diff --git a/manifests/service_catalog.pp b/manifests/service_catalog.pp new file mode 100644 index 00000000..29cce6ed --- /dev/null +++ b/manifests/service_catalog.pp @@ -0,0 +1,64 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: ironic::service_catalog +# +# [*auth_type*] +# The authentication plugin to use when connecting to the service catalog. +# Defaults to 'password' +# +# [*auth_url*] +# The address of the keystone api endpoint. +# Defaults to $::os_service_default +# +# [*project_name*] +# The Keystone project name. +# Defaults to 'services' +# +# [*username*] +# The admin username for ironic to connect to the service catalog. +# Defaults to 'ironic'. +# +# [*password*] +# The admin password for ironic to connect to the service catalog. +# Defaults to $::os_service_default +# +# [*user_domain_name*] +# The name of user's domain (required for Identity V3). +# Defaults to $::os_service_default +# +# [*project_domain_name*] +# The name of project's domain (required for Identity V3). +# Defaults to $::os_service_default +# +class ironic::service_catalog ( + $auth_type = 'password', + $auth_url = $::os_service_default, + $project_name = 'services', + $username = 'ironic', + $password = $::os_service_default, + $user_domain_name = $::os_service_default, + $project_domain_name = $::os_service_default, +) { + + include ::ironic::deps + + ironic_config { + 'service_catalog/auth_type': value => $auth_type; + 'service_catalog/username': value => $username; + 'service_catalog/password': value => $password, secret => true; + 'service_catalog/auth_url': value => $auth_url; + 'service_catalog/project_name': value => $project_name; + 'service_catalog/user_domain_name': value => $user_domain_name; + 'service_catalog/project_domain_name': value => $project_domain_name; + } +} diff --git a/releasenotes/notes/service_catalog-manifest-49d5dd0784109d93.yaml b/releasenotes/notes/service_catalog-manifest-49d5dd0784109d93.yaml new file mode 100644 index 00000000..7fde6d81 --- /dev/null +++ b/releasenotes/notes/service_catalog-manifest-49d5dd0784109d93.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + New manifest "ironic::service_catalog" to set parameters for connecting to + the service catalog (used to fetch the ironic internal API URL) + Please set credentials for ironic to access the service catalog using this + manifest, otherwise ironic falls back to using "keystone_authtoken" + credentials, which are deprecated for this purpose. diff --git a/spec/classes/ironic_service_catalog_spec.rb b/spec/classes/ironic_service_catalog_spec.rb new file mode 100644 index 00000000..28c43c39 --- /dev/null +++ b/spec/classes/ironic_service_catalog_spec.rb @@ -0,0 +1,84 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for ironic::service_catalog +# + +require 'spec_helper' + +describe 'ironic::service_catalog' do + + let :default_params do + { :auth_type => 'password', + :project_name => 'services', + :username => 'ironic', + } + end + + let :params do + {} + end + + shared_examples_for 'ironic service catalog access configuration' do + let :p do + default_params.merge(params) + end + + it 'configures ironic.conf' do + is_expected.to contain_ironic_config('service_catalog/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_config('service_catalog/auth_url').with_value('') + is_expected.to contain_ironic_config('service_catalog/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_config('service_catalog/username').with_value(p[:username]) + is_expected.to contain_ironic_config('service_catalog/password').with_value('').with_secret(true) + is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value('') + is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value('') + end + + context 'when overriding parameters' do + before :each do + params.merge!( + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :user_domain_name => 'NonDefault', + :project_domain_name => 'NonDefault', + ) + end + + it 'should replace default parameter with new value' do + is_expected.to contain_ironic_config('service_catalog/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_config('service_catalog/auth_url').with_value(p[:auth_url]) + is_expected.to contain_ironic_config('service_catalog/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_config('service_catalog/username').with_value(p[:username]) + is_expected.to contain_ironic_config('service_catalog/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value(p[:user_domain_name]) + is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value(p[:project_domain_name]) + end + end + + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'ironic service catalog access configuration' + end + end + +end