keystone_authtoken/auth_type').with_value('password') }
service_parameters = {
ensure: 'running',
@ -103,7 +118,7 @@ describe 'ec2api::api', type: :class do
manage_service: true,
service_name: 'my-api-service',
enabled: false,
keystone_admin_password: 'my_password',
password: 'my_password',
}
end