diff --git a/examples/aodh.pp b/examples/aodh.pp index e3fae34f..a1c16094 100644 --- a/examples/aodh.pp +++ b/examples/aodh.pp @@ -10,8 +10,8 @@ include apache class { 'aodh::wsgi::apache': ssl => false, } -class { 'aodh::auth': - auth_password => 'a_big_secret', +class { 'aodh::service_credentials': + password => 'a_big_secret', } class { 'aodh::evaluator': } class { 'aodh::notifier': } diff --git a/manifests/auth.pp b/manifests/auth.pp index 14fcdc4b..13f1cfca 100644 --- a/manifests/auth.pp +++ b/manifests/auth.pp @@ -1,17 +1,18 @@ +# DEPRECATED ! Use the aodh::service_credentails class instead # The aodh::auth class helps configure auth settings # # == Parameters # [*auth_url*] # the keystone public endpoint -# Optional. Defaults to 'http://localhost:5000/v3' +# Optional. Defaults to undef. # # [*auth_region*] # the keystone region of this node -# Optional. Defaults to 'RegionOne' +# Optional. Defaults to undef. # # [*auth_user*] # the keystone user for aodh services -# Optional. Defaults to 'aodh' +# Optional. Defaults to undef. # # [*auth_password*] # the keystone password for aodh services @@ -19,55 +20,44 @@ # # [*auth_project_name*] # the keystone tenant name for aodh services -# Optional. Defaults to 'services' +# Optional. Defaults to undef. # # [*project_domain_name*] # the keystone project domain name for aodh services -# Optional. Defaults to 'Default' +# Optional. Defaults to undef. # # [*user_domain_name*] # the keystone user domain name for aodh services -# Optional. Defaults to 'Default' +# Optional. Defaults to undef. # # [*auth_type*] # An authentication type to use with an OpenStack Identity server. # The value should contain auth plugin name. -# Optional. Defaults to 'password'. +# Optional. Defaults to undef. # # [*auth_cacert*] # Certificate chain for SSL validation. -# Optional. Defaults to $::os_service_default +# Optional. Defaults to undef. # # [*interface*] # Type of endpoint in Identity service catalog to use for # communication with OpenStack services. -# Optional. Defaults to $::os_service_default. +# Optional. Defaults to undef. # class aodh::auth ( $auth_password, - $auth_url = 'http://localhost:5000/v3', - $auth_region = 'RegionOne', - $auth_user = 'aodh', - $auth_project_name = 'services', - $project_domain_name = 'Default', - $user_domain_name = 'Default', - $auth_type = 'password', - $auth_cacert = $::os_service_default, - $interface = $::os_service_default, + $auth_url = undef, + $auth_region = undef, + $auth_user = undef, + $auth_project_name = undef, + $project_domain_name = undef, + $user_domain_name = undef, + $auth_type = undef, + $auth_cacert = undef, + $interface = undef, ) { - include aodh::deps + warning('The aodh::auth class has been deprecated. Use the aodh::service_credentials class') - aodh_config { - 'service_credentials/auth_url' : value => $auth_url; - 'service_credentials/region_name' : value => $auth_region; - 'service_credentials/username' : value => $auth_user; - 'service_credentials/password' : value => $auth_password, secret => true; - 'service_credentials/project_name' : value => $auth_project_name; - 'service_credentials/project_domain_name' : value => $project_domain_name; - 'service_credentials/user_domain_name' : value => $user_domain_name; - 'service_credentials/cacert' : value => $auth_cacert; - 'service_credentials/interface' : value => $interface; - 'service_credentials/auth_type' : value => $auth_type; - } + include aodh::service_credentials } diff --git a/manifests/service_credentials.pp b/manifests/service_credentials.pp new file mode 100644 index 00000000..292ee234 --- /dev/null +++ b/manifests/service_credentials.pp @@ -0,0 +1,90 @@ +# The aodh::service_credentials class helps configure service_credentials +# settings +# +# == Parameters +# [*auth_url*] +# the keystone public endpoint +# Optional. Defaults to 'http://localhost:5000/v3' +# +# [*region_name*] +# the keystone region of this node +# Optional. Defaults to 'RegionOne' +# +# [*username*] +# the keystone user for aodh services +# Optional. Defaults to 'aodh' +# +# [*password*] +# the keystone password for aodh services +# Required. +# +# [*project_name*] +# the keystone tenant name for aodh services +# Optional. Defaults to 'services' +# +# [*project_domain_name*] +# the keystone project domain name for aodh services +# Optional. Defaults to 'Default' +# +# [*user_domain_name*] +# the keystone user domain name for aodh services +# Optional. Defaults to 'Default' +# +# [*auth_type*] +# An authentication type to use with an OpenStack Identity server. +# The value should contain auth plugin name. +# Optional. Defaults to 'password'. +# +# [*cacert*] +# Certificate chain for SSL validation. +# Optional. Defaults to $::os_service_default +# +# [*interface*] +# Type of endpoint in Identity service catalog to use for +# communication with OpenStack services. +# Optional. Defaults to $::os_service_default. +# +class aodh::service_credentials ( + # TODO(tkajinam): Make this required when we remove aodh::auth + $password = undef, + $auth_url = 'http://localhost:5000/v3', + $region_name = 'RegionOne', + $username = 'aodh', + $project_name = 'services', + $project_domain_name = 'Default', + $user_domain_name = 'Default', + $auth_type = 'password', + $cacert = $::os_service_default, + $interface = $::os_service_default, +) { + + include aodh::deps + + $password_real = pick($::aodh::auth::auth_password, $password) + if ! $password_real { + fail('The password parameter is required') + } + + $auth_url_real = pick($::aodh::auth::auth_url, $auth_url) + $region_name_real = pick($::aodh::auth_region, $region_name) + $username_real = pick($::aodh::auth_user, $username) + $project_name_real = pick($::aodh::auth::auth_project_name, $project_name) + $project_domain_name_real = pick($::aodh::auth::project_domain_name, $project_domain_name) + $user_domain_name_real = pick($::aodh::auth::user_domain_name, $user_domain_name) + $auth_type_real = pick($::aodh::auth::auth_type, $auth_type) + $cacert_real = pick($::aodh::auth::auth_cacert, $cacert) + $interface_real = pick($::aodh::auth::interface, $interface) + + aodh_config { + 'service_credentials/auth_url' : value => $auth_url_real; + 'service_credentials/region_name' : value => $region_name_real; + 'service_credentials/username' : value => $username_real; + 'service_credentials/password' : value => $password_real, secret => true; + 'service_credentials/project_name' : value => $project_name_real; + 'service_credentials/project_domain_name' : value => $project_domain_name_real; + 'service_credentials/user_domain_name' : value => $user_domain_name_real; + 'service_credentials/cacert' : value => $cacert_real; + 'service_credentials/interface' : value => $interface_real; + 'service_credentials/auth_type' : value => $auth_type_real; + } +} diff --git a/releasenotes/notes/service_credentials-2b3dd8ca51083a1d.yaml b/releasenotes/notes/service_credentials-2b3dd8ca51083a1d.yaml new file mode 100644 index 00000000..e845c9e7 --- /dev/null +++ b/releasenotes/notes/service_credentials-2b3dd8ca51083a1d.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + The ``aodh::auth`` class has been deprecated. Use the new + ``aodh::service_credentials`` class instead. diff --git a/spec/classes/aodh_service_credentials_spec.rb b/spec/classes/aodh_service_credentials_spec.rb new file mode 100644 index 00000000..95f2f76a --- /dev/null +++ b/spec/classes/aodh_service_credentials_spec.rb @@ -0,0 +1,55 @@ +require 'spec_helper' + +describe 'aodh::service_credentials' do + + let :params do + { :auth_url => 'http://localhost:5000/v3', + :region_name => 'RegionOne', + :username => 'aodh', + :password => 'password', + :project_name => 'services', + } + end + + shared_examples_for 'aodh::service_credentials' do + + it 'configures authentication' do + is_expected.to contain_aodh_config('service_credentials/auth_url').with_value('http://localhost:5000/v3') + is_expected.to contain_aodh_config('service_credentials/region_name').with_value('RegionOne') + is_expected.to contain_aodh_config('service_credentials/project_domain_name').with_value('Default') + is_expected.to_not contain_aodh_config('service_credentials/project_domain_id') + is_expected.to contain_aodh_config('service_credentials/user_domain_name').with_value('Default') + is_expected.to_not contain_aodh_config('service_credentials/user_domain_id') + is_expected.to contain_aodh_config('service_credentials/auth_type').with_value('password') + is_expected.to contain_aodh_config('service_credentials/username').with_value('aodh') + is_expected.to contain_aodh_config('service_credentials/password').with_value('password').with_secret(true) + is_expected.to contain_aodh_config('service_credentials/project_name').with_value('services') + is_expected.to contain_aodh_config('service_credentials/cacert').with(:value => '') + end + + context 'when overriding parameters' do + before do + params.merge!( + :cacert => '/tmp/dummy.pem', + :interface => 'internalURL', + ) + end + it { is_expected.to contain_aodh_config('service_credentials/cacert').with_value(params[:cacert]) } + it { is_expected.to contain_aodh_config('service_credentials/interface').with_value(params[:interface]) } + end + + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_configures 'aodh::service_credentials' + end + end + +end