Improve cinder::nova support for auth_type password

Add ability to configure the [nova] settings required when the auth_type is password. This allows cinder to access the nova API as a privileged user. Change-Id: Ia357ea41f8472d47e266d853f120a14b767e880d
2018-11-14 16:34:46 -05:00 · 2018-11-14 16:34:46 -05:00 · 05d6b0851f
commit 05d6b0851f
parent 2062ead44e
2 changed files with 70 additions and 13 deletions
--- a/manifests/nova.pp
+++ b/manifests/nova.pp
@ -55,19 +55,49 @@
 #   specific options.
 #   Defaults to $::os_service_default
 #
+# [*auth_url*]
+#   (Optional) Identity service url.
+#   Defaults to $::os_service_default
+#
+# [*username*]
+#   (Optional) Nova admin username.
+#   Defaults to 'nova'
+#
+# [*user_domain_name*]
+#   (Optional) Nova admin user domain name.
+#   Defaults to 'Default'
+#
+# [*password*]
+#   (Optional) Nova admin password.
+#   Defaults to undef
+#
+# [*project_name*]
+#   (Optional) Nova admin project name.
+#   Defaults to 'service'
+#
+# [*project_domain_name*]
+#   (Optional) Nova admin project domain name.
+#   Defaults to 'Default'
+#
 class cinder::nova (
-  $region_name    = $::os_service_default,
-  $interface      = $::os_service_default,
-  $token_auth_url = $::os_service_default,
-  $cafile         = $::os_service_default,
-  $certfile       = $::os_service_default,
-  $keyfile        = $::os_service_default,
-  $insecure       = $::os_service_default,
-  $timeout        = $::os_service_default,
-  $collect_timing = $::os_service_default,
-  $split_loggers  = $::os_service_default,
-  $auth_type      = $::os_service_default,
-  $auth_section   = $::os_service_default,
+  $region_name         = $::os_service_default,
+  $interface           = $::os_service_default,
+  $token_auth_url      = $::os_service_default,
+  $cafile              = $::os_service_default,
+  $certfile            = $::os_service_default,
+  $keyfile             = $::os_service_default,
+  $insecure            = $::os_service_default,
+  $timeout             = $::os_service_default,
+  $collect_timing      = $::os_service_default,
+  $split_loggers       = $::os_service_default,
+  $auth_type           = $::os_service_default,
+  $auth_section        = $::os_service_default,
+  $auth_url            = $::os_service_default,
+  $username            = 'nova',
+  $user_domain_name    = 'Default',
+  $password            = undef,
+  $project_name        = 'service',
+  $project_domain_name = 'Default',
 ) {

  include ::cinder::deps
@ -86,4 +116,15 @@ class cinder::nova (
    'nova/auth_type':      value => $auth_type;
    'nova/auth_section':   value => $auth_section;
  }
+
+  if $auth_type == 'password' {
+    cinder_config {
+      'nova/auth_url':            value => $auth_url;
+      'nova/username':            value => $username;
+      'nova/user_domain_name':    value => $user_domain_name;
+      'nova/password':            value => $password, secret => true;
+      'nova/project_name':        value => $project_name;
+      'nova/project_domain_name': value => $project_domain_name;
+    }
+  }
 }
--- a/spec/classes/cinder_nova_spec.rb
+++ b/spec/classes/cinder_nova_spec.rb
@ -16,6 +16,14 @@ describe 'cinder::nova' do
        should contain_cinder_config('nova/split_loggers').with_value('<SERVICE DEFAULT>')
        should contain_cinder_config('nova/auth_type').with_value('<SERVICE DEFAULT>')
        should contain_cinder_config('nova/auth_section').with_value('<SERVICE DEFAULT>')
+
+        # These should be added only when auth_type is 'password'
+        should_not contain_cinder_config('nova/auth_url')
+        should_not contain_cinder_config('nova/username')
+        should_not contain_cinder_config('nova/user_domain_name')
+        should_not contain_cinder_config('nova/password')
+        should_not contain_cinder_config('nova/project_name')
+        should_not contain_cinder_config('nova/project_domain_name')
      }
    end

@ -33,7 +41,9 @@ describe 'cinder::nova' do
          :collect_timing => true,
          :split_loggers  => true,
          :auth_type      => 'password',
-          :auth_section   => 'my_section'
+          :auth_section   => 'my_section',
+          :auth_url       => 'http://127.0.0.2:5000',
+          :password       => 'foo',
        }
      end

@ -50,6 +60,12 @@ describe 'cinder::nova' do
        should contain_cinder_config('nova/split_loggers').with_value(true)
        should contain_cinder_config('nova/auth_type').with_value('password')
        should contain_cinder_config('nova/auth_section').with_value('my_section')
+        should contain_cinder_config('nova/auth_url').with_value('http://127.0.0.2:5000')
+        should contain_cinder_config('nova/username').with_value('nova')
+        should contain_cinder_config('nova/user_domain_name').with_value('Default')
+        should contain_cinder_config('nova/password').with_value('foo')
+        should contain_cinder_config('nova/project_name').with_value('service')
+        should contain_cinder_config('nova/project_domain_name').with_value('Default')
      }
    end
  end