openstack
/
puppet-barbican
Code Issues Proposed changes

Add quota and secret limit parameters to barbican-api manifest 

Change-Id: I512e8c5a5ffa4442a68b41e7b0783ee7b90279c1
This commit is contained in:
Ade Lee 2016-03-22 16:10:32 -04:00
parent ee996875dc
commit 00abb7c54d
5 changed files with 215 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
manifests/api.pp
View File

@ -27,16 +27,24 @@
# Defaults to http://`hostname`:<bind_port>
# TODO: needs to be set
#
# [*max_allowed_secret_in_bytes*]
# (optional) Maximum allowed secret size to be stored.
# Defaults to $::os_service_default
#
# [*max_allowed_request_size_in_bytes*]
# (optional) Maximum request size against the barbican API.
# Defaults to $::os_service_default
#
# [*rpc_backend*]
# (optional) The rpc backend implementation to use, can be:
# rabbit (for rabbitmq)
# qpid (for qpid)
# zmq (for zeromq)
# Defaults to 'rabbit'
# Defaults to $::os_service_default
#
# [*rabbit_host*]
# (optional) Location of rabbitmq installation.
# Defaults to 'localhost'
# Defaults to $::os_service_default
#
# [*rabbit_hosts*]
# (optional) List of clustered rabbit servers.
@ -87,31 +95,31 @@
#
# [*enable_queue*]
# (optional) Enable asynchronous queuing
# Defaults to False
# Defaults to $::os_service_default
#
# [*queue_namespace*]
# (optional) Namespace for the queue
# Defaults to barbican
# Defaults to $::os_service_default
#
# [*queue_topic*]
# (optional) Topic for the queue
# Defaults to barbican.workers
# Defaults to $::os_service_default
#
# [*queue_version*]
# (optional) Version for the task API
# Defaults to 1.1
# Defaults to $::os_service_default
#
# [*queue_server_name*]
# (optional) Server name for RPC service
# Defaults to 'barbican.queue'
# Defaults to $::os_service_default
#
# [*retry_scheduler_initial_delay_seconds*]
# (optional) Seconds (float) to wait before starting retry scheduler
# Defaults to 10.0
# Defaults to $::os_service_default
#
# [*retry_scheduler_periodic_interval_max_seconds*]
# (optional) Seconds (float) to wait between starting retry scheduler
# Defaults to 10.0
# Defaults to $::os_service_default
#
# [*kombu_ssl_ca_certs*]
# (optional) SSL certification authority file (valid only if SSL enabled).
@ -151,40 +159,40 @@
# Defaults to true.
#
class barbican::api (
$ensure_package = 'present',
$client_package_ensure = 'present',
$bind_host = '0.0.0.0',
$bind_port = '9311',
$host_href = undef,
$rpc_backend = $::os_service_default,
$rabbit_host = $::os_service_default,
$rabbit_hosts = $::os_service_default,
$rabbit_password = $::os_service_default,
$rabbit_port = $::os_service_default,
$rabbit_userid = $::os_service_default,
$rabbit_virtual_host = $::os_service_default,
$rabbit_use_ssl = $::os_service_default,
$rabbit_heartbeat_timeout_threshold = $::os_service_default,
$rabbit_heartbeat_rate = $::os_service_default,
$rabbit_ha_queues = $::os_service_default,
$amqp_durable_queues = $::os_service_default,
$enable_queue = $::os_service_default,
$queue_namespace = $::os_service_default,
$queue_topic = $::os_service_default,
$queue_version = $::os_service_default,
$queue_server_name = $::os_service_default,
$retry_scheduler_initial_delay_seconds
= $::os_service_default,
$retry_scheduler_periodic_interval_max_seconds
= $::os_service_default,
$kombu_ssl_ca_certs = $::os_service_default,
$kombu_ssl_certfile = $::os_service_default,
$kombu_ssl_keyfile = $::os_service_default,
$kombu_ssl_version = $::os_service_default,
$kombu_reconnect_delay = $::os_service_default,
$kombu_compression = $::os_service_default,
$manage_service = true,
$enabled = true,
$ensure_package = 'present',
$client_package_ensure = 'present',
$bind_host = '0.0.0.0',
$bind_port = '9311',
$host_href = undef,
$max_allowed_secret_in_bytes = $::os_service_default,
$max_allowed_request_size_in_bytes = $::os_service_default,
$rpc_backend = $::os_service_default,
$rabbit_host = $::os_service_default,
$rabbit_hosts = $::os_service_default,
$rabbit_password = $::os_service_default,
$rabbit_port = $::os_service_default,
$rabbit_userid = $::os_service_default,
$rabbit_virtual_host = $::os_service_default,
$rabbit_use_ssl = $::os_service_default,
$rabbit_heartbeat_timeout_threshold = $::os_service_default,
$rabbit_heartbeat_rate = $::os_service_default,
$rabbit_ha_queues = $::os_service_default,
$amqp_durable_queues = $::os_service_default,
$enable_queue = $::os_service_default,
$queue_namespace = $::os_service_default,
$queue_topic = $::os_service_default,
$queue_version = $::os_service_default,
$queue_server_name = $::os_service_default,
$retry_scheduler_initial_delay_seconds = $::os_service_default,
$retry_scheduler_periodic_interval_max_seconds = $::os_service_default,
$kombu_ssl_ca_certs = $::os_service_default,
$kombu_ssl_certfile = $::os_service_default,
$kombu_ssl_keyfile = $::os_service_default,
$kombu_ssl_version = $::os_service_default,
$kombu_reconnect_delay = $::os_service_default,
$kombu_compression = $::os_service_default,
$manage_service = true,
$enabled = true,
) inherits barbican::params {
include ::barbican::db
@ -282,10 +290,12 @@ class barbican::api (
'queue/server_name': value => $queue_server_name;
}
# retry scheduler options
# retry scheduler and max allowed secret options
barbican_config {
'retry_scheduler/initial_delay_seconds': value => $retry_scheduler_initial_delay_seconds;
'retry_scheduler/periodic_interval_max_seconds': value => $retry_scheduler_periodic_interval_max_seconds;
'DEFAULT/max_allowed_secret_in_bytes': value => $max_allowed_secret_in_bytes;
'DEFAULT/max_allowed_request_size_in_bytes': value => $max_allowed_request_size_in_bytes;
}
if $manage_service {

42
manifests/quota.pp Normal file
View File

@ -0,0 +1,42 @@
# == Class: barbican::quota
#
# Sets up Barbican API server quotas
#
# === Parameters
#
# [*quota_secrets*]
# (optional) default number of secrets allowed per project
# Defaults to $::os_service_default
#
# [*quota_orders*]
# (optional) default number of orders allowed per project
# Defaults to $::os_service_default
#
# [*quota_containers*]
# (optional) default number of containers allowed per project
# Defaults to $::os_service_default
#
# [*quota_consumers*]
# (optional) default number of consumers allowed per project
# Defaults to $::os_service_default
#
# [*quota_cas*]
# (optional) default number of CAs allowed per project
# Defaults to $::os_service_default
#
class barbican::quota (
$quota_secrets = $::os_service_default,
$quota_orders = $::os_service_default,
$quota_containers = $::os_service_default,
$quota_consumers = $::os_service_default,
$quota_cas = $::os_service_default,
) {
barbican_config {
'quotas/quota_secrets': value => $quota_secrets;
'quotas/quota_orders': value => $quota_orders;
'quotas/quota_containers': value => $quota_containers;
'quotas/quota_consumers': value => $quota_consumers;
'quotas/quota_cas': value => $quota_cas;
}
}

3
spec/acceptance/basic_barbican_spec.rb
View File

@ -18,6 +18,9 @@ describe 'barbican::api class' do
verbose => true,
}
class { '::barbican::quota':
}
class { '::barbican::api':
}
}

111
spec/classes/barbican_api_spec.rb
View File

@ -13,32 +13,34 @@ describe 'barbican::api' do
let :default_params do
{
:bind_host => '0.0.0.0',
:bind_port => '9311',
:rpc_backend => 'rabbit',
:rabbit_host => '<SERVICE_DEFAULT>',
:rabbit_hosts => ['<SERVICE DEFAULT>'],
:rabbit_password => '<SERVICE DEFAULT>',
:rabbit_port => '<SERVICE DEFAULT>',
:rabbit_userid => '<SERVICE DEFAULT>',
:rabbit_virtual_host => '<SERVICE DEFAULT>',
:rabbit_use_ssl => '<SERVICE DEFAULT>',
:rabbit_heartbeat_timeout_threshold => '<SERVICE DEFAULT>',
:rabbit_heartbeat_rate => '<SERVICE DEFAULT>',
:rabbit_ha_queues => '<SERVICE DEFAULT>',
:amqp_durable_queues => '<SERVICE DEFAULT>',
:enable_queue => '<SERVICE DEFAULT>',
:queue_namespace => '<SERVICE DEFAULT>',
:queue_topic => '<SERVICE DEFAULT>',
:queue_version => '<SERVICE DEFAULT>',
:queue_server_name => '<SERVICE DEFAULT>',
:manage_service => true,
:enabled => true,
:kombu_ssl_ca_certs => '<SERVICE DEFAULT>',
:kombu_ssl_certfile => '<SERVICE DEFAULT>',
:kombu_ssl_keyfile => '<SERVICE DEFAULT>',
:kombu_ssl_version => '<SERVICE DEFAULT>',
:kombu_reconnect_delay => '<SERVICE DEFAULT>',
:bind_host => '0.0.0.0',
:bind_port => '9311',
:rpc_backend => 'rabbit',
:rabbit_host => '<SERVICE_DEFAULT>',
:rabbit_hosts => ['<SERVICE DEFAULT>'],
:rabbit_password => '<SERVICE DEFAULT>',
:rabbit_port => '<SERVICE DEFAULT>',
:rabbit_userid => '<SERVICE DEFAULT>',
:rabbit_virtual_host => '<SERVICE DEFAULT>',
:rabbit_use_ssl => '<SERVICE DEFAULT>',
:rabbit_heartbeat_timeout_threshold => '<SERVICE DEFAULT>',
:rabbit_heartbeat_rate => '<SERVICE DEFAULT>',
:rabbit_ha_queues => '<SERVICE DEFAULT>',
:amqp_durable_queues => '<SERVICE DEFAULT>',
:max_allowed_secret_in_bytes => '<SERVICE DEFAULT>',
:max_allowed_request_size_in_bytes => '<SERVICE DEFAULT>',
:enable_queue => '<SERVICE DEFAULT>',
:queue_namespace => '<SERVICE DEFAULT>',
:queue_topic => '<SERVICE DEFAULT>',
:queue_version => '<SERVICE DEFAULT>',
:queue_server_name => '<SERVICE DEFAULT>',
:kombu_ssl_ca_certs => '<SERVICE DEFAULT>',
:kombu_ssl_certfile => '<SERVICE DEFAULT>',
:kombu_ssl_keyfile => '<SERVICE DEFAULT>',
:kombu_ssl_version => '<SERVICE DEFAULT>',
:kombu_reconnect_delay => '<SERVICE DEFAULT>',
:manage_service => true,
:enabled => true,
:retry_scheduler_initial_delay_seconds => '<SERVICE DEFAULT>',
:retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
}
@ -46,34 +48,37 @@ describe 'barbican::api' do
[{},
{
:bind_host => '127.0.0.1',
:bind_port => '9312',
:rpc_backend => 'rabbit',
:rabbit_host => 'rabbithost',
:rabbit_hosts => ['rabbithost:1234'],
:rabbit_password => 'bugs_bunny',
:rabbit_port => '1234',
:rabbit_userid => 'bugs',
:rabbit_virtual_host => 'rabbithost',
:rabbit_use_ssl => true,
:rabbit_heartbeat_timeout_threshold => '10',
:rabbit_heartbeat_rate => '10',
:rabbit_ha_queues => true,
:amqp_durable_queues => true,
:enable_queue => true,
:queue_namespace => 'barbican1',
:queue_topic => 'barbican1.workers',
:queue_version => '1.2',
:queue_server_name => 'barbican1.queue',
:manage_service => true,
:enabled => false,
:kombu_ssl_ca_certs => 'path_to_certs',
:kombu_ssl_certfile => 'path_to_certfile',
:kombu_ssl_keyfile => 'path_to_keyfile',
:kombu_ssl_version => '1.2',
:kombu_reconnect_delay => '10',
:bind_host => '127.0.0.1',
:bind_port => '9312',
:rpc_backend => 'rabbit',
:rabbit_host => 'rabbithost',
:rabbit_hosts => ['rabbithost:1234'],
:rabbit_password => 'bugs_bunny',
:rabbit_port => '1234',
:rabbit_userid => 'bugs',
:rabbit_virtual_host => 'rabbithost',
:rabbit_use_ssl => true,
:rabbit_heartbeat_timeout_threshold => '10',
:rabbit_heartbeat_rate => '10',
:rabbit_ha_queues => true,
:amqp_durable_queues => true,
:enable_queue => true,
:queue_namespace => 'barbican1',
:queue_topic => 'barbican1.workers',
:queue_version => '1.2',
:queue_server_name => 'barbican1.queue',
:manage_service => true,
:enabled => false,
:kombu_ssl_ca_certs => 'path_to_certs',
:kombu_ssl_certfile => 'path_to_certfile',
:kombu_ssl_keyfile => 'path_to_keyfile',
:kombu_ssl_version => '1.2',
:kombu_reconnect_delay => '10',
:retry_scheduler_initial_delay_seconds => 20.0,
:retry_scheduler_periodic_interval_max_seconds => 20.0,
:max_allowed_secret_in_bytes => 20000,
:max_allowed_request_size_in_bytes => 2000000,
:enabled => false,
}
].each do |param_set|
@ -106,6 +111,8 @@ describe 'barbican::api' do
[
'bind_host',
'bind_port',
'max_allowed_secret_in_bytes',
'max_allowed_request_size_in_bytes'
].each do |config|
is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
end

57
spec/classes/barbican_quota_spec.rb Normal file
View File

@ -0,0 +1,57 @@
require 'spec_helper'
describe 'barbican::quota' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
:processorcount => '7',
}
)
end
let :default_params do
{
:quota_secrets => '<SERVICE DEFAULT>',
:quota_orders => '<SERVICE DEFAULT>',
:quota_containers => '<SERVICE DEFAULT>',
:quota_consumers => '<SERVICE DEFAULT>',
:quota_cas => '<SERVICE DEFAULT>',
}
end
[{},
{
:quota_secrets => 100,
:quota_orders => 100,
:quota_containers => 100,
:quota_consumers => 100,
:quota_cas => 10,
}
].each do |param_set|
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
let :param_hash do
default_params.merge(param_set)
end
let :params do
param_set
end
it 'is_expected.to set quota parameters' do
[
'quota_secrets',
'quota_orders',
'quota_containers',
'quota_consumers',
'quota_cas',
].each do |config|
is_expected.to contain_barbican_config("quotas/#{config}").with_value(param_hash[config.intern])
end
end
end
end
end