diff --git a/manifests/rgw/keystone.pp b/manifests/rgw/keystone.pp index e91c7e5..8a5d0c6 100644 --- a/manifests/rgw/keystone.pp +++ b/manifests/rgw/keystone.pp @@ -1,160 +1,101 @@ # # Copyright (C) 2014 Catalyst IT Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Ricardo Rocha # # Configures keystone auth/authz for the ceph radosgw. # ### == Name # # The RGW id. An alphanumeric string uniquely identifying the RGW. # ( example: radosgw.gateway ) # ### == Parameters # # [*rgw_keystone_admin_domain*] # (Required) The name of OpenStack domain with admin # privilege when using OpenStack Identity API v3. # # [*rgw_keystone_admin_project*] # (Optional) The name of OpenStack project with admin # privilege when using OpenStack Identity API v3 # # [*rgw_keystone_admin_user*] # (Required) The user name of OpenStack tenant with admin # privilege (Service Tenant). # # [*rgw_keystone_admin_password*] # (Required) The password for OpenStack admin user. # # [*rgw_keystone_url*] # (Optional) The internal or admin url for keystone. # Defaults to 'http://127.0.0.1:5000' # # [*rgw_keystone_accepted_roles*] # (Optional) Roles to accept from keystone. # Comma separated list of roles. # Defaults to 'member' # # [*rgw_keystone_token_cache_size*] # (Optional) How many tokens to keep cached. # Defaults to 500 # # [*rgw_s3_auth_use_keystone*] # (Optional) Whether to enable keystone auth for S3. # Defaults to true # # [*rgw_keystone_implicit_tenants*] # (Optional) Set 'true' for a private tenant for each user. # Defaults to true # -## DEPRECATED PARAMS -# -# [*rgw_keystone_version*] -# (Optional) The api version for keystone. -# Defaults to undef -# -# [*rgw_keystone_admin_token*] -# (Optional) The keystone admin token. -# Defaults to undef -# -# [*use_pki*] -# (Optional) Whether to use PKI related configuration. -# Defaults to undef -# -# [*rgw_keystone_revocation_interval*] -# (Optional) Interval to check for expired tokens. -# Not useful if not using PKI tokens (if not, set to high value). -# Defaults to undef -# -# [*nss_db_path*] -# (Optional) Path to NSS < - > keystone tokens db files. -# Defaults to undef -# -# [*user*] -# (Optional) User running the web frontend. -# Defaults to undef -# define ceph::rgw::keystone ( $rgw_keystone_admin_domain, $rgw_keystone_admin_project, $rgw_keystone_admin_user, $rgw_keystone_admin_password, $rgw_keystone_url = 'http://127.0.0.1:5000', $rgw_keystone_accepted_roles = 'member', $rgw_keystone_token_cache_size = 500, $rgw_s3_auth_use_keystone = true, $rgw_keystone_implicit_tenants = true, - ## DEPRECATED PARAMS - $rgw_keystone_version = undef, - $rgw_keystone_admin_token = undef, - $use_pki = undef, - $rgw_keystone_revocation_interval = undef, - $nss_db_path = undef, - $user = undef, ) { unless $name =~ /^radosgw\..+/ { fail("Define name must be started with 'radosgw.'") } - if $rgw_keystone_version { - warning('ceph::rgw::keystone::rgw_keystone_version is deprecated') - } - if $rgw_keystone_admin_token { - warning('ceph::rgw::keystone::rgw_keystone_admin_token is deprecated') - } - if $use_pki { - warning('ceph::rgw::keystone::use_pki is deprecated') - } - if $rgw_keystone_revocation_interval { - warning('ceph::rgw::keystone::rgw_keystone_revocation_interval is deprecated') - } - if $nss_db_path { - warning('ceph::rgw::keystone::nss_db_path is deprecated') - } - if $user { - warning('ceph::rgw::keystone::user is deprecated') - } - ceph_config { "client.${name}/rgw_keystone_url": value => $rgw_keystone_url; "client.${name}/rgw_keystone_accepted_roles": value => join(any2array($rgw_keystone_accepted_roles), ','); "client.${name}/rgw_keystone_token_cache_size": value => $rgw_keystone_token_cache_size; "client.${name}/rgw_s3_auth_use_keystone": value => $rgw_s3_auth_use_keystone; "client.${name}/rgw_keystone_implicit_tenants": value => $rgw_keystone_implicit_tenants; } # FIXME(ykarel) Cleanup once https://tracker.ceph.com/issues/24228 is fixed for luminous if ($::os['name'] == 'Fedora') or ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { ceph_config { "client.${name}/rgw_ldap_secret": value => ''; } } ceph_config { "client.${name}/rgw_keystone_api_version": value => 3; "client.${name}/rgw_keystone_admin_domain": value => $rgw_keystone_admin_domain; "client.${name}/rgw_keystone_admin_project": value => $rgw_keystone_admin_project; "client.${name}/rgw_keystone_admin_user": value => $rgw_keystone_admin_user; "client.${name}/rgw_keystone_admin_password": value => $rgw_keystone_admin_password; - "client.${name}/rgw_keystone_admin_token": ensure => absent; - } - - ceph_config { - "client.${name}/nss_db_path": ensure => absent; - "client.${name}/rgw_keystone_revocation_interval": ensure => absent; } } diff --git a/releasenotes/notes/remove-deprecated-85264ba9b0f06420.yaml b/releasenotes/notes/remove-deprecated-85264ba9b0f06420.yaml new file mode 100644 index 0000000..162841c --- /dev/null +++ b/releasenotes/notes/remove-deprecated-85264ba9b0f06420.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The deprecated parameters rgw_keystone_version, rgw_keystone_admin_token, + use_pki, rgw_keystone_revocation_interval, nss_db_path and user in + ceph::rgw::keystone is removed. diff --git a/spec/defines/ceph_rgw_keystone_spec.rb b/spec/defines/ceph_rgw_keystone_spec.rb index 3252b9a..b411c1e 100644 --- a/spec/defines/ceph_rgw_keystone_spec.rb +++ b/spec/defines/ceph_rgw_keystone_spec.rb @@ -1,113 +1,107 @@ # # Copyright (C) 2014 Catalyst IT Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Ricardo Rocha # require 'spec_helper' describe 'ceph::rgw::keystone' do shared_examples 'ceph::rgw::keystone' do context 'create with default params' do let :pre_condition do "include ceph::params class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' } class { 'ceph::repo': } include ceph ceph::rgw { 'radosgw.gateway': }" end let :title do 'radosgw.gateway' end let :params do { :rgw_keystone_admin_domain => 'default', :rgw_keystone_admin_project => 'openstack', :rgw_keystone_admin_user => 'rgwuser', :rgw_keystone_admin_password => '123456', } end it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_api_version').with_value(3) } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_domain').with_value('default') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_project').with_value('openstack') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_user').with_value('rgwuser') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456') } - it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_token').with_ensure('absent') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://127.0.0.1:5000') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_accepted_roles').with_value('member') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_token_cache_size').with_value(500) } it { should contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_implicit_tenants').with_value(true) } - it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_revocation_interval').with_ensure('absent') } - it { should contain_ceph_config('client.radosgw.gateway/nss_db_path').with_ensure('absent') } end context 'create with custom params' do let :pre_condition do "include ceph::params class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' } class { 'ceph::repo': } ceph::rgw { 'radosgw.custom': }" end let :title do 'radosgw.custom' end let :params do { :rgw_keystone_admin_domain => 'default', :rgw_keystone_admin_project => 'openstack', :rgw_keystone_admin_user => 'rgwuser', :rgw_keystone_admin_password => '123456', :rgw_keystone_url => 'http://keystone.custom:5000', :rgw_keystone_accepted_roles => '_role1_,role2', :rgw_keystone_token_cache_size => 100, :rgw_s3_auth_use_keystone => false, :rgw_keystone_implicit_tenants => false, } end it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_api_version').with_value(3) } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_domain').with_value('default') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_project').with_value('openstack') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_user').with_value('rgwuser') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_password').with_value('123456') } - it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_token').with_ensure('absent') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_url').with_value('http://keystone.custom:5000') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_roles').with_value('_role1_,role2') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_token_cache_size').with_value(100) } it { should contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_implicit_tenants').with_value(false) } - it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_revocation_interval').with_ensure('absent') } - it { should contain_ceph_config('client.radosgw.custom/nss_db_path').with_ensure('absent') } end end on_supported_os({ :supported_os => OSDefaults.get_supported_os }).each do |os,facts| context "on #{os}" do let (:facts) do facts.merge!(OSDefaults.get_facts()) end it_behaves_like 'ceph::rgw::keystone' end end end