class { '::ceilometer::expirer': }
class { '::ceilometer::agent::central': }
class { '::ceilometer::agent::notification': }
+class { '::ceilometer::keystone::authtoken':
+ password => 'a_big_secret',
+}
class { '::ceilometer::api':
- enabled => true,
- keystone_password => 'a_big_secret',
- keystone_identity_uri => 'http://127.0.0.1:35357/',
- service_name => 'httpd',
+ enabled => true,
+ service_name => 'httpd',
}
include ::apache
class { '::ceilometer::wsgi::apache':
# require => Class['mongodb'],
# }
- # Install the ceilometer-api service
- # The keystone_password parameter is mandatory
- class { '::ceilometer::api':
- keystone_password => 'tralalayouyou'
+ # Configure keystonemiddleware for ceilometer
+ class { '::ceilometer::keystone::authtoken':
+ password => 'tralalayouyou'
}
+ # Install the ceilometer-api service
+ class { '::ceilometer::api': }
# Set common auth parameters used by all agents (compute/central)
class { '::ceilometer::agent::auth':
# (Optional) Whether the service should be managed by Puppet.
# Defaults to true.
#
-# [*keystone_user*]
-# (optional) The name of the auth user
-# Defaults to ceilometer.
-#
-# [*keystone_user*]
-# (Optional) User to authenticate with.
-# Defaults to 'ceilometer'.
-#
-# [*keystone_tenant*]
-# (Optional) Tenant to authenticate with.
-# Defaults to 'services'.
-#
-# [*keystone_password*]
-# (Required) Password to authenticate with.
-#
-# [*memcached_servers*]
-# (optinal) a list of memcached server(s) to use for caching. If left
-# undefined, tokens will instead be cached in-process.
-# Defaults to $::os_service_default.
-#
-# [*auth_uri*]
-# (Optional) Public Identity API endpoint.
-# Defaults to 'http://127.0.0.1:5000/'.
-#
-# [*identity_uri*]
-# (Optional) Complete admin Identity API endpoint.
-# Defaults to 'http://127.0.0.1:35357/'.
-#
# [*host*]
# (Optional) The ceilometer api bind address.
# Defaults to '0.0.0.0'.
# (Optional) Number of workers for Ceilometer API server (integer value).
# Defaults to $::os_service_default.
#
-# [*keystone_auth_uri*]
-# (optional) DEPRECATED Public Identity API endpoint.
-# Defaults to false.
-# Use auth_uri instead.
+# [*auth_strategy*]
+# (Optional) Type of authentication to be used.
+# Defaults to 'keystone'
+#
+# = DEPRECATED PARAMETER
+#
+# [*identity_uri*]
+# (Optional) DEPRECATED Use ceilometer::keystone::authtoken::auth_url instead.
+# Defaults to undef
+#
+# [*auth_uri*]
+# (Optional) DEPRECATED Use ceilometer::keystone::authtoken::auth_uri instead
+# Defaults to undef
+#
+# [*keystone_user*]
+# (Optional) DEPRECATED Use ceilometer::keystone::authtoken::username instead.
+# Defaults to undef
+#
+# [*keystone_tenant*]
+# (Optional) DEPRECATED Use ceilometer::keystone::authtoken::project_name instead.
+# Defaults to undef
+#
+# [*keystone_password*]
+# (Optional) DEPRECATED. Use ceilometer::keystone::authtoken::password instead.
+# Defaults to undef
#
-# [*keystone_identity_uri*]
-# (optional) DEPRECATED Complete admin Identity API endpoint.
-# Defaults to false.
-# Use identity_uri instead.
+# [*memcached_servers*]
+# (Optional) DEPRECATED. Use ceilometer::keystone::authtoken::memcached_servers instead.
+# Defaults to undef
#
class ceilometer::api (
- $manage_service = true,
- $enabled = true,
- $package_ensure = 'present',
- $keystone_user = 'ceilometer',
- $keystone_tenant = 'services',
- $keystone_password = false,
- $memcached_servers = $::os_service_default,
- $auth_uri = 'http://127.0.0.1:5000/',
- $identity_uri = 'http://127.0.0.1:35357/',
- $host = '0.0.0.0',
- $port = '8777',
- $service_name = $::ceilometer::params::api_service_name,
- $api_workers = $::os_service_default,
+ $manage_service = true,
+ $enabled = true,
+ $package_ensure = 'present',
+ $host = '0.0.0.0',
+ $port = '8777',
+ $service_name = $::ceilometer::params::api_service_name,
+ $api_workers = $::os_service_default,
+ $auth_strategy = 'keystone',
# DEPRECATED PARAMETERS
- $keystone_auth_uri = false,
- $keystone_identity_uri = false,
+ $identity_uri = undef,
+ $auth_uri = undef,
+ $keystone_user = undef,
+ $keystone_tenant = undef,
+ $keystone_password = undef,
+ $memcached_servers = undef,
) inherits ceilometer::params {
include ::ceilometer::params
include ::ceilometer::policy
- validate_string($keystone_password)
+ if $auth_strategy == 'keystone' {
+ include ::ceilometer::keystone::authtoken
+ }
+
+ if $identity_uri {
+ warning('ceilometer::api::identity_uri is deprecated, use ceilometer::keystone::authtoken::auth_url instead')
+ }
+
+ if $auth_uri {
+ warning('ceilometer::api::auth_uri is deprecated, use ceilometer::keystone::authtoken::auth_uri instead')
+ }
+
+ if $keystone_user {
+ warning('ceilometer::api::keystone_user is deprecated, use ceilometer::keystone::authtoken::username instead')
+ }
+
+ if $keystone_tenant {
+ warning('ceilometer::api::keystone_tenant is deprecated, use ceilometer::keystone::authtoken::project_name instead')
+ }
+
+ if $keystone_password {
+ warning('ceilometer::api::keystone_password is deprecated, use ceilometer::keystone::authtoken::password instead')
+ }
+
+ if $memcached_servers {
+ warning('ceilometer::api::memcached_servers is deprecated, use ceilometer::keystone::authtoken::memcached_servers instead')
+ }
+
Ceilometer_config<||> ~> Service[$service_name]
Class['ceilometer::policy'] ~> Service[$service_name]
}
ceilometer_config {
- 'api/workers' : value => $api_workers;
- 'keystone_authtoken/admin_tenant_name' : value => $keystone_tenant;
- 'keystone_authtoken/admin_user' : value => $keystone_user;
- 'keystone_authtoken/admin_password' : value => $keystone_password, secret => true;
- 'keystone_authtoken/memcached_servers' : value => join(any2array($memcached_servers), ',');
- 'api/host' : value => $host;
- 'api/port' : value => $port;
- }
-
- if $keystone_auth_uri {
- warning('The keystone_auth_uri parameter is deprecated. Please use auth_uri instead.')
- $auth_uri_real = $keystone_auth_uri
- } else {
- $auth_uri_real = $auth_uri
- }
-
- if $keystone_identity_uri {
- warning('The keystone_identity_uri parameter is deprecated. Please use identity_uri instead.')
- $identity_uri_real = $keystone_identity_uri
- } else {
- $identity_uri_real = $identity_uri
- }
-
- ceilometer_config {
- 'keystone_authtoken/auth_uri' : value => $auth_uri_real;
- 'keystone_authtoken/identity_uri' : value => $identity_uri_real;
+ 'api/workers': value => $api_workers;
+ 'api/host': value => $host;
+ 'api/port': value => $port;
}
}
--- /dev/null
+# class: ceilometer::keystone::authtoken
+#
+# Configure the keystone_authtoken section in the configuration file
+#
+# === Parameters
+#
+# [*username*]
+# (Optional) The name of the service user
+# Defaults to 'ceilometer'
+#
+# [*password*]
+# (Optional) Password to create for the service user
+# Defaults to $::os_service_default
+#
+# [*auth_url*]
+# (Optional) The URL to use for authentication.
+# Defaults to 'http://127.0.0.1:35357/'.
+#
+# [*project_name*]
+# (Optional) Service project name
+# Defaults to 'services'
+#
+# [*user_domain_name*]
+# (Optional) Name of domain for $username
+# Defaults to $::os_service_default
+#
+# [*project_domain_name*]
+# (Optional) Name of domain for $project_name
+# Defaults to $::os_service_default
+#
+# [*insecure*]
+# (Optional) If true, explicitly allow TLS without checking server cert
+# against any certificate authorities. WARNING: not recommended. Use with
+# caution.
+# Defaults to $:os_service_default
+#
+# [*auth_section*]
+# (Optional) Config Section from which to load plugin specific options
+# Defaults to $::os_service_default.
+#
+# [*auth_type*]
+# (Optional) Authentication type to load
+# Defaults to 'password'
+#
+# [*auth_uri*]
+# (Optional) Complete public Identity API endpoint.
+# Defaults to 'http://127.0.0.1:5000/'.
+#
+# [*auth_version*]
+# (Optional) API version of the admin Identity API endpoint.
+# Defaults to $::os_service_default.
+#
+# [*cache*]
+# (Optional) Env key for the swift cache.
+# Defaults to $::os_service_default.
+#
+# [*cafile*]
+# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
+# connections.
+# Defaults to $::os_service_default.
+#
+# [*certfile*]
+# (Optional) Required if identity server requires client certificate
+# Defaults to $::os_service_default.
+#
+# [*check_revocations_for_cached*]
+# (Optional) If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server.
+# boolean value.
+# Defaults to $::os_service_default.
+#
+# [*delay_auth_decision*]
+# (Optional) Do not handle authorization requests within the middleware, but
+# delegate the authorization decision to downstream WSGI components. Boolean
+# value
+# Defaults to $::os_service_default.
+#
+# [*enforce_token_bind*]
+# (Optional) Used to control the use and type of token binding. Can be set
+# to: "disabled" to not check token binding. "permissive" (default) to
+# validate binding information if the bind type is of a form known to the
+# server and ignore it if not. "strict" like "permissive" but if the bind
+# type is unknown the token will be rejected. "required" any form of token
+# binding is needed to be allowed. Finally the name of a binding method that
+# must be present in tokens. String value.
+# Defaults to $::os_service_default.
+#
+# [*hash_algorithms*]
+# (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will
+# be stored in the cache. This will typically be set to multiple values only
+# while migrating from a less secure algorithm to a more secure one. Once all
+# the old tokens are expired this option should be set to a single value for
+# better performance. List value.
+# Defaults to $::os_service_default.
+#
+# [*http_connect_timeout*]
+# (Optional) Request timeout value for communicating with Identity API
+# server.
+# Defaults to $::os_service_default.
+#
+# [*http_request_max_retries*]
+# (Optional) How many times are we trying to reconnect when communicating
+# with Identity API Server. Integer value
+# Defaults to $::os_service_default.
+#
+# [*include_service_catalog*]
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will
+# not set the X-Service-Catalog header. Boolean value.
+# Defaults to $::os_service_default.
+#
+# [*keyfile*]
+# (Optional) Required if identity server requires client certificate
+# Defaults to $::os_service_default.
+#
+# [*memcache_pool_conn_get_timeout*]
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. Integer value
+# Defaults to $::os_service_default.
+#
+# [*memcache_pool_dead_retry*]
+# (Optional) Number of seconds memcached server is considered dead before it
+# is tried again. Integer value
+# Defaults to $::os_service_default.
+#
+# [*memcache_pool_maxsize*]
+# (Optional) Maximum total number of open connections to every memcached
+# server. Integer value
+# Defaults to $::os_service_default.
+#
+# [*memcache_pool_socket_timeout*]
+# (Optional) Number of seconds a connection to memcached is held unused in
+# the pool before it is closed. Integer value
+# Defaults to $::os_service_default.
+#
+# [*memcache_pool_unused_timeout*]
+# (Optional) Number of seconds a connection to memcached is held unused in
+# the pool before it is closed. Integer value
+# Defaults to $::os_service_default.
+#
+# [*memcache_secret_key*]
+# (Optional, mandatory if memcache_security_strategy is defined) This string
+# is used for key derivation.
+# Defaults to $::os_service_default.
+#
+# [*memcache_security_strategy*]
+# (Optional) If defined, indicate whether token data should be authenticated
+# or authenticated and encrypted. If MAC, token data is authenticated (with
+# HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization.
+# Defaults to $::os_service_default.
+#
+# [*memcache_use_advanced_pool*]
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x Boolean value
+# Defaults to $::os_service_default.
+#
+# [*memcached_servers*]
+# (Optional) Optionally specify a list of memcached server(s) to use for
+# caching. If left undefined, tokens will instead be cached in-process.
+# Defaults to $::os_service_default.
+#
+# [*region_name*]
+# (Optional) The region in which the identity server can be found.
+# Defaults to $::os_service_default.
+#
+# [*revocation_cache_time*]
+# (Optional) Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of
+# revocation events combined with a low cache duration may significantly
+# reduce performance. Only valid for PKI tokens. Integer value
+# Defaults to $::os_service_default.
+#
+# [*signing_dir*]
+# (Optional) Directory used to cache files related to PKI tokens.
+# Defaults to $::os_service_default.
+#
+# [*token_cache_time*]
+# (Optional) In order to prevent excessive effort spent validating tokens,
+# the middleware caches previously-seen tokens for a configurable duration
+# (in seconds). Set to -1 to disable caching completely. Integer value
+# Defaults to $::os_service_default.
+#
+class ceilometer::keystone::authtoken(
+ $username = 'ceilometer',
+ $password = $::os_service_default,
+ $auth_url = 'http://127.0.0.1:35357/',
+ $project_name = 'services',
+ $user_domain_name = $::os_service_default,
+ $project_domain_name = $::os_service_default,
+ $insecure = $::os_service_default,
+ $auth_section = $::os_service_default,
+ $auth_type = 'password',
+ $auth_uri = 'http://127.0.0.1:5000/',
+ $auth_version = $::os_service_default,
+ $cache = $::os_service_default,
+ $cafile = $::os_service_default,
+ $certfile = $::os_service_default,
+ $check_revocations_for_cached = $::os_service_default,
+ $delay_auth_decision = $::os_service_default,
+ $enforce_token_bind = $::os_service_default,
+ $hash_algorithms = $::os_service_default,
+ $http_connect_timeout = $::os_service_default,
+ $http_request_max_retries = $::os_service_default,
+ $include_service_catalog = $::os_service_default,
+ $keyfile = $::os_service_default,
+ $memcache_pool_conn_get_timeout = $::os_service_default,
+ $memcache_pool_dead_retry = $::os_service_default,
+ $memcache_pool_maxsize = $::os_service_default,
+ $memcache_pool_socket_timeout = $::os_service_default,
+ $memcache_pool_unused_timeout = $::os_service_default,
+ $memcache_secret_key = $::os_service_default,
+ $memcache_security_strategy = $::os_service_default,
+ $memcache_use_advanced_pool = $::os_service_default,
+ $memcached_servers = $::os_service_default,
+ $region_name = $::os_service_default,
+ $revocation_cache_time = $::os_service_default,
+ $signing_dir = $::os_service_default,
+ $token_cache_time = $::os_service_default,
+) {
+
+ if is_service_default($password) and ! $::ceilometer::api::keystone_password {
+ fail('Please set password for ceilometer service user')
+ }
+
+ $username_real = pick($::ceilometer::api::keystone_user,$username)
+ $password_real = pick($::ceilometer::api::keystone_password,$password)
+ $project_name_real = pick($::ceilometer::api::keystone_tenant,$project_name)
+ $auth_uri_real = pick($::ceilometer::api::auth_uri, $auth_uri)
+ $auth_url_real = pick($::ceilometer::api::identity_uri, $auth_url)
+ $memcached_servers_real = pick($::ceilometer::api::memcached_servers, $memcached_servers)
+
+ keystone::resource::authtoken { 'ceilometer_config':
+ username => $username_real,
+ password => $password_real,
+ project_name => $project_name_real,
+ auth_url => $auth_url_real,
+ auth_uri => $auth_uri_real,
+ auth_version => $auth_version,
+ auth_type => $auth_type,
+ auth_section => $auth_section,
+ user_domain_name => $user_domain_name,
+ project_domain_name => $project_domain_name,
+ insecure => $insecure,
+ cache => $cache,
+ cafile => $cafile,
+ certfile => $certfile,
+ check_revocations_for_cached => $check_revocations_for_cached,
+ delay_auth_decision => $delay_auth_decision,
+ enforce_token_bind => $enforce_token_bind,
+ hash_algorithms => $hash_algorithms,
+ http_connect_timeout => $http_connect_timeout,
+ http_request_max_retries => $http_request_max_retries,
+ include_service_catalog => $include_service_catalog,
+ keyfile => $keyfile,
+ memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
+ memcache_pool_dead_retry => $memcache_pool_dead_retry,
+ memcache_pool_maxsize => $memcache_pool_maxsize,
+ memcache_pool_socket_timeout => $memcache_pool_socket_timeout,
+ memcache_secret_key => $memcache_secret_key,
+ memcache_security_strategy => $memcache_security_strategy,
+ memcache_use_advanced_pool => $memcache_use_advanced_pool,
+ memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
+ memcached_servers => $memcached_servers_real,
+ region_name => $region_name,
+ revocation_cache_time => $revocation_cache_time,
+ signing_dir => $signing_dir,
+ token_cache_time => $token_cache_time,
+ }
+}
--- /dev/null
+---
+features:
+ - Configure keystonemiddleware in a consistent way with all options required
+ for Keystone v3.
+deprecations:
+ - ceilometer::api::identity_uri is deprecated in favor of
+ ceilometer::keystone::authtoken::auth_url
+ - ceilometer::api::auth_uri is deprecated in favor of
+ ceilometer::keystone::authtoken::auth_uri
+ - ceilometer::api::keystone_tenant is deprecated in favor of
+ ceilometer::keystone::authtoken::project_name.
+ - ceilometer::api::keystone_user is deprecated in favor of
+ ceilometer::keystone::authtoken::username.
+ - ceilometer::api::keystone_password is deprecated in favor of
+ ceilometer::keystone::authtoken::password.
+ - ceilometer::api::memcached_servers is deprecated in favor of
+ ceilometer::keystone::authtoken::memcached_servers.
+other:
+ - remove deprecated parameter ceilometer::api::keystone_auth_uri and
+ ceilometer::api::keystone_identity_uri
class { '::ceilometer::expirer': }
class { '::ceilometer::agent::central': }
class { '::ceilometer::agent::notification': }
+ class { '::ceilometer::keystone::authtoken':
+ password => 'a_big_secret',
+ }
class { '::ceilometer::api':
- enabled => true,
- keystone_password => 'a_big_secret',
- keystone_identity_uri => 'http://127.0.0.1:35357/',
- service_name => 'httpd',
+ enabled => true,
+ service_name => 'httpd',
}
include ::apache
class { '::ceilometer::wsgi::apache':
end
let :params do
- { :enabled => true,
- :manage_service => true,
- :keystone_user => 'ceilometer',
+ { :enabled => true,
+ :manage_service => true,
:keystone_password => 'ceilometer-passw0rd',
- :keystone_tenant => 'services',
- :host => '0.0.0.0',
- :port => '8777',
- :package_ensure => 'latest',
+ :host => '0.0.0.0',
+ :port => '8777',
+ :package_ensure => 'latest',
}
end
shared_examples_for 'ceilometer-api' do
- context 'without required parameter keystone_password' do
- before { params.delete(:keystone_password) }
- it { expect { is_expected.to raise_error(Puppet::Error) } }
- end
-
it { is_expected.to contain_class('ceilometer::params') }
it { is_expected.to contain_class('ceilometer::policy') }
+ it { is_expected.to contain_class('ceilometer::keystone::authtoken') }
it 'installs ceilometer-api package' do
is_expected.to contain_package('ceilometer-api').with(
)
end
- it 'configures keystone authentication middleware' do
- is_expected.to contain_ceilometer_config('keystone_authtoken/admin_tenant_name').with_value( params[:keystone_tenant] )
- is_expected.to contain_ceilometer_config('keystone_authtoken/admin_user').with_value( params[:keystone_user] )
- is_expected.to contain_ceilometer_config('keystone_authtoken/admin_password').with_value( params[:keystone_password] )
- is_expected.to contain_ceilometer_config('keystone_authtoken/admin_password').with_value( params[:keystone_password] ).with_secret(true)
- is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value("http://127.0.0.1:5000/")
- is_expected.to contain_ceilometer_config('keystone_authtoken/identity_uri').with_value("http://127.0.0.1:35357/")
- is_expected.to contain_ceilometer_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
+ it 'configures api' do
is_expected.to contain_ceilometer_config('api/host').with_value( params[:host] )
is_expected.to contain_ceilometer_config('api/port').with_value( params[:port] )
is_expected.to contain_ceilometer_config('api/workers').with_value('<SERVICE DEFAULT>')
end
end
- context 'with memcached servers' do
+ context 'with deprecated parameters' do
before do
- params.merge!({ :memcached_servers => '1.1.1.1:11211', })
+ params.merge!({
+ :auth_uri => 'https://10.0.0.1:5000/deprecated',
+ :keystone_user => 'myuser',
+ :keystone_password => 'mypasswd',
+ :identity_uri => 'http://10.0.0.1:35357/deprecated',
+ :keystone_tenant => 'service_project',
+ :memcached_servers => ['memcached01:11211','memcached02:11211'],
+ })
end
- it 'configures ceilometer-api service' do
- is_expected.to contain_ceilometer_config('keystone_authtoken/memcached_servers').with_value('1.1.1.1:11211')
+ it 'configures keystone_authtoken middleware' do
+ is_expected.to contain_ceilometer_config(
+ 'keystone_authtoken/auth_uri').with_value(params[:auth_uri])
+ is_expected.to contain_ceilometer_config(
+ 'keystone_authtoken/username').with_value(params[:keystone_user])
+ is_expected.to contain_ceilometer_config(
+ 'keystone_authtoken/password').with_value(params[:keystone_password]).with_secret(true)
+ is_expected.to contain_ceilometer_config(
+ 'keystone_authtoken/auth_url').with_value(params[:identity_uri])
+ is_expected.to contain_ceilometer_config(
+ 'keystone_authtoken/project_name').with_value(params[:keystone_tenant])
+ is_expected.to contain_ceilometer_config(
+ 'keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
end
end
it_configures 'ceilometer-api'
end
- describe "with deprecated custom keystone_identity_uri and keystone_auth_uri" do
- let :facts do
- @default_facts.merge({ :osfamily => 'RedHat' })
- end
- before do
- params.merge!({
- :keystone_identity_uri => 'https://foo.bar:35357/',
- :keystone_auth_uri => 'https://foo.bar:5000/',
- })
- end
- it 'configures identity_uri and auth_uri but deprecates old auth settings' do
- is_expected.to contain_ceilometer_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
- is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/");
- end
- end
-
- describe "with custom keystone identity_uri and auth_uri" do
- let :facts do
- @default_facts.merge({ :osfamily => 'RedHat' })
- end
- before do
- params.merge!({
- :identity_uri => 'https://foo.bar:35357/',
- :auth_uri => 'https://foo.bar:5000/',
- })
- end
- it 'configures identity_uri and auth_uri but deprecates old auth settings' do
- is_expected.to contain_ceilometer_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
- is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/");
- end
- end
-
end
--- /dev/null
+require 'spec_helper'
+
+describe 'ceilometer::keystone::authtoken' do
+
+ let :params do
+ { :password => 'ceilometer_password', }
+ end
+
+ shared_examples 'ceilometer authtoken' do
+
+ context 'with default parameters' do
+
+ it 'configure keystone_authtoken' do
+ is_expected.to contain_ceilometer_config('keystone_authtoken/username').with_value('ceilometer')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/password').with_value('ceilometer_password')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_url').with_value('http://127.0.0.1:35357/')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/project_name').with_value('services')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/user_domain_name').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/project_domain_name').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/insecure').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_section').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_type').with_value('password')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value('http://127.0.0.1:5000/')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_version').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/cache').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/cafile').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/certfile').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/check_revocations_for_cached').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/delay_auth_decision').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/enforce_token_bind').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/hash_algorithms').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/http_connect_timeout').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/http_request_max_retries').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/include_service_catalog').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/keyfile').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_conn_get_timeout').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_dead_retry').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_maxsize').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_socket_timeout').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_unused_timeout').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_secret_key').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_security_strategy').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_use_advanced_pool').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/revocation_cache_time').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/signing_dir').with_value('<SERVICE DEFAULT>')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
+ end
+ end
+
+ context 'when overriding parameters' do
+ before do
+ params.merge!({
+ :auth_uri => 'https://10.0.0.1:9999/',
+ :username => 'myuser',
+ :password => 'mypasswd',
+ :auth_url => 'https://127.0.0.1:35357',
+ :project_name => 'service_project',
+ :user_domain_name => 'domainX',
+ :project_domain_name => 'domainX',
+ :insecure => false,
+ :auth_section => 'new_section',
+ :auth_type => 'password',
+ :auth_version => 'v3',
+ :cache => 'somevalue',
+ :cafile => '/opt/stack/data/cafile.pem',
+ :certfile => 'certfile.crt',
+ :check_revocations_for_cached => false,
+ :delay_auth_decision => false,
+ :enforce_token_bind => 'permissive',
+ :hash_algorithms => 'md5',
+ :http_connect_timeout => '300',
+ :http_request_max_retries => '3',
+ :include_service_catalog => true,
+ :keyfile => 'keyfile',
+ :memcache_pool_conn_get_timeout => '9',
+ :memcache_pool_dead_retry => '302',
+ :memcache_pool_maxsize => '11',
+ :memcache_pool_socket_timeout => '2',
+ :memcache_pool_unused_timeout => '61',
+ :memcache_secret_key => 'secret_key',
+ :memcache_security_strategy => 'ENCRYPT',
+ :memcache_use_advanced_pool => true,
+ :memcached_servers => ['memcached01:11211','memcached02:11211'],
+ :region_name => 'region2',
+ :revocation_cache_time => '11',
+ :signing_dir => '/var/cache',
+ :token_cache_time => '301',
+ })
+ end
+
+ it 'configure keystone_authtoken' do
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value('https://10.0.0.1:9999/')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/username').with_value(params[:username])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/password').with_value(params[:password]).with_secret(true)
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_url').with_value(params[:auth_url])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/project_name').with_value(params[:project_name])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/user_domain_name').with_value(params[:user_domain_name])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/project_domain_name').with_value(params[:project_domain_name])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/insecure').with_value(params[:insecure])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_section').with_value(params[:auth_section])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_type').with_value(params[:auth_type])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/auth_version').with_value(params[:auth_version])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/cache').with_value(params[:cache])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/cafile').with_value(params[:cafile])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/certfile').with_value(params[:certfile])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/check_revocations_for_cached').with_value(params[:check_revocations_for_cached])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/delay_auth_decision').with_value(params[:delay_auth_decision])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/enforce_token_bind').with_value(params[:enforce_token_bind])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/hash_algorithms').with_value(params[:hash_algorithms])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/http_connect_timeout').with_value(params[:http_connect_timeout])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/http_request_max_retries').with_value(params[:http_request_max_retries])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/include_service_catalog').with_value(params[:include_service_catalog])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/keyfile').with_value(params[:keyfile])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_conn_get_timeout').with_value(params[:memcache_pool_conn_get_timeout])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_dead_retry').with_value(params[:memcache_pool_dead_retry])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_maxsize').with_value(params[:memcache_pool_maxsize])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_socket_timeout').with_value(params[:memcache_pool_socket_timeout])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_pool_unused_timeout').with_value(params[:memcache_pool_unused_timeout])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_secret_key').with_value(params[:memcache_secret_key])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_security_strategy').with_value(params[:memcache_security_strategy])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcache_use_advanced_pool').with_value(params[:memcache_use_advanced_pool])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
+ is_expected.to contain_ceilometer_config('keystone_authtoken/region_name').with_value(params[:region_name])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/revocation_cache_time').with_value(params[:revocation_cache_time])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/signing_dir').with_value(params[:signing_dir])
+ is_expected.to contain_ceilometer_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
+ end
+ end
+ end
+
+ on_supported_os({
+ :supported_os => OSDefaults.get_supported_os
+ }).each do |os,facts|
+ context "on #{os}" do
+ let (:facts) do
+ facts.merge!(OSDefaults.get_facts())
+ end
+
+ it_configures 'ceilometer authtoken'
+ end
+ end
+
+end
Code Review / puppet-modules / puppet-ceilometer.git / commitdiff