From c7c55b4ace8080edb80867a19f43ac3c730fc341 Mon Sep 17 00:00:00 2001
From: Matt Fischer <matt@mattfischer.com>
Date: Fri, 13 May 2016 20:22:16 -0600
Subject: [PATCH] Correct service_credentials section

The service_credential section variables were renamed at some point
before Mitaka. They are broken in Mitaka and Newton, and possibly
earlier. Additionally some critical variables for dealing with domains
and keystone v3 are missing. This corrects those issues.

A later commit should deprecate some of the naming for things
that have totally different names, like the endpoint_type and
tenant_name, but we need to cleanly (and minimally) backport this to
Mitaka.

Change-Id: I8de5e42102fed2de6bea7bbdd788e86a88f0354c
Closes-Bug: #1581691
(cherry picked from commit c853fc65013ee8ce78c42e822df98b423d25bd48)
---
 manifests/agent/auth.pp                    | 51 ++++++++++++++--------
 spec/classes/ceilometer_agent_auth_spec.rb | 31 ++++++++-----
 2 files changed, 54 insertions(+), 28 deletions(-)

diff --git a/manifests/agent/auth.pp b/manifests/agent/auth.pp
index b1cf89c..a512fba 100644
--- a/manifests/agent/auth.pp
+++ b/manifests/agent/auth.pp
@@ -37,41 +37,58 @@
 #   communication with OpenStack services.
 #   Defaults to undef.
 #
+# [*auth_user_domain_name*]
+#   (Optional) domain name for auth user.
+#   Defaults to $::os_service_default.
+#
+# [*auth_project_domain_name*]
+#   (Optional) domain name for auth project.
+#   Defaults to $::os_service_default.
+#
+# [*auth_type*]
+#   (Optional) Authentication type to load.
+#   Defaults to $::os_service_default.
+#
 class ceilometer::agent::auth (
   $auth_password,
-  $auth_url           = 'http://localhost:5000/v2.0',
-  $auth_region        = $::os_service_default,
-  $auth_user          = 'ceilometer',
-  $auth_tenant_name   = 'services',
-  $auth_tenant_id     = undef,
-  $auth_cacert        = undef,
-  $auth_endpoint_type = undef,
+  $auth_url                 = 'http://localhost:5000/v2.0',
+  $auth_region              = $::os_service_default,
+  $auth_user                = 'ceilometer',
+  $auth_tenant_name         = 'services',
+  $auth_tenant_id           = undef,
+  $auth_cacert              = undef,
+  $auth_endpoint_type       = undef,
+  $auth_user_domain_name    = $::os_service_default,
+  $auth_project_domain_name = $::os_service_default,
+  $auth_type                = $::os_service_default,
 ) {
 
   if ! $auth_cacert {
-    ceilometer_config { 'service_credentials/os_cacert': ensure => absent }
+    ceilometer_config { 'service_credentials/ca_file': ensure => absent }
   } else {
-    ceilometer_config { 'service_credentials/os_cacert': value => $auth_cacert }
+    ceilometer_config { 'service_credentials/ca_file': value => $auth_cacert }
   }
 
   ceilometer_config {
-    'service_credentials/os_auth_url'    : value => $auth_url;
-    'service_credentials/os_region_name' : value => $auth_region;
-    'service_credentials/os_username'    : value => $auth_user;
-    'service_credentials/os_password'    : value => $auth_password, secret => true;
-    'service_credentials/os_tenant_name' : value => $auth_tenant_name;
+    'service_credentials/auth_url'           : value => $auth_url;
+    'service_credentials/region_name'        : value => $auth_region;
+    'service_credentials/username'           : value => $auth_user;
+    'service_credentials/password'           : value => $auth_password, secret => true;
+    'service_credentials/project_name'       : value => $auth_tenant_name;
+    'service_credentials/user_domain_name'   : value => $auth_user_domain_name;
+    'service_credentials/project_domain_name': value => $auth_project_domain_name;
+    'service_credentials/auth_type'          : value => $auth_type;
   }
 
   if $auth_tenant_id {
     ceilometer_config {
-      'service_credentials/os_tenant_id' : value => $auth_tenant_id;
+      'service_credentials/project_id' : value => $auth_tenant_id;
     }
   }
 
   if $auth_endpoint_type {
     ceilometer_config {
-      'service_credentials/os_endpoint_type' : value => $auth_endpoint_type;
+      'service_credentials/interface' : value => $auth_endpoint_type;
     }
   }
-
 }
diff --git a/spec/classes/ceilometer_agent_auth_spec.rb b/spec/classes/ceilometer_agent_auth_spec.rb
index 74203bb..f27ccfc 100644
--- a/spec/classes/ceilometer_agent_auth_spec.rb
+++ b/spec/classes/ceilometer_agent_auth_spec.rb
@@ -18,24 +18,33 @@ describe 'ceilometer::agent::auth' do
   shared_examples_for 'ceilometer-agent-auth' do
 
     it 'configures authentication' do
-      is_expected.to contain_ceilometer_config('service_credentials/os_auth_url').with_value('http://localhost:5000/v2.0')
-      is_expected.to contain_ceilometer_config('service_credentials/os_region_name').with_value('<SERVICE DEFAULT>')
-      is_expected.to contain_ceilometer_config('service_credentials/os_username').with_value('ceilometer')
-      is_expected.to contain_ceilometer_config('service_credentials/os_password').with_value('password')
-      is_expected.to contain_ceilometer_config('service_credentials/os_password').with_value(params[:auth_password]).with_secret(true)
-      is_expected.to contain_ceilometer_config('service_credentials/os_tenant_name').with_value('services')
-      is_expected.to contain_ceilometer_config('service_credentials/os_cacert').with(:ensure => 'absent')
+      is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000/v2.0')
+      is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer')
+      is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password')
+      is_expected.to contain_ceilometer_config('service_credentials/password').with_value(params[:auth_password]).with_secret(true)
+      is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services')
+      is_expected.to contain_ceilometer_config('service_credentials/ca_file').with(:ensure => 'absent')
+      is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('<SERVICE DEFAULT>')
     end
 
     context 'when overriding parameters' do
       before do
         params.merge!(
-          :auth_cacert        => '/tmp/dummy.pem',
-          :auth_endpoint_type => 'internalURL',
+          :auth_cacert               => '/tmp/dummy.pem',
+          :auth_endpoint_type        => 'internalURL',
+          :auth_type                 => 'password',
+          :auth_user_domain_name     => 'MyDomain',
+          :auth_project_domain_name  => 'MyProjDomain',
         )
       end
-      it { is_expected.to contain_ceilometer_config('service_credentials/os_cacert').with_value(params[:auth_cacert]) }
-      it { is_expected.to contain_ceilometer_config('service_credentials/os_endpoint_type').with_value(params[:auth_endpoint_type]) }
+      it { is_expected.to contain_ceilometer_config('service_credentials/ca_file').with_value(params[:auth_cacert]) }
+      it { is_expected.to contain_ceilometer_config('service_credentials/interface').with_value(params[:auth_endpoint_type]) }
+      it { is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value(params[:auth_user_domain_name]) }
+      it { is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value(params[:auth_project_domain_name]) }
+      it { is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value(params[:auth_type]) }
     end
 
   end
-- 
2.45.2