From 9a5323ad18b9bc0e15b514ea98449a3ea5d58b68 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 16 Feb 2021 11:54:05 +0900 Subject: [PATCH] Use consistent names for service_credentials options This change renames ceilometer::agent::auth and its parameters to be consistent with the section name and the parameter names in ceilometer service. This allows operators more easily guess how the class and its parameters correspond to the options in ceilometer. Change-Id: I7ec7e5e36cad537117e8abb8fe0e67b8b8be48e9 --- manifests/agent/auth.pp | 56 +++++------- manifests/agent/service_credentials.pp | 90 +++++++++++++++++++ .../service_credentials-c8bf6bbf763bc08e.yaml | 5 ++ spec/classes/ceilometer_agent_auth_spec.rb | 5 +- ...ilometer_agent_service_credentials_spec.rb | 73 +++++++++++++++ 5 files changed, 191 insertions(+), 38 deletions(-) create mode 100644 manifests/agent/service_credentials.pp create mode 100644 releasenotes/notes/service_credentials-c8bf6bbf763bc08e.yaml create mode 100644 spec/classes/ceilometer_agent_service_credentials_spec.rb diff --git a/manifests/agent/auth.pp b/manifests/agent/auth.pp index a00f443..ea1bce2 100644 --- a/manifests/agent/auth.pp +++ b/manifests/agent/auth.pp @@ -1,5 +1,6 @@ # == Class: ceilometer::agent::auth # +# DEPRECATED ! # The ceilometer::agent::auth class helps configure common # auth settings for the agents. # @@ -7,22 +8,22 @@ # # [*auth_url*] # (Optional) the keystone public endpoint -# Defaults to 'http://localhost:5000'. +# Defaults to undef. # # [*auth_region*] # (Optional) the keystone region of this node -# Defaults to $::os_service_default. +# Defaults to undef. # # [*auth_user*] # (Optional) the keystone user for ceilometer services -# Defaults to 'ceilometer'. +# Defaults to undef. # # [*auth_password*] # (Required) the keystone password for ceilometer services # # [*auth_tenant_name*] # (Optional) the keystone tenant name for ceilometer services -# Defaults to 'services'. +# Defaults to undef. # # [*auth_tenant_id*] # (Optional) the keystone tenant id for ceilometer services. @@ -39,58 +40,43 @@ # # [*auth_user_domain_name*] # (Optional) domain name for auth user. -# Defaults to 'Default'. +# Defaults to undef. # # [*auth_project_domain_name*] # (Optional) domain name for auth project. -# Defaults to 'Default'. +# Defaults to undef. # # [*auth_type*] # (Optional) Authentication type to load. -# Defaults to 'password'. +# Defaults to undef. # class ceilometer::agent::auth ( $auth_password, - $auth_url = 'http://localhost:5000', - $auth_region = $::os_service_default, - $auth_user = 'ceilometer', - $auth_tenant_name = 'services', + $auth_url = undef, + $auth_region = undef, + $auth_user = undef, + $auth_tenant_name = undef, $auth_tenant_id = undef, $auth_cacert = undef, $auth_endpoint_type = undef, - $auth_user_domain_name = 'Default', - $auth_project_domain_name = 'Default', - $auth_type = 'password', + $auth_user_domain_name = undef, + $auth_project_domain_name = undef, + $auth_type = undef ) { include ceilometer::deps - if ! $auth_cacert { - ceilometer_config { 'service_credentials/cafile': ensure => absent } - } else { - ceilometer_config { 'service_credentials/cafile': value => $auth_cacert } - } + warning('The ceilometer::agent::auth class has been deprecated. \ +Use the ceilometer::agent::service_credentials classs instead') - ceilometer_config { - 'service_credentials/auth_url' : value => $auth_url; - 'service_credentials/region_name' : value => $auth_region; - 'service_credentials/username' : value => $auth_user; - 'service_credentials/password' : value => $auth_password, secret => true; - 'service_credentials/project_name' : value => $auth_tenant_name; - 'service_credentials/user_domain_name' : value => $auth_user_domain_name; - 'service_credentials/project_domain_name': value => $auth_project_domain_name; - 'service_credentials/auth_type' : value => $auth_type; - } + include ceilometer::agent::service_credentials + # Since we use names instead of ids for keystone credentials in most of + # our modules, we'll just deprecated this feature and don't migrate this + # to the new service_credentials class. if $auth_tenant_id { ceilometer_config { 'service_credentials/project_id' : value => $auth_tenant_id; } } - - if $auth_endpoint_type { - ceilometer_config { - 'service_credentials/interface' : value => $auth_endpoint_type; - } - } } diff --git a/manifests/agent/service_credentials.pp b/manifests/agent/service_credentials.pp new file mode 100644 index 0000000..5d3ed31 --- /dev/null +++ b/manifests/agent/service_credentials.pp @@ -0,0 +1,90 @@ +# == Class: ceilometer::agent::service_credentials +# +# The ceilometer::agent::service_credentials class helps configure common +# service credentials settings for the agents. +# +# === Parameters: +# +# [*auth_url*] +# (Optional) the keystone public endpoint +# Defaults to 'http://localhost:5000'. +# +# [*region_name*] +# (Optional) the keystone region of this node +# Defaults to $::os_service_default. +# +# [*username*] +# (Optional) the keystone user for ceilometer services +# Defaults to 'ceilometer'. +# +# [*password*] +# (Required) the keystone password for ceilometer services +# +# [*project_name*] +# (Optional) the keystone project name for ceilometer services +# Defaults to 'services'. +# +# [*cafile*] +# (Optional) Certificate chain for SSL validation. +# Defaults to $::os_service_default. +# +# [*interface*] +# (Optional) Type of endpoint in Identity service catalog to use for +# communication with OpenStack services. +# Defaults to $::os_service_default. +# +# [*user_domain_name*] +# (Optional) domain name for auth user. +# Defaults to 'Default'. +# +# [*project_domain_name*] +# (Optional) domain name for auth project. +# Defaults to 'Default'. +# +# [*auth_type*] +# (Optional) Authentication type to load. +# Defaults to 'password'. +# +class ceilometer::agent::service_credentials ( + $password = false, + $auth_url = 'http://localhost:5000', + $region_name = $::os_service_default, + $username = 'ceilometer', + $project_name = 'services', + $cafile = $::os_service_default, + $interface = $::os_service_default, + $user_domain_name = 'Default', + $project_domain_name = 'Default', + $auth_type = 'password', +) { + + include ceilometer::deps + + $password_real = pick($::ceilometer::agent::auth::auth_password, $password) + if ! $password_real { + fail('The password parameter is required') + } + + $auth_url_real = pick($::ceilometer::agent::auth::auth_url, $auth_url) + $region_name_real = pick($::ceilometer::agent::auth::auth_region, $region_name) + $username_real = pick($::ceilometer::agent::auth::auth_user, $username) + $project_name_real = pick($::ceilometer::agent::auth::auth_tenant_name, $project_name) + $cafile_real = pick($::ceilometer::agent::auth::auth_cacert, $cafile) + $interface_real = pick($::ceilometer::agent::auth::auth_endpoint_type, $interface) + $user_domain_name_real = pick($::ceilometer::agent::auth::auth_user_domain_name, $user_domain_name) + $project_domain_name_real = pick($::ceilometer::agent::auth::auth_project_domain_name, $project_domain_name) + $auth_type_real = pick($::ceilometer::agent::auth::auth_type, $auth_type) + + ceilometer_config { + 'service_credentials/auth_url' : value => $auth_url_real; + 'service_credentials/region_name' : value => $region_name_real; + 'service_credentials/username' : value => $username_real; + 'service_credentials/password' : value => $password_real, secret => true; + 'service_credentials/project_name' : value => $project_name_real; + 'service_credentials/cafile' : value => $cafile_real; + 'service_credentials/interface' : value => $interface_real; + 'service_credentials/user_domain_name' : value => $user_domain_name_real; + 'service_credentials/project_domain_name': value => $project_domain_name_real; + 'service_credentials/auth_type' : value => $auth_type_real; + } +} diff --git a/releasenotes/notes/service_credentials-c8bf6bbf763bc08e.yaml b/releasenotes/notes/service_credentials-c8bf6bbf763bc08e.yaml new file mode 100644 index 0000000..6d3a3ce --- /dev/null +++ b/releasenotes/notes/service_credentials-c8bf6bbf763bc08e.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + The ``ceilometer::agent::auth`` class has been deprecated. Use the + ``ceilometer::agent::service_credentials`` class instead. diff --git a/spec/classes/ceilometer_agent_auth_spec.rb b/spec/classes/ceilometer_agent_auth_spec.rb index 71ccaec..9a97a30 100644 --- a/spec/classes/ceilometer_agent_auth_spec.rb +++ b/spec/classes/ceilometer_agent_auth_spec.rb @@ -21,10 +21,9 @@ describe 'ceilometer::agent::auth' do is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000') is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('') is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer') - is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password') - is_expected.to contain_ceilometer_config('service_credentials/password').with_value(params[:auth_password]).with_secret(true) + is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true) is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services') - is_expected.to contain_ceilometer_config('service_credentials/cafile').with(:ensure => 'absent') + is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('') is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default') is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default') is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password') diff --git a/spec/classes/ceilometer_agent_service_credentials_spec.rb b/spec/classes/ceilometer_agent_service_credentials_spec.rb new file mode 100644 index 0000000..4a20621 --- /dev/null +++ b/spec/classes/ceilometer_agent_service_credentials_spec.rb @@ -0,0 +1,73 @@ +require 'spec_helper' + +describe 'ceilometer::agent::service_credentials' do + + let :pre_condition do + "class { 'ceilometer': telemetry_secret => 's3cr3t' }" + end + + let :params do + { :password => 'password' } + end + + shared_examples_for 'ceilometer::agent::service_credentials' do + + context 'wtih default values' do + it 'configures authentication' do + is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000') + is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('') + is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer') + is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true) + is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services') + is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('') + is_expected.to contain_ceilometer_config('service_credentials/interface').with_value('') + is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default') + is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default') + is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password') + end + end + + context 'when overriding parameters' do + before do + params.merge!( + :auth_url => 'http://192.168.0.1:5000', + :region_name => 'regionOne', + :username => 'ceilometer2', + :project_name => 'services2', + :cafile => '/tmp/dummy.pem', + :interface => 'internalURL', + :auth_type => 'v3password', + :user_domain_name => 'MyDomain', + :project_domain_name => 'MyProjDomain', + ) + end + + it 'configures the specified values' do + is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://192.168.0.1:5000') + is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('regionOne') + is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer2') + is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true) + is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services2') + is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('/tmp/dummy.pem') + is_expected.to contain_ceilometer_config('service_credentials/interface').with_value('internalURL') + is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('MyDomain') + is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('MyProjDomain') + is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('v3password') + end + end + + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'ceilometer::agent::service_credentials' + end + end + +end -- 2.45.2