diff --git a/Berksfile b/Berksfile index b15f7b8..df0fd44 100644 --- a/Berksfile +++ b/Berksfile @@ -6,3 +6,6 @@ cookbook "openstack-identity", github: "openstack/cookbook-openstack-identity" cookbook "openstack-common", github: "openstack/cookbook-openstack-common" +cookbook "openstackclient", + github: "cloudbau/cookbook-openstackclient" + diff --git a/README.md b/README.md index 32ad3a7..65b6a3e 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ The following cookbooks are dependencies: - 'openstack-common', '>= 14.0.0' - 'openstack-identity', '>= 14.0.0' +- 'openstackclient', '>= 0.1.0' Attributes ========== @@ -74,6 +75,7 @@ License and Author | **Author** | Mark Vanderwiel () | | **Author** | Jan Klare () | | **Author** | Dr. Jens Rosenboom () | +| **Author** | Christoph Albers () | | | | | **Copyright** | Copyright (c) 2013-2014, IBM Corp. | | **Copyright** | Copyright (c) 2014, SUSE Linux, GmbH. | diff --git a/attributes/heat_conf.rb b/attributes/heat_conf.rb index da6d03f..dad5ac3 100644 --- a/attributes/heat_conf.rb +++ b/attributes/heat_conf.rb @@ -19,8 +19,10 @@ default['openstack']['orchestration']['conf']['DEFAULT']['log_dir'] = '/var/log/heat' default['openstack']['orchestration']['conf']['oslo_messaging_notifications']['driver'] = 'heat.openstack.common.notifier.rpc_notifier' -default['openstack']['orchestration']['conf']['keystone_authtoken']['auth_type'] = 'v2password' +default['openstack']['orchestration']['conf']['keystone_authtoken']['auth_type'] = 'v3password' default['openstack']['orchestration']['conf']['keystone_authtoken']['username'] = 'heat' -default['openstack']['orchestration']['conf']['keystone_authtoken']['tenant_name'] = 'service' -default['openstack']['orchestration']['conf']['trustee']['auth_plugin'] = 'v2password' +default['openstack']['orchestration']['conf']['keystone_authtoken']['project_name'] = 'service' +default['openstack']['orchestration']['conf']['keystone_authtoken']['project_domain_name'] = 'Default' +default['openstack']['orchestration']['conf']['keystone_authtoken']['user_domain_name'] = 'Default' +default['openstack']['orchestration']['conf']['trustee']['auth_plugin'] = 'v3password' default['openstack']['orchestration']['conf']['trustee']['username'] = 'heat' diff --git a/metadata.rb b/metadata.rb index 9b7d654..2bd9287 100644 --- a/metadata.rb +++ b/metadata.rb @@ -15,3 +15,4 @@ end depends 'openstack-common', '>= 14.0.0' depends 'openstack-identity', '>= 14.0.0' +depends 'openstackclient' diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index a46dc98..87e8228 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -26,7 +26,6 @@ end identity_admin_endpoint = admin_endpoint 'identity' -token = get_password 'token', 'openstack_identity_bootstrap_token' auth_url = ::URI.decode identity_admin_endpoint.to_s admin_heat_endpoint = admin_endpoint 'orchestration-api' @@ -37,36 +36,88 @@ internal_heat_cfn_endpoint = internal_endpoint 'orchestration-api-cfn' public_heat_cfn_endpoint = public_endpoint 'orchestration-api-cfn' service_pass = get_password 'service', 'openstack-orchestration' -service_tenant_name = node['openstack']['orchestration']['conf']['keystone_authtoken']['tenant_name'] +service_project_name = node['openstack']['orchestration']['conf']['keystone_authtoken']['project_name'] service_user = node['openstack']['orchestration']['conf']['keystone_authtoken']['username'] service_role = node['openstack']['orchestration']['service_role'] -region = node['openstack']['orchestration']['conf']['DEFAULT']['region_name_for_services'] +service_type = 'orchestration' +service_name = 'heat' +service_domain_name = node['openstack']['orchestration']['conf']['keystone_authtoken']['user_domain_name'] +admin_user = node['openstack']['identity']['admin_user'] +admin_pass = get_password 'user', node['openstack']['identity']['admin_user'] +admin_project = node['openstack']['identity']['admin_project'] +admin_domain = node['openstack']['identity']['admin_domain_name'] +region = node['openstack']['region'] # Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927), # See discussions on https://bugs.launchpad.net/heat/+bug/1167927 -# Register Heat API Service -openstack_identity_register 'Register Heat Orchestration Service' do - auth_uri auth_url - bootstrap_token token - service_name 'heat' - service_type 'orchestration' - service_description 'Heat Orchestration Service' +connection_params = { + openstack_auth_url: "#{auth_url}/auth/tokens", + openstack_username: admin_user, + openstack_api_key: admin_pass, + openstack_project_name: admin_project, + openstack_domain_name: admin_domain +} - action :create_service +# Register Orchestration Service +openstack_service service_name do + type service_type + connection_params connection_params end -# Register Heat API Endpoint -openstack_identity_register 'Register Heat Orchestration Endpoint' do - auth_uri auth_url - bootstrap_token token - service_type 'orchestration' - endpoint_region region - endpoint_adminurl admin_heat_endpoint.to_s - endpoint_internalurl internal_heat_endpoint.to_s - endpoint_publicurl public_heat_endpoint.to_s +# Register Orchestration Public-Endpoint +openstack_endpoint service_type do + service_name service_name + interface 'public' + url public_heat_endpoint.to_s + region region + connection_params connection_params +end - action :create_endpoint +# Register Orchestration Internal-Endpoint +openstack_endpoint service_type do + service_name service_name + url internal_heat_endpoint.to_s + region region + connection_params connection_params +end + +# Register Orchestration Admin-Endpoint +openstack_endpoint service_type do + service_name service_name + interface 'admin' + url admin_heat_endpoint.to_s + region region + connection_params connection_params +end + +# Register Service Tenant +openstack_project service_project_name do + connection_params connection_params +end + +# Register Service User +openstack_user service_user do + project_name service_project_name + role_name service_role + password service_pass + connection_params connection_params +end + +## Grant Service role to Service User for Service Tenant ## +openstack_user service_user do + role_name service_role + project_name service_project_name + connection_params connection_params + action :grant_role +end + +openstack_user service_user do + domain_name service_domain_name + role_name service_role + user_name service_user + connection_params connection_params + action :grant_domain end # TODO: (MRV) Revert this change until a better solution can be found @@ -74,61 +125,62 @@ end # if node.run_list.include?('openstack-orchestration::api-cfn') # Register Heat API Cloudformation Service -openstack_identity_register 'Register Heat Cloudformation Service' do - auth_uri auth_url - bootstrap_token token +openstack_service 'heat-cfn' do + type 'cloudformation' + connection_params connection_params +end + +# Register Heat API CloudFormation Public-Endpoint +openstack_endpoint 'cloudformation' do service_name 'heat-cfn' - service_type 'cloudformation' - service_description 'Heat Cloudformation Service' - - action :create_service + interface 'public' + url public_heat_cfn_endpoint.to_s + region region + connection_params connection_params end -# Register Heat API CloudFormation Endpoint -openstack_identity_register 'Register Heat Cloudformation Endpoint' do - auth_uri auth_url - bootstrap_token token - service_type 'cloudformation' - endpoint_region region - endpoint_adminurl admin_heat_cfn_endpoint.to_s - endpoint_internalurl internal_heat_cfn_endpoint.to_s - endpoint_publicurl public_heat_cfn_endpoint.to_s - - action :create_endpoint +# Register Heat API CloudFormation Internal-Endpoint +openstack_endpoint 'cloudformation' do + service_name 'heat-cfn' + url internal_heat_cfn_endpoint.to_s + region region + connection_params connection_params +end + +# Register Heat API CloudFormation Admin-Endpoint +openstack_endpoint 'cloudformation' do + service_name 'heat-cfn' + interface 'admin' + url admin_heat_cfn_endpoint.to_s + region region + connection_params connection_params end -# end # Register Service Tenant -openstack_identity_register 'Register Service Tenant' do - auth_uri auth_url - bootstrap_token token - tenant_name service_tenant_name - tenant_description 'Service Tenant' - tenant_enabled true # Not required as this is the default - - action :create_tenant +openstack_project service_project_name do + connection_params connection_params end # Register Service User -openstack_identity_register 'Register Heat Service User' do - auth_uri auth_url - bootstrap_token token - tenant_name service_tenant_name - user_name service_user - user_pass service_pass - # String until https://review.openstack.org/#/c/29498/ merged - user_enabled true - - action :create_user +openstack_user service_user do + project_name service_project_name + role_name service_role + password service_pass + connection_params connection_params end ## Grant Service role to Service User for Service Tenant ## -openstack_identity_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do - auth_uri auth_url - bootstrap_token token - tenant_name service_tenant_name - user_name service_user +openstack_user service_user do role_name service_role - + project_name service_project_name + connection_params connection_params action :grant_role end + +openstack_user service_user do + domain_name service_domain_name + role_name service_role + user_name service_user + connection_params connection_params + action :grant_domain +end diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb index f9d0d2f..3f42030 100644 --- a/spec/identity_registration_spec.rb +++ b/spec/identity_registration_spec.rb @@ -9,171 +9,106 @@ describe 'openstack-orchestration::identity_registration' do include_context 'orchestration_stubs' - it 'register heat orchestration service' do - expect(chef_run).to create_service_openstack_identity_register( - 'Register Heat Orchestration Service' + connection_params = { + openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens', + openstack_username: 'admin', + openstack_api_key: 'admin-pass', + openstack_project_name: 'admin', + openstack_domain_name: 'default' + } + service_name = 'heat' + service_type = 'orchestration' + service_user = 'heat' + url = 'http://127.0.0.1:8004/v1/%(tenant_id)s' + region = 'RegionOne' + project_name = 'service' + role_name = 'service' + password = 'heat-pass' + domain_name = 'Default' + + it "registers #{project_name} Project" do + expect(chef_run).to create_openstack_project( + project_name ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_name: 'heat', - service_type: 'orchestration', - service_description: 'Heat Orchestration Service', - action: [:create_service] + connection_params: connection_params ) end - it 'register heat orchestration endpoint' do - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Orchestration Endpoint' + it "registers #{service_name} service" do + expect(chef_run).to create_openstack_service( + service_name ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'orchestration', - endpoint_region: 'RegionOne', - endpoint_adminurl: 'http://127.0.0.1:8004/v1/%(tenant_id)s', - endpoint_internalurl: 'http://127.0.0.1:8004/v1/%(tenant_id)s', - endpoint_publicurl: 'http://127.0.0.1:8004/v1/%(tenant_id)s', - action: [:create_endpoint] + connection_params: connection_params, + type: service_type ) end - it 'register heat orchestration endpoint with custom region override' do - node.set['openstack']['orchestration']['conf']['DEFAULT']['region_name_for_services'] = 'region123' + context "registers #{service_name} endpoint" do + %w(admin internal public).each do |interface| + it "#{interface} endpoint with default values" do + expect(chef_run).to create_openstack_endpoint( + service_type + ).with( + service_name: service_name, + # interface: interface, + url: url, + region: region, + connection_params: connection_params + ) + end + end + end - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Orchestration Endpoint' + it 'registers service user' do + expect(chef_run).to create_openstack_user( + service_user ).with( - endpoint_region: 'region123', - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'orchestration', - endpoint_adminurl: 'http://127.0.0.1:8004/v1/%(tenant_id)s', - endpoint_internalurl: 'http://127.0.0.1:8004/v1/%(tenant_id)s', - endpoint_publicurl: 'http://127.0.0.1:8004/v1/%(tenant_id)s', - action: [:create_endpoint] + project_name: project_name, + role_name: role_name, + password: password, + connection_params: connection_params + ) + end + + it do + expect(chef_run).to grant_domain_openstack_user( + service_user + ).with( + domain_name: domain_name, + role_name: role_name, + connection_params: connection_params + ) + end + + it do + expect(chef_run).to grant_role_openstack_user( + service_user + ).with( + project_name: project_name, + role_name: role_name, + password: password, + connection_params: connection_params ) end it 'register heat cloudformation service' do - expect(chef_run).to create_service_openstack_identity_register( - 'Register Heat Cloudformation Service' + expect(chef_run).to create_openstack_service( + 'heat-cfn' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_name: 'heat-cfn', - service_type: 'cloudformation', - service_description: 'Heat Cloudformation Service', - action: [:create_service] + connection_params: connection_params ) end - - it 'registers heat-api endpoint with different urls' do - admin_url = 'https://admin.host:123/admin_path' - public_url = 'http://public.host:456/public_path' - internal_url = 'http://internal.host:456/internal_path' - - node.set['openstack']['endpoints']['admin']['orchestration-api']['uri'] = admin_url - node.set['openstack']['endpoints']['public']['orchestration-api']['uri'] = public_url - node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url - - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Orchestration Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'orchestration', - endpoint_region: 'RegionOne', - endpoint_adminurl: admin_url, - endpoint_internalurl: internal_url, - endpoint_publicurl: public_url, - action: [:create_endpoint] - ) - end - - it 'register heat cloudformation endpoint' do - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Cloudformation Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'cloudformation', - endpoint_region: 'RegionOne', - endpoint_adminurl: 'http://127.0.0.1:8000/v1', - endpoint_internalurl: 'http://127.0.0.1:8000/v1', - endpoint_publicurl: 'http://127.0.0.1:8000/v1', - action: [:create_endpoint] - ) - end - - it 'register heat-cfn endpoint with all different urls' do - admin_url = 'https://admin.host:123/admin_path' - internal_url = 'http://internal.host:456/internal_path' - public_url = 'https://public.host:789/public_path' - - node.set['openstack']['endpoints']['admin']['orchestration-api-cfn']['uri'] = admin_url - node.set['openstack']['endpoints']['internal']['orchestration-api-cfn']['uri'] = internal_url - node.set['openstack']['endpoints']['public']['orchestration-api-cfn']['uri'] = public_url - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Heat Cloudformation Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'cloudformation', - endpoint_region: 'RegionOne', - endpoint_adminurl: admin_url, - endpoint_internalurl: internal_url, - endpoint_publicurl: public_url, - action: [:create_endpoint] - ) - end - - it 'registers service tenant' do - expect(chef_run).to create_tenant_openstack_identity_register( - 'Register Service Tenant' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'service', - tenant_description: 'Service Tenant' - ) - end - - it 'registers heat service user' do - expect(chef_run).to create_user_openstack_identity_register( - 'Register Heat Service User' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'service', - user_name: 'heat', - user_pass: 'heat-pass', - user_enabled: true, - action: [:create_user] - ) - end - - it 'grants service role to service user for service tenant' do - expect(chef_run).to grant_role_openstack_identity_register( - "Grant 'service' Role to heat User for service Tenant" - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'service', - user_name: 'heat', - role_name: 'service', - action: [:grant_role] - ) - end - - it 'does not create role for template defined users by default' do - expect(chef_run).not_to create_role_openstack_identity_register( - "Create '' Role for template defined users" - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - role_name: '', - action: [:create_role] - ) + %w(admin internal public).each do |interface| + it "#{interface} cloudformation endpoint with default values" do + expect(chef_run).to create_openstack_endpoint( + 'cloudformation' + ).with( + service_name: 'heat-cfn', + url: 'http://127.0.0.1:8000/v1', + region: region, + connection_params: connection_params + ) + end end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index ca0995f..7933012 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -48,7 +48,7 @@ shared_context 'orchestration_stubs' do .and_return 'heat-pass' allow_any_instance_of(Chef::Recipe).to receive(:get_password) .with('user', 'admin') - .and_return 'admin_pass' + .and_return 'admin-pass' allow_any_instance_of(Chef::Recipe).to receive(:get_password) .with('token', 'orchestration_auth_encryption_key') .and_return 'auth_encryption_key_secret' @@ -182,7 +182,7 @@ shared_examples 'expects to create heat conf' do describe 'has ec2authtoken values' do it 'has default ec2authtoken values' do - expect(chef_run).to render_config_file(file.name).with_section_content('ec2authtoken', %r{^auth_uri = http://127.0.0.1:5000/v2.0$}) + expect(chef_run).to render_config_file(file.name).with_section_content('ec2authtoken', %r{^auth_uri = http://127.0.0.1:5000/v3$}) end end @@ -206,10 +206,12 @@ shared_examples 'expects to create heat conf' do describe 'has keystone_authtoken values' do it 'has default keystone_authtoken values' do [ - %r{^auth_url = http://127.0.0.1:5000/v2.0$}, - /^auth_type = v2password$/, + %r{^auth_url = http://127.0.0.1:5000/v3$}, + /^auth_type = v3password$/, /^username = heat$/, - /^tenant_name = service$/, + /^project_name = service$/, + /^user_domain_name = Default/, + /^project_domain_name = Default/, /^password = heat-pass$/ ].each do |line| expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line) @@ -220,8 +222,8 @@ shared_examples 'expects to create heat conf' do describe 'has trustee values' do it 'has default trustee values' do [ - %r{^auth_url = http://127.0.0.1:35357/v2.0$}, - /^auth_plugin = v2password$/, + %r{^auth_url = http://127.0.0.1:35357/v3$}, + /^auth_plugin = v3password$/, /^username = heat$/, /^password = heat-pass$/ ].each do |line|