From 2e6f49c1feeceed31e03c4e86fb4f005b9c49d7b Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 22 Sep 2024 14:03:56 +0900 Subject: [PATCH] Require nova password Users should set valid auth options in nova section so that cinder can interact with nova in some operations such as attachment deletion. Make the password parameter required to make users aware of their incomplete settings. Also deprecate the auth_section parameter because now we expect that all auth options are set in the nova section. Change-Id: I0252b341d00e5b2b07ead19a01f98aee68cd7305 --- manifests/nova.pp | 34 +++++++++++-------- ...equire-nova-password-06929462c62cc63a.yaml | 13 +++++++ spec/classes/cinder_nova_spec.rb | 27 ++++++++------- 3 files changed, 48 insertions(+), 26 deletions(-) create mode 100644 releasenotes/notes/require-nova-password-06929462c62cc63a.yaml diff --git a/manifests/nova.pp b/manifests/nova.pp index a829b8f2..b792c834 100644 --- a/manifests/nova.pp +++ b/manifests/nova.pp @@ -4,6 +4,9 @@ # # === Parameters # +# [*password*] +# (Required) Nova admin password. +# # [*region_name*] # (Optional) Name of nova region to use. # Defaults to $facts['os_service_default'] @@ -48,12 +51,7 @@ # # [*auth_type*] # (Optional) Authentication type to load. -# Defaults to $facts['os_service_default'] -# -# [*auth_section*] -# (Optional) Config Section from which to load plugin -# specific options. -# Defaults to $facts['os_service_default'] +# Defaults to 'password' # # [*auth_url*] # (Optional) Identity service url. @@ -67,10 +65,6 @@ # (Optional) Nova admin user domain name. # Defaults to 'Default' # -# [*password*] -# (Optional) Nova admin password. -# Defaults to $facts['os_service_default'] -# # [*project_name*] # (Optional) Nova admin project name. # Defaults to 'services' @@ -83,7 +77,15 @@ # (Optional) Scope for system operations # Defaults to $facts['os_service_default'] # +# DEPRECATED PARAMETERS +# +# [*auth_section*] +# (Optional) Config Section from which to load plugin +# specific options. +# Defaults to undef +# class cinder::nova ( + $password, $region_name = $facts['os_service_default'], $interface = $facts['os_service_default'], $token_auth_url = $facts['os_service_default'], @@ -94,19 +96,23 @@ class cinder::nova ( $timeout = $facts['os_service_default'], $collect_timing = $facts['os_service_default'], $split_loggers = $facts['os_service_default'], - $auth_type = $facts['os_service_default'], - $auth_section = $facts['os_service_default'], + $auth_type = 'password', $auth_url = $facts['os_service_default'], $username = 'nova', $user_domain_name = 'Default', - $password = $facts['os_service_default'], $project_name = 'services', $project_domain_name = 'Default', $system_scope = $facts['os_service_default'], + # DEPRECATED PARAMETERS + $auth_section = undef, ) { include cinder::deps + if $auth_section { + warning('The auth_section parameter has been deprecated.') + } + if is_service_default($system_scope) { $project_name_real = $project_name $project_domain_name_real = $project_domain_name @@ -127,7 +133,7 @@ class cinder::nova ( 'nova/collect_timing': value => $collect_timing; 'nova/split_loggers': value => $split_loggers; 'nova/auth_type': value => $auth_type; - 'nova/auth_section': value => $auth_section; + 'nova/auth_section': value => pick($auth_section, $facts['os_service_default']); 'nova/auth_url': value => $auth_url; 'nova/username': value => $username; 'nova/user_domain_name': value => $user_domain_name; diff --git a/releasenotes/notes/require-nova-password-06929462c62cc63a.yaml b/releasenotes/notes/require-nova-password-06929462c62cc63a.yaml new file mode 100644 index 00000000..2fdb6c4a --- /dev/null +++ b/releasenotes/notes/require-nova-password-06929462c62cc63a.yaml @@ -0,0 +1,13 @@ +--- +upgrade: + - | + Default value of the ``cinder::nova::auth_type`` parameter has been updated + and now the auth_type option is set to ``password`` by default. + + - | + The ``cinder::nova::password`` parameter is now required. + +deprecations: + - | + The ``cinder::nova::auth_section`` parameter has been deprecated and will + be removed. diff --git a/spec/classes/cinder_nova_spec.rb b/spec/classes/cinder_nova_spec.rb index fdce7823..64ea1b70 100644 --- a/spec/classes/cinder_nova_spec.rb +++ b/spec/classes/cinder_nova_spec.rb @@ -2,6 +2,10 @@ require 'spec_helper' describe 'cinder::nova' do shared_examples 'cinder::nova' do + let :params do + { :password => 'novapass' } + end + context 'with default parameters' do it { is_expected.to contain_cinder_config('nova/region_name').with_value('') @@ -14,12 +18,12 @@ describe 'cinder::nova' do is_expected.to contain_cinder_config('nova/timeout').with_value('') is_expected.to contain_cinder_config('nova/collect_timing').with_value('') is_expected.to contain_cinder_config('nova/split_loggers').with_value('') - is_expected.to contain_cinder_config('nova/auth_type').with_value('') + is_expected.to contain_cinder_config('nova/auth_type').with_value('password') is_expected.to contain_cinder_config('nova/auth_section').with_value('') is_expected.to contain_cinder_config('nova/auth_url').with_value('') is_expected.to contain_cinder_config('nova/username').with_value('nova') is_expected.to contain_cinder_config('nova/user_domain_name').with_value('Default') - is_expected.to contain_cinder_config('nova/password').with_value('').with_secret(true) + is_expected.to contain_cinder_config('nova/password').with_value('novapass').with_secret(true) is_expected.to contain_cinder_config('nova/project_name').with_value('services') is_expected.to contain_cinder_config('nova/project_domain_name').with_value('Default') is_expected.to contain_cinder_config('nova/system_scope').with_value('') @@ -27,8 +31,8 @@ describe 'cinder::nova' do end context 'with specified parameters' do - let :params do - { + before :each do + params.merge!({ :region_name => 'RegionOne', :interface => 'internal', :token_auth_url => 'http://127.0.0.1:5000/v3', @@ -39,11 +43,10 @@ describe 'cinder::nova' do :timeout => 30, :collect_timing => true, :split_loggers => true, - :auth_type => 'password', + :auth_type => 'v3password', :auth_section => 'my_section', :auth_url => 'http://127.0.0.2:5000', - :password => 'foo', - } + }) end it { @@ -57,12 +60,12 @@ describe 'cinder::nova' do is_expected.to contain_cinder_config('nova/timeout').with_value(30) is_expected.to contain_cinder_config('nova/collect_timing').with_value(true) is_expected.to contain_cinder_config('nova/split_loggers').with_value(true) - is_expected.to contain_cinder_config('nova/auth_type').with_value('password') + is_expected.to contain_cinder_config('nova/auth_type').with_value('v3password') is_expected.to contain_cinder_config('nova/auth_section').with_value('my_section') is_expected.to contain_cinder_config('nova/auth_url').with_value('http://127.0.0.2:5000') is_expected.to contain_cinder_config('nova/username').with_value('nova') is_expected.to contain_cinder_config('nova/user_domain_name').with_value('Default') - is_expected.to contain_cinder_config('nova/password').with_value('foo').with_secret(true) + is_expected.to contain_cinder_config('nova/password').with_value('novapass').with_secret(true) is_expected.to contain_cinder_config('nova/project_name').with_value('services') is_expected.to contain_cinder_config('nova/project_domain_name').with_value('Default') is_expected.to contain_cinder_config('nova/system_scope').with_value('') @@ -70,10 +73,10 @@ describe 'cinder::nova' do end context 'with system_scope set' do - let :params do - { + before :each do + params.merge!({ :system_scope => 'all' - } + }) end it {