From e05af2b3f1dbb5ba74e5428ef3e74e4bfc096531 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Wed, 27 Jan 2021 22:18:21 +0900
Subject: [PATCH] Use consistent names for service_credentials options

This change renames aodh::auth and its parameters to be consistent
with the section name and the parameter names in aodh service. This
allows operators more easily guess how the class and its parameters
correspond to the options in aodh.

Change-Id: I7ddc4af25f89317da6a794beba312841d2f1bc25
---
 examples/aodh.pp                              |  4 +-
 manifests/auth.pp                             | 52 +++++------
 manifests/service_credentials.pp              | 90 +++++++++++++++++++
 .../service_credentials-2b3dd8ca51083a1d.yaml |  5 ++
 spec/classes/aodh_service_credentials_spec.rb | 55 ++++++++++++
 5 files changed, 173 insertions(+), 33 deletions(-)
 create mode 100644 manifests/service_credentials.pp
 create mode 100644 releasenotes/notes/service_credentials-2b3dd8ca51083a1d.yaml
 create mode 100644 spec/classes/aodh_service_credentials_spec.rb

diff --git a/examples/aodh.pp b/examples/aodh.pp
index e3fae34f..a1c16094 100644
--- a/examples/aodh.pp
+++ b/examples/aodh.pp
@@ -10,8 +10,8 @@ include apache
 class { 'aodh::wsgi::apache':
   ssl => false,
 }
-class { 'aodh::auth':
-  auth_password => 'a_big_secret',
+class { 'aodh::service_credentials':
+  password => 'a_big_secret',
 }
 class { 'aodh::evaluator': }
 class { 'aodh::notifier': }
diff --git a/manifests/auth.pp b/manifests/auth.pp
index 14fcdc4b..13f1cfca 100644
--- a/manifests/auth.pp
+++ b/manifests/auth.pp
@@ -1,17 +1,18 @@
+# DEPRECATED ! Use the aodh::service_credentails class instead
 # The aodh::auth class helps configure auth settings
 #
 # == Parameters
 #  [*auth_url*]
 #    the keystone public endpoint
-#    Optional. Defaults to 'http://localhost:5000/v3'
+#    Optional. Defaults to undef.
 #
 #  [*auth_region*]
 #    the keystone region of this node
-#    Optional. Defaults to 'RegionOne'
+#    Optional. Defaults to undef.
 #
 #  [*auth_user*]
 #    the keystone user for aodh services
-#    Optional. Defaults to 'aodh'
+#    Optional. Defaults to undef.
 #
 #  [*auth_password*]
 #    the keystone password for aodh services
@@ -19,55 +20,44 @@
 #
 #  [*auth_project_name*]
 #    the keystone tenant name for aodh services
-#    Optional. Defaults to 'services'
+#    Optional. Defaults to undef.
 #
 #  [*project_domain_name*]
 #    the keystone project domain name for aodh services
-#    Optional. Defaults to 'Default'
+#    Optional. Defaults to undef.
 #
 #  [*user_domain_name*]
 #    the keystone user domain name for aodh services
-#    Optional. Defaults to 'Default'
+#    Optional. Defaults to undef.
 #
 #  [*auth_type*]
 #    An authentication type to use with an OpenStack Identity server.
 #    The value should contain auth plugin name.
-#    Optional. Defaults to 'password'.
+#    Optional. Defaults to undef.
 #
 #  [*auth_cacert*]
 #    Certificate chain for SSL validation.
-#    Optional. Defaults to $::os_service_default
+#    Optional. Defaults to undef.
 #
 #  [*interface*]
 #    Type of endpoint in Identity service catalog to use for
 #    communication with OpenStack services.
-#    Optional. Defaults to $::os_service_default.
+#    Optional. Defaults to undef.
 #
 class aodh::auth (
   $auth_password,
-  $auth_url            = 'http://localhost:5000/v3',
-  $auth_region         = 'RegionOne',
-  $auth_user           = 'aodh',
-  $auth_project_name   = 'services',
-  $project_domain_name = 'Default',
-  $user_domain_name    = 'Default',
-  $auth_type           = 'password',
-  $auth_cacert         = $::os_service_default,
-  $interface           = $::os_service_default,
+  $auth_url            = undef,
+  $auth_region         = undef,
+  $auth_user           = undef,
+  $auth_project_name   = undef,
+  $project_domain_name = undef,
+  $user_domain_name    = undef,
+  $auth_type           = undef,
+  $auth_cacert         = undef,
+  $interface           = undef,
 ) {
 
-  include aodh::deps
+  warning('The aodh::auth class has been deprecated. Use the aodh::service_credentials class')
 
-  aodh_config {
-    'service_credentials/auth_url'            : value => $auth_url;
-    'service_credentials/region_name'         : value => $auth_region;
-    'service_credentials/username'            : value => $auth_user;
-    'service_credentials/password'            : value => $auth_password, secret => true;
-    'service_credentials/project_name'        : value => $auth_project_name;
-    'service_credentials/project_domain_name' : value => $project_domain_name;
-    'service_credentials/user_domain_name'    : value => $user_domain_name;
-    'service_credentials/cacert'              : value => $auth_cacert;
-    'service_credentials/interface'           : value => $interface;
-    'service_credentials/auth_type'           : value => $auth_type;
-  }
+  include aodh::service_credentials
 }
diff --git a/manifests/service_credentials.pp b/manifests/service_credentials.pp
new file mode 100644
index 00000000..292ee234
--- /dev/null
+++ b/manifests/service_credentials.pp
@@ -0,0 +1,90 @@
+# The aodh::service_credentials class helps configure service_credentials
+# settings
+#
+# == Parameters
+#  [*auth_url*]
+#    the keystone public endpoint
+#    Optional. Defaults to 'http://localhost:5000/v3'
+#
+#  [*region_name*]
+#    the keystone region of this node
+#    Optional. Defaults to 'RegionOne'
+#
+#  [*username*]
+#    the keystone user for aodh services
+#    Optional. Defaults to 'aodh'
+#
+#  [*password*]
+#    the keystone password for aodh services
+#    Required.
+#
+#  [*project_name*]
+#    the keystone tenant name for aodh services
+#    Optional. Defaults to 'services'
+#
+#  [*project_domain_name*]
+#    the keystone project domain name for aodh services
+#    Optional. Defaults to 'Default'
+#
+#  [*user_domain_name*]
+#    the keystone user domain name for aodh services
+#    Optional. Defaults to 'Default'
+#
+#  [*auth_type*]
+#    An authentication type to use with an OpenStack Identity server.
+#    The value should contain auth plugin name.
+#    Optional. Defaults to 'password'.
+#
+#  [*cacert*]
+#    Certificate chain for SSL validation.
+#    Optional. Defaults to $::os_service_default
+#
+#  [*interface*]
+#    Type of endpoint in Identity service catalog to use for
+#    communication with OpenStack services.
+#    Optional. Defaults to $::os_service_default.
+#
+class aodh::service_credentials (
+  # TODO(tkajinam): Make this required when we remove aodh::auth
+  $password            = undef,
+  $auth_url            = 'http://localhost:5000/v3',
+  $region_name         = 'RegionOne',
+  $username            = 'aodh',
+  $project_name        = 'services',
+  $project_domain_name = 'Default',
+  $user_domain_name    = 'Default',
+  $auth_type           = 'password',
+  $cacert              = $::os_service_default,
+  $interface           = $::os_service_default,
+) {
+
+  include aodh::deps
+
+  $password_real = pick($::aodh::auth::auth_password, $password)
+  if ! $password_real {
+    fail('The password parameter is required')
+  }
+
+  $auth_url_real = pick($::aodh::auth::auth_url, $auth_url)
+  $region_name_real = pick($::aodh::auth_region, $region_name)
+  $username_real = pick($::aodh::auth_user, $username)
+  $project_name_real = pick($::aodh::auth::auth_project_name, $project_name)
+  $project_domain_name_real = pick($::aodh::auth::project_domain_name, $project_domain_name)
+  $user_domain_name_real = pick($::aodh::auth::user_domain_name, $user_domain_name)
+  $auth_type_real = pick($::aodh::auth::auth_type, $auth_type)
+  $cacert_real = pick($::aodh::auth::auth_cacert, $cacert)
+  $interface_real = pick($::aodh::auth::interface, $interface)
+
+  aodh_config {
+    'service_credentials/auth_url'            : value => $auth_url_real;
+    'service_credentials/region_name'         : value => $region_name_real;
+    'service_credentials/username'            : value => $username_real;
+    'service_credentials/password'            : value => $password_real, secret => true;
+    'service_credentials/project_name'        : value => $project_name_real;
+    'service_credentials/project_domain_name' : value => $project_domain_name_real;
+    'service_credentials/user_domain_name'    : value => $user_domain_name_real;
+    'service_credentials/cacert'              : value => $cacert_real;
+    'service_credentials/interface'           : value => $interface_real;
+    'service_credentials/auth_type'           : value => $auth_type_real;
+  }
+}
diff --git a/releasenotes/notes/service_credentials-2b3dd8ca51083a1d.yaml b/releasenotes/notes/service_credentials-2b3dd8ca51083a1d.yaml
new file mode 100644
index 00000000..e845c9e7
--- /dev/null
+++ b/releasenotes/notes/service_credentials-2b3dd8ca51083a1d.yaml
@@ -0,0 +1,5 @@
+---
+deprecations:
+  - |
+    The ``aodh::auth`` class has been deprecated. Use the new
+    ``aodh::service_credentials`` class instead.
diff --git a/spec/classes/aodh_service_credentials_spec.rb b/spec/classes/aodh_service_credentials_spec.rb
new file mode 100644
index 00000000..95f2f76a
--- /dev/null
+++ b/spec/classes/aodh_service_credentials_spec.rb
@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe 'aodh::service_credentials' do
+
+  let :params do
+    { :auth_url     => 'http://localhost:5000/v3',
+      :region_name  => 'RegionOne',
+      :username     => 'aodh',
+      :password     => 'password',
+      :project_name => 'services',
+    }
+  end
+
+  shared_examples_for 'aodh::service_credentials' do
+
+    it 'configures authentication' do
+      is_expected.to contain_aodh_config('service_credentials/auth_url').with_value('http://localhost:5000/v3')
+      is_expected.to contain_aodh_config('service_credentials/region_name').with_value('RegionOne')
+      is_expected.to contain_aodh_config('service_credentials/project_domain_name').with_value('Default')
+      is_expected.to_not contain_aodh_config('service_credentials/project_domain_id')
+      is_expected.to contain_aodh_config('service_credentials/user_domain_name').with_value('Default')
+      is_expected.to_not contain_aodh_config('service_credentials/user_domain_id')
+      is_expected.to contain_aodh_config('service_credentials/auth_type').with_value('password')
+      is_expected.to contain_aodh_config('service_credentials/username').with_value('aodh')
+      is_expected.to contain_aodh_config('service_credentials/password').with_value('password').with_secret(true)
+      is_expected.to contain_aodh_config('service_credentials/project_name').with_value('services')
+      is_expected.to contain_aodh_config('service_credentials/cacert').with(:value => '<SERVICE DEFAULT>')
+    end
+
+    context 'when overriding parameters' do
+      before do
+        params.merge!(
+          :cacert    => '/tmp/dummy.pem',
+          :interface => 'internalURL',
+        )
+      end
+      it { is_expected.to contain_aodh_config('service_credentials/cacert').with_value(params[:cacert]) }
+      it { is_expected.to contain_aodh_config('service_credentials/interface').with_value(params[:interface]) }
+    end
+
+  end
+
+  on_supported_os({
+    :supported_os   => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_configures 'aodh::service_credentials'
+    end
+  end
+
+end