openstack
/
puppet-keystone
Code Issues Proposed changes

Remove deprecated parameters 

* keystone::endpoint::public_port (deprecated since 4.0.0)
* keystone::endpoint::public_protocol (deprecated since 4.0.0)
* keystone::endpoint::public_address (deprecated since 4.0.0)
* keystone::endpoint::internal_address (deprecated since 4.0.0)
* keystone::endpoint::internal_port (deprecated since 4.0.0)
* keystone::endpoint::admin_address (deprecated since 4.0.0)
* keystone::endpoint::admin_port (deprecated since 4.0.0)
* keystone::sql_connection (deprecated since 4.1.0)
* keystone::idle_timeout (deprecated since 4.1.0)
* keystone::bind_host (deprecated since 4.0.0)
* keystone::token_format (deprecated since 3.0.0)

Change-Id: I8b8ed42d4d81aa8091f2fae38f05cb74428051a9
This commit is contained in:
Mathieu Gagné 2014-11-25 14:14:38 -05:00
parent c0205af0ff
commit 29b6875331
8 changed files with 42 additions and 353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -45,10 +45,10 @@ To utilize the keystone module's functionality you will need to declare multiple
```puppet
class { 'keystone':
verbose => True,
catalog_type => 'sql',
admin_token => 'random_uuid',
sql_connection => 'mysql://keystone_admin:super_secret_db_password@openstack-controller.example.com/keystone',
verbose => True,
catalog_type => 'sql',
admin_token => 'random_uuid',
database_connection => 'mysql://keystone_admin:super_secret_db_password@openstack-controller.example.com/keystone',
}
# Adds the admin credential to keystone.

12
examples/apache_dropin.pp
View File

@ -25,12 +25,12 @@ class { 'keystone::db::mysql':
password => 'keystone',
}
class { 'keystone':
verbose => true,
debug => true,
sql_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
catalog_type => 'sql',
admin_token => 'admin_token',
enabled => false,
verbose => true,
debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
catalog_type => 'sql',
admin_token => 'admin_token',
enabled => false,
}
class { 'keystone::roles::admin':
email => 'test@puppetlabs.com',

12
examples/apache_with_paths.pp
View File

@ -25,12 +25,12 @@ class { 'keystone::db::mysql':
password => 'keystone',
}
class { 'keystone':
verbose => true,
debug => true,
sql_connection => 'mysql://keystone_admin:keystone@127.0.0.1/keystone',
catalog_type => 'sql',
admin_token => 'admin_token',
enabled => true,
verbose => true,
debug => true,
database_connection => 'mysql://keystone_admin:keystone@127.0.0.1/keystone',
catalog_type => 'sql',
admin_token => 'admin_token',
enabled => true,
}
class { 'keystone::cron::token_flush': }
class { 'keystone::roles::admin':

111
manifests/endpoint.pp
View File

@ -22,46 +22,6 @@
# [*version*]
# (optional) API version for endpoint. Appended to all endpoint urls. (Defaults to 'v2.0')
#
# [*public_protocol*]
# (optional) DEPRECATED: Use public_url instead.
# Protocol for public access to keystone endpoint. (Defaults to 'http')
# Setting this parameter overrides public_url parameter.
#
# [*public_address*]
# (optional) DEPRECATED: Use public_url instead.
# Public address for keystone endpoint. (Defaults to '127.0.0.1')
# Setting this parameter overrides public_url parameter.
#
# [*public_port*]
# (optional) DEPRECATED: Use public_url instead.
# Port for non-admin access to keystone endpoint. (Defaults to 5000)
# Setting this parameter overrides public_url parameter.
#
# [*internal_address*]
# (optional) DEPRECATED: Use internal_url instead.
# Internal address for keystone endpoint. (Defaults to '127.0.0.1')
# Setting this parameter overrides internal_url parameter.
#
# [*internal_port*]
# (optional) DEPRECATED: Use internal_url instead.
# Port for internal access to keystone endpoint. (Defaults to $public_port)
# Setting this parameter overrides internal_url parameter.
#
# [*admin_address*]
# (optional) DEPRECATED: Use admin_url instead.
# Admin address for keystone endpoint. (Defaults to '127.0.0.1')
# Setting this parameter overrides admin_url parameter.
#
# [*admin_port*]
# (optional) DEPRECATED: Use admin_url instead.
# Port for admin access to keystone endpoint. (Defaults to 35357)
# Setting this parameter overrides admin_url parameter.
#
# === Deprecation notes
#
# If any value is provided for public_protocol, public_address or public_port parameters,
# public_url will be completely ignored. The same applies for internal and admin parameters.
#
# === Examples
#
# class { 'keystone::endpoint':
@ -76,74 +36,17 @@ class keystone::endpoint (
$admin_url = 'http://127.0.0.1:35357',
$version = 'v2.0',
$region = 'RegionOne',
# DEPRECATED PARAMETERS
$public_protocol = undef,
$public_address = undef,
$public_port = undef,
$internal_address = undef,
$internal_port = undef,
$admin_address = undef,
$admin_port = undef,
) {
if $public_port {
warning('The public_port parameter is deprecated, use public_url instead.')
$public_url_real = "${public_url}/${version}"
$admin_url_real = "${admin_url}/${version}"
if $internal_url {
$internal_url_real = "${internal_url}/${version}"
} else {
$internal_url_real = "${public_url}/${version}"
}
if $public_protocol {
warning('The public_protocol parameter is deprecated, use public_url instead.')
}
if $public_address {
warning('The public_address parameter is deprecated, use public_url instead.')
}
if $internal_address {
warning('The internal_address parameter is deprecated, use internal_url instead.')
}
if $internal_port {
warning('The internal_port parameter is deprecated, use internal_url instead.')
}
if $admin_address {
warning('The admin_address parameter is deprecated, use admin_url instead.')
}
if $admin_port {
warning('The admin_port parameter is deprecated, use admin_url instead.')
}
$public_url_real = inline_template('<%=
if (!@public_protocol.nil?) || (!@public_address.nil?) || (!@public_port.nil?)
@public_protocol ||= "http"
@public_address ||= "127.0.0.1"
@public_port ||= "5000"
"#{@public_protocol}://#{@public_address}:#{@public_port}/#{@version}"
else
"#{@public_url}/#{@version}"
end %>')
$internal_url_real = inline_template('<%=
if (!@internal_address.nil?) || (!@internal_port.nil?) || (!@public_port.nil?)
@internal_address ||= @public_address ||= "127.0.0.1"
@internal_port ||= @public_port ||= "5000"
"http://#{@internal_address}:#{@internal_port}/#{@version}"
elsif (!@internal_url.nil?)
"#{@internal_url}/#{@version}"
else
"#{@public_url}/#{@version}"
end %>')
$admin_url_real = inline_template('<%=
if (!@admin_address.nil?) || (!@admin_port.nil?)
@admin_address ||= "127.0.0.1"
@admin_port ||= "35357"
"http://#{@admin_address}:#{@admin_port}/#{@version}"
else
"#{@admin_url}/#{@version}"
end %>')
keystone::resource::service_identity { 'keystone':
configure_user => false,
configure_user_role => false,

65
manifests/init.pp
View File

@ -33,7 +33,6 @@
# Optional. Defaults to 'keystone.token.persistence.backends.sql.Token'
# [token_expiration] Amount of time a token should remain valid (seconds).
# Optional. Defaults to 3600 (1 hour).
# [token_format] Deprecated: Use token_provider instead.
# [cache_dir] Directory created when token_provider is pki. Optional.
# Defaults to /var/cache/keystone.
#
@ -69,16 +68,10 @@
# (optional) Url used to connect to database.
# Defaults to sqlite:////var/lib/keystone/keystone.db
#
# [*sql_connection*]
# (optional) Deprecated. Use database_connection instead.
#
# [*database_idle_timeout*]
# (optional) Timeout when db connections should be reaped.
# Defaults to 200.
#
# [*idle_timeout*]
# (optional) Deprecated. Use database_idle_timeout instead.
#
# [enable_pki_setup] Enable call to pki_setup to generate the cert for signing pki tokens and
# revocation lists if it doesn't already exist. This generates a cert and key stored in file
# locations based on the signing_certfile and signing_keyfile paramters below. If you are
@ -292,7 +285,6 @@ class keystone(
$catalog_type = 'sql',
$catalog_driver = false,
$catalog_template_file = '/etc/keystone/default_catalog.templates',
$token_format = false,
$token_provider = 'keystone.token.providers.uuid.Provider',
$token_driver = 'keystone.token.persistence.backends.sql.Token',
$token_expiration = 3600,
@ -342,8 +334,6 @@ class keystone(
$service_name = 'keystone',
# DEPRECATED PARAMETERS
$mysql_module = undef,
$sql_connection = undef,
$idle_timeout = undef,
) inherits keystone::params {
if ! $catalog_driver {
@ -354,20 +344,6 @@ class keystone(
warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
}
if $sql_connection {
warning('The sql_connection parameter is deprecated, use database_connection instead.')
$database_connection_real = $sql_connection
} else {
$database_connection_real = $database_connection
}
if $idle_timeout {
warning('The idle_timeout parameter is deprecated, use database_idle_timeout instead.')
$database_idle_timeout_real = $idle_timeout
} else {
$database_idle_timeout_real = $database_idle_timeout
}
if ($admin_endpoint and 'v2.0' in $admin_endpoint) {
warning('Version string /v2.0/ should not be included in keystone::admin_endpoint')
}
@ -429,20 +405,10 @@ class keystone(
notify => Service[$service_name],
}
if $bind_host {
warning('The bind_host parameter is deprecated, use public_bind_host and admin_bind_host instead.')
$public_bind_host_real = $bind_host
$admin_bind_host_real = $bind_host
} else {
$public_bind_host_real = $public_bind_host
$admin_bind_host_real = $admin_bind_host
}
# default config
keystone_config {
'DEFAULT/admin_token': value => $admin_token, secret => true;
'DEFAULT/public_bind_host': value => $public_bind_host_real;
'DEFAULT/admin_bind_host': value => $admin_bind_host_real;
'DEFAULT/public_bind_host': value => $public_bind_host;
'DEFAULT/admin_bind_host': value => $admin_bind_host;
'DEFAULT/public_port': value => $public_port;
'DEFAULT/admin_port': value => $admin_port;
'DEFAULT/compute_port': value => $compute_port;
@ -499,15 +465,15 @@ class keystone(
}
}
if($database_connection_real =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
if($database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
require 'mysql::bindings'
require 'mysql::bindings::python'
} elsif($database_connection_real =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
} elsif($database_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
} elsif($database_connection_real =~ /sqlite:\/\//) {
} elsif($database_connection =~ /sqlite:\/\//) {
} else {
fail("Invalid db connection ${database_connection_real}")
fail("Invalid db connection ${database_connection}")
}
# memcache connection config
@ -544,8 +510,8 @@ class keystone(
# db connection config
keystone_config {
'database/connection': value => $database_connection_real, secret => true;
'database/idle_timeout': value => $database_idle_timeout_real;
'database/connection': value => $database_connection, secret => true;
'database/idle_timeout': value => $database_idle_timeout;
}
# configure based on the catalog backend
@ -564,13 +530,6 @@ class keystone(
'catalog/template_file': value => $catalog_template_file;
}
if $token_format {
warning('token_format parameter is deprecated. Use token_provider instead.')
}
# remove the old format in case of an upgrade
keystone_config { 'signing/token_format': ensure => absent }
# Set the signing key/cert configuration values.
keystone_config {
'signing/certfile': value => $signing_certfile;
@ -601,13 +560,7 @@ class keystone(
}
}
if ($token_format == false and $token_provider == 'keystone.token.providers.pki.Provider') or $token_format == 'PKI' {
keystone_config { 'token/provider': value => 'keystone.token.providers.pki.Provider' }
} elsif $token_format == 'UUID' {
keystone_config { 'token/provider': value => 'keystone.token.providers.uuid.Provider' }
} else {
keystone_config { 'token/provider': value => $token_provider }
}
keystone_config { 'token/provider': value => $token_provider }
if $notification_driver {
keystone_config { 'DEFAULT/notification_driver': value => $notification_driver }

48
spec/classes/keystone_endpoint_spec.rb
View File

@ -48,52 +48,4 @@ describe 'keystone::endpoint' do
)
end
end
describe 'with deprecated parameters' do
let :params do
{ :public_address => '10.0.0.1',
:admin_address => '10.0.0.2',
:internal_address => '10.0.0.3',
:public_port => '23456',
:admin_port => '12345',
:region => 'RegionTwo',
:version => 'v3.0' }
end
it { should contain_keystone_endpoint('RegionTwo/keystone').with(
:ensure => 'present',
:public_url => 'http://10.0.0.1:23456/v3.0',
:admin_url => 'http://10.0.0.2:12345/v3.0',
:internal_url => 'http://10.0.0.3:23456/v3.0'
)}
describe 'public_address overrides public_url' do
let :params do
{ :public_address => '10.0.0.1',
:public_port => '12345',
:public_url => 'http://10.10.10.10:23456/v3.0' }
end
it { should contain_keystone_endpoint('RegionOne/keystone').with(
:ensure => 'present',
:public_url => 'http://10.0.0.1:12345/v2.0'
)}
end
end
describe 'with overridden deprecated internal_port' do
let :params do
{ :internal_port => '12345' }
end
it { should contain_keystone_endpoint('RegionOne/keystone').with(
:ensure => 'present',
:public_url => 'http://127.0.0.1:5000/v2.0',
:admin_url => 'http://127.0.0.1:35357/v2.0',
:internal_url => 'http://127.0.0.1:12345/v2.0'
)}
end
end

119
spec/classes/keystone_spec.rb
View File

@ -217,24 +217,6 @@ describe 'keystone' do
end
describe 'with deprecated sql_connection parameter' do
let :params do
{ :admin_token => 'service_token',
:sql_connection => 'mysql://a:b@c/d' }
end
it { should contain_keystone_config('database/connection').with_value(params[:sql_connection]) }
end
describe 'with deprecated idle_timeout parameter' do
let :params do
{ :admin_token => 'service_token',
:idle_timeout => 365 }
end
it { should contain_keystone_config('database/idle_timeout').with_value(params[:idle_timeout]) }
end
describe 'when configuring signing token provider' do
describe 'when configuring as UUID' do
@ -392,97 +374,6 @@ describe 'keystone' do
it { should contain_keystone_config('catalog/driver').with_value(params[:catalog_driver]) }
end
describe 'when configuring deprecated token_format as UUID with enable_pki_setup' do
let :params do
{
'admin_token' => 'service_token',
'token_format' => 'UUID'
}
end
it { should contain_exec('keystone-manage pki_setup').with(
:creates => '/etc/keystone/ssl/private/signing_key.pem'
) }
it { should contain_file('/var/cache/keystone').with_ensure('directory') }
describe 'when overriding the cache dir' do
let :params do
{
'admin_token' => 'service_token',
'token_provider' => 'keystone.token.providers.pki.Provider',
'cache_dir' => '/var/lib/cache/keystone'
}
end
it { should contain_file('/var/lib/cache/keystone') }
end
end
describe 'when configuring deprecated token_format as UUID without enable_pki_setup' do
let :params do
{
'admin_token' => 'service_token',
'token_format' => 'UUID',
'enable_pki_setup' => false
}
end
it { should_not contain_exec('keystone-manage pki_setup') }
it { should contain_file('/var/cache/keystone').with_ensure('directory') }
describe 'when overriding the cache dir' do
let :params do
{
'admin_token' => 'service_token',
'token_provider' => 'keystone.token.providers.uuid.Provider',
'cache_dir' => '/var/lib/cache/keystone'
}
end
it { should contain_file('/var/lib/cache/keystone') }
end
end
describe 'when configuring deprecated token_format as PKI with enable_pki_setup' do
let :params do
{
'admin_token' => 'service_token',
'token_format' => 'PKI',
}
end
it { should contain_exec('keystone-manage pki_setup').with(
:creates => '/etc/keystone/ssl/private/signing_key.pem'
) }
it { should contain_file('/var/cache/keystone').with_ensure('directory') }
describe 'when overriding the cache dir' do
let :params do
{
'admin_token' => 'service_token',
'token_provider' => 'keystone.token.providers.pki.Provider',
'cache_dir' => '/var/lib/cache/keystone'
}
end
it { should contain_file('/var/lib/cache/keystone') }
end
end
describe 'when configuring deprecated token_format as PKI without enable_pki_setup' do
let :params do
{
'admin_token' => 'service_token',
'token_format' => 'PKI',
'enable_pki_setup' => false
}
end
it { should_not contain_exec('keystone-manage pki_setup') }
it { should contain_file('/var/cache/keystone').with_ensure('directory') }
describe 'when overriding the cache dir' do
let :params do
{
'admin_token' => 'service_token',
'token_provider' => 'keystone.token.providers.pki.Provider',
'cache_dir' => '/var/lib/cache/keystone'
}
end
it { should contain_file('/var/lib/cache/keystone') }
end
end
end
describe 'when configuring token expiration' do
@ -614,16 +505,6 @@ describe 'keystone' do
it { should contain_keystone_config('DEFAULT/log_dir').with_ensure('absent') }
end
describe 'when configuring api binding with deprecated parameter' do
let :params do
default_params.merge({
:bind_host => '10.0.0.2',
})
end
it { should contain_keystone_config('DEFAULT/public_bind_host').with_value('10.0.0.2') }
it { should contain_keystone_config('DEFAULT/admin_bind_host').with_value('10.0.0.2') }
end
describe 'when enabling SSL' do
let :params do
{

20
tests/site.pp
View File

@ -28,11 +28,11 @@ node keystone_mysql {
password => 'keystone',
}
class { 'keystone':
verbose => true,
debug => true,
sql_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
catalog_type => 'sql',
admin_token => 'admin_token',
verbose => true,
debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
catalog_type => 'sql',
admin_token => 'admin_token',
}
class { 'keystone::roles::admin':
email => 'test@puppetlabs.com',
@ -44,11 +44,11 @@ node keystone_mysql {
# keystone with mysql on another node
node keystone {
class { 'keystone':
verbose => true,
debug => true,
sql_connection => 'mysql://keystone:password@127.0.0.1/keystone',
catalog_type => 'sql',
admin_token => 'admin_token',
verbose => true,
debug => true,
database_connection => 'mysql://keystone:password@127.0.0.1/keystone',
catalog_type => 'sql',
admin_token => 'admin_token',
}
class { 'keystone::db::mysql':
password => 'keystone',