Add quota and secret limit parameters to barbican-api manifest
Change-Id: I512e8c5a5ffa4442a68b41e7b0783ee7b90279c1
This commit is contained in:
parent
ee996875dc
commit
00abb7c54d
|
@ -27,16 +27,24 @@
|
|||
# Defaults to http://`hostname`:<bind_port>
|
||||
# TODO: needs to be set
|
||||
#
|
||||
# [*max_allowed_secret_in_bytes*]
|
||||
# (optional) Maximum allowed secret size to be stored.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*max_allowed_request_size_in_bytes*]
|
||||
# (optional) Maximum request size against the barbican API.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*rpc_backend*]
|
||||
# (optional) The rpc backend implementation to use, can be:
|
||||
# rabbit (for rabbitmq)
|
||||
# qpid (for qpid)
|
||||
# zmq (for zeromq)
|
||||
# Defaults to 'rabbit'
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*rabbit_host*]
|
||||
# (optional) Location of rabbitmq installation.
|
||||
# Defaults to 'localhost'
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*rabbit_hosts*]
|
||||
# (optional) List of clustered rabbit servers.
|
||||
|
@ -87,31 +95,31 @@
|
|||
#
|
||||
# [*enable_queue*]
|
||||
# (optional) Enable asynchronous queuing
|
||||
# Defaults to False
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*queue_namespace*]
|
||||
# (optional) Namespace for the queue
|
||||
# Defaults to barbican
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*queue_topic*]
|
||||
# (optional) Topic for the queue
|
||||
# Defaults to barbican.workers
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*queue_version*]
|
||||
# (optional) Version for the task API
|
||||
# Defaults to 1.1
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*queue_server_name*]
|
||||
# (optional) Server name for RPC service
|
||||
# Defaults to 'barbican.queue'
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*retry_scheduler_initial_delay_seconds*]
|
||||
# (optional) Seconds (float) to wait before starting retry scheduler
|
||||
# Defaults to 10.0
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*retry_scheduler_periodic_interval_max_seconds*]
|
||||
# (optional) Seconds (float) to wait between starting retry scheduler
|
||||
# Defaults to 10.0
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*kombu_ssl_ca_certs*]
|
||||
# (optional) SSL certification authority file (valid only if SSL enabled).
|
||||
|
@ -151,40 +159,40 @@
|
|||
# Defaults to true.
|
||||
#
|
||||
class barbican::api (
|
||||
$ensure_package = 'present',
|
||||
$client_package_ensure = 'present',
|
||||
$bind_host = '0.0.0.0',
|
||||
$bind_port = '9311',
|
||||
$host_href = undef,
|
||||
$rpc_backend = $::os_service_default,
|
||||
$rabbit_host = $::os_service_default,
|
||||
$rabbit_hosts = $::os_service_default,
|
||||
$rabbit_password = $::os_service_default,
|
||||
$rabbit_port = $::os_service_default,
|
||||
$rabbit_userid = $::os_service_default,
|
||||
$rabbit_virtual_host = $::os_service_default,
|
||||
$rabbit_use_ssl = $::os_service_default,
|
||||
$rabbit_heartbeat_timeout_threshold = $::os_service_default,
|
||||
$rabbit_heartbeat_rate = $::os_service_default,
|
||||
$rabbit_ha_queues = $::os_service_default,
|
||||
$amqp_durable_queues = $::os_service_default,
|
||||
$enable_queue = $::os_service_default,
|
||||
$queue_namespace = $::os_service_default,
|
||||
$queue_topic = $::os_service_default,
|
||||
$queue_version = $::os_service_default,
|
||||
$queue_server_name = $::os_service_default,
|
||||
$retry_scheduler_initial_delay_seconds
|
||||
= $::os_service_default,
|
||||
$retry_scheduler_periodic_interval_max_seconds
|
||||
= $::os_service_default,
|
||||
$kombu_ssl_ca_certs = $::os_service_default,
|
||||
$kombu_ssl_certfile = $::os_service_default,
|
||||
$kombu_ssl_keyfile = $::os_service_default,
|
||||
$kombu_ssl_version = $::os_service_default,
|
||||
$kombu_reconnect_delay = $::os_service_default,
|
||||
$kombu_compression = $::os_service_default,
|
||||
$manage_service = true,
|
||||
$enabled = true,
|
||||
$ensure_package = 'present',
|
||||
$client_package_ensure = 'present',
|
||||
$bind_host = '0.0.0.0',
|
||||
$bind_port = '9311',
|
||||
$host_href = undef,
|
||||
$max_allowed_secret_in_bytes = $::os_service_default,
|
||||
$max_allowed_request_size_in_bytes = $::os_service_default,
|
||||
$rpc_backend = $::os_service_default,
|
||||
$rabbit_host = $::os_service_default,
|
||||
$rabbit_hosts = $::os_service_default,
|
||||
$rabbit_password = $::os_service_default,
|
||||
$rabbit_port = $::os_service_default,
|
||||
$rabbit_userid = $::os_service_default,
|
||||
$rabbit_virtual_host = $::os_service_default,
|
||||
$rabbit_use_ssl = $::os_service_default,
|
||||
$rabbit_heartbeat_timeout_threshold = $::os_service_default,
|
||||
$rabbit_heartbeat_rate = $::os_service_default,
|
||||
$rabbit_ha_queues = $::os_service_default,
|
||||
$amqp_durable_queues = $::os_service_default,
|
||||
$enable_queue = $::os_service_default,
|
||||
$queue_namespace = $::os_service_default,
|
||||
$queue_topic = $::os_service_default,
|
||||
$queue_version = $::os_service_default,
|
||||
$queue_server_name = $::os_service_default,
|
||||
$retry_scheduler_initial_delay_seconds = $::os_service_default,
|
||||
$retry_scheduler_periodic_interval_max_seconds = $::os_service_default,
|
||||
$kombu_ssl_ca_certs = $::os_service_default,
|
||||
$kombu_ssl_certfile = $::os_service_default,
|
||||
$kombu_ssl_keyfile = $::os_service_default,
|
||||
$kombu_ssl_version = $::os_service_default,
|
||||
$kombu_reconnect_delay = $::os_service_default,
|
||||
$kombu_compression = $::os_service_default,
|
||||
$manage_service = true,
|
||||
$enabled = true,
|
||||
) inherits barbican::params {
|
||||
|
||||
include ::barbican::db
|
||||
|
@ -282,10 +290,12 @@ class barbican::api (
|
|||
'queue/server_name': value => $queue_server_name;
|
||||
}
|
||||
|
||||
# retry scheduler options
|
||||
# retry scheduler and max allowed secret options
|
||||
barbican_config {
|
||||
'retry_scheduler/initial_delay_seconds': value => $retry_scheduler_initial_delay_seconds;
|
||||
'retry_scheduler/periodic_interval_max_seconds': value => $retry_scheduler_periodic_interval_max_seconds;
|
||||
'DEFAULT/max_allowed_secret_in_bytes': value => $max_allowed_secret_in_bytes;
|
||||
'DEFAULT/max_allowed_request_size_in_bytes': value => $max_allowed_request_size_in_bytes;
|
||||
}
|
||||
|
||||
if $manage_service {
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
# == Class: barbican::quota
|
||||
#
|
||||
# Sets up Barbican API server quotas
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*quota_secrets*]
|
||||
# (optional) default number of secrets allowed per project
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*quota_orders*]
|
||||
# (optional) default number of orders allowed per project
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*quota_containers*]
|
||||
# (optional) default number of containers allowed per project
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*quota_consumers*]
|
||||
# (optional) default number of consumers allowed per project
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*quota_cas*]
|
||||
# (optional) default number of CAs allowed per project
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
class barbican::quota (
|
||||
$quota_secrets = $::os_service_default,
|
||||
$quota_orders = $::os_service_default,
|
||||
$quota_containers = $::os_service_default,
|
||||
$quota_consumers = $::os_service_default,
|
||||
$quota_cas = $::os_service_default,
|
||||
) {
|
||||
|
||||
barbican_config {
|
||||
'quotas/quota_secrets': value => $quota_secrets;
|
||||
'quotas/quota_orders': value => $quota_orders;
|
||||
'quotas/quota_containers': value => $quota_containers;
|
||||
'quotas/quota_consumers': value => $quota_consumers;
|
||||
'quotas/quota_cas': value => $quota_cas;
|
||||
}
|
||||
}
|
|
@ -18,6 +18,9 @@ describe 'barbican::api class' do
|
|||
verbose => true,
|
||||
}
|
||||
|
||||
class { '::barbican::quota':
|
||||
}
|
||||
|
||||
class { '::barbican::api':
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,32 +13,34 @@ describe 'barbican::api' do
|
|||
|
||||
let :default_params do
|
||||
{
|
||||
:bind_host => '0.0.0.0',
|
||||
:bind_port => '9311',
|
||||
:rpc_backend => 'rabbit',
|
||||
:rabbit_host => '<SERVICE_DEFAULT>',
|
||||
:rabbit_hosts => ['<SERVICE DEFAULT>'],
|
||||
:rabbit_password => '<SERVICE DEFAULT>',
|
||||
:rabbit_port => '<SERVICE DEFAULT>',
|
||||
:rabbit_userid => '<SERVICE DEFAULT>',
|
||||
:rabbit_virtual_host => '<SERVICE DEFAULT>',
|
||||
:rabbit_use_ssl => '<SERVICE DEFAULT>',
|
||||
:rabbit_heartbeat_timeout_threshold => '<SERVICE DEFAULT>',
|
||||
:rabbit_heartbeat_rate => '<SERVICE DEFAULT>',
|
||||
:rabbit_ha_queues => '<SERVICE DEFAULT>',
|
||||
:amqp_durable_queues => '<SERVICE DEFAULT>',
|
||||
:enable_queue => '<SERVICE DEFAULT>',
|
||||
:queue_namespace => '<SERVICE DEFAULT>',
|
||||
:queue_topic => '<SERVICE DEFAULT>',
|
||||
:queue_version => '<SERVICE DEFAULT>',
|
||||
:queue_server_name => '<SERVICE DEFAULT>',
|
||||
:manage_service => true,
|
||||
:enabled => true,
|
||||
:kombu_ssl_ca_certs => '<SERVICE DEFAULT>',
|
||||
:kombu_ssl_certfile => '<SERVICE DEFAULT>',
|
||||
:kombu_ssl_keyfile => '<SERVICE DEFAULT>',
|
||||
:kombu_ssl_version => '<SERVICE DEFAULT>',
|
||||
:kombu_reconnect_delay => '<SERVICE DEFAULT>',
|
||||
:bind_host => '0.0.0.0',
|
||||
:bind_port => '9311',
|
||||
:rpc_backend => 'rabbit',
|
||||
:rabbit_host => '<SERVICE_DEFAULT>',
|
||||
:rabbit_hosts => ['<SERVICE DEFAULT>'],
|
||||
:rabbit_password => '<SERVICE DEFAULT>',
|
||||
:rabbit_port => '<SERVICE DEFAULT>',
|
||||
:rabbit_userid => '<SERVICE DEFAULT>',
|
||||
:rabbit_virtual_host => '<SERVICE DEFAULT>',
|
||||
:rabbit_use_ssl => '<SERVICE DEFAULT>',
|
||||
:rabbit_heartbeat_timeout_threshold => '<SERVICE DEFAULT>',
|
||||
:rabbit_heartbeat_rate => '<SERVICE DEFAULT>',
|
||||
:rabbit_ha_queues => '<SERVICE DEFAULT>',
|
||||
:amqp_durable_queues => '<SERVICE DEFAULT>',
|
||||
:max_allowed_secret_in_bytes => '<SERVICE DEFAULT>',
|
||||
:max_allowed_request_size_in_bytes => '<SERVICE DEFAULT>',
|
||||
:enable_queue => '<SERVICE DEFAULT>',
|
||||
:queue_namespace => '<SERVICE DEFAULT>',
|
||||
:queue_topic => '<SERVICE DEFAULT>',
|
||||
:queue_version => '<SERVICE DEFAULT>',
|
||||
:queue_server_name => '<SERVICE DEFAULT>',
|
||||
:kombu_ssl_ca_certs => '<SERVICE DEFAULT>',
|
||||
:kombu_ssl_certfile => '<SERVICE DEFAULT>',
|
||||
:kombu_ssl_keyfile => '<SERVICE DEFAULT>',
|
||||
:kombu_ssl_version => '<SERVICE DEFAULT>',
|
||||
:kombu_reconnect_delay => '<SERVICE DEFAULT>',
|
||||
:manage_service => true,
|
||||
:enabled => true,
|
||||
:retry_scheduler_initial_delay_seconds => '<SERVICE DEFAULT>',
|
||||
:retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
|
||||
}
|
||||
|
@ -46,34 +48,37 @@ describe 'barbican::api' do
|
|||
|
||||
[{},
|
||||
{
|
||||
:bind_host => '127.0.0.1',
|
||||
:bind_port => '9312',
|
||||
:rpc_backend => 'rabbit',
|
||||
:rabbit_host => 'rabbithost',
|
||||
:rabbit_hosts => ['rabbithost:1234'],
|
||||
:rabbit_password => 'bugs_bunny',
|
||||
:rabbit_port => '1234',
|
||||
:rabbit_userid => 'bugs',
|
||||
:rabbit_virtual_host => 'rabbithost',
|
||||
:rabbit_use_ssl => true,
|
||||
:rabbit_heartbeat_timeout_threshold => '10',
|
||||
:rabbit_heartbeat_rate => '10',
|
||||
:rabbit_ha_queues => true,
|
||||
:amqp_durable_queues => true,
|
||||
:enable_queue => true,
|
||||
:queue_namespace => 'barbican1',
|
||||
:queue_topic => 'barbican1.workers',
|
||||
:queue_version => '1.2',
|
||||
:queue_server_name => 'barbican1.queue',
|
||||
:manage_service => true,
|
||||
:enabled => false,
|
||||
:kombu_ssl_ca_certs => 'path_to_certs',
|
||||
:kombu_ssl_certfile => 'path_to_certfile',
|
||||
:kombu_ssl_keyfile => 'path_to_keyfile',
|
||||
:kombu_ssl_version => '1.2',
|
||||
:kombu_reconnect_delay => '10',
|
||||
:bind_host => '127.0.0.1',
|
||||
:bind_port => '9312',
|
||||
:rpc_backend => 'rabbit',
|
||||
:rabbit_host => 'rabbithost',
|
||||
:rabbit_hosts => ['rabbithost:1234'],
|
||||
:rabbit_password => 'bugs_bunny',
|
||||
:rabbit_port => '1234',
|
||||
:rabbit_userid => 'bugs',
|
||||
:rabbit_virtual_host => 'rabbithost',
|
||||
:rabbit_use_ssl => true,
|
||||
:rabbit_heartbeat_timeout_threshold => '10',
|
||||
:rabbit_heartbeat_rate => '10',
|
||||
:rabbit_ha_queues => true,
|
||||
:amqp_durable_queues => true,
|
||||
:enable_queue => true,
|
||||
:queue_namespace => 'barbican1',
|
||||
:queue_topic => 'barbican1.workers',
|
||||
:queue_version => '1.2',
|
||||
:queue_server_name => 'barbican1.queue',
|
||||
:manage_service => true,
|
||||
:enabled => false,
|
||||
:kombu_ssl_ca_certs => 'path_to_certs',
|
||||
:kombu_ssl_certfile => 'path_to_certfile',
|
||||
:kombu_ssl_keyfile => 'path_to_keyfile',
|
||||
:kombu_ssl_version => '1.2',
|
||||
:kombu_reconnect_delay => '10',
|
||||
:retry_scheduler_initial_delay_seconds => 20.0,
|
||||
:retry_scheduler_periodic_interval_max_seconds => 20.0,
|
||||
:max_allowed_secret_in_bytes => 20000,
|
||||
:max_allowed_request_size_in_bytes => 2000000,
|
||||
:enabled => false,
|
||||
}
|
||||
].each do |param_set|
|
||||
|
||||
|
@ -106,6 +111,8 @@ describe 'barbican::api' do
|
|||
[
|
||||
'bind_host',
|
||||
'bind_port',
|
||||
'max_allowed_secret_in_bytes',
|
||||
'max_allowed_request_size_in_bytes'
|
||||
].each do |config|
|
||||
is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
|
||||
end
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'barbican::quota' do
|
||||
|
||||
let :facts do
|
||||
@default_facts.merge(
|
||||
{
|
||||
:osfamily => 'RedHat',
|
||||
:processorcount => '7',
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
let :default_params do
|
||||
{
|
||||
:quota_secrets => '<SERVICE DEFAULT>',
|
||||
:quota_orders => '<SERVICE DEFAULT>',
|
||||
:quota_containers => '<SERVICE DEFAULT>',
|
||||
:quota_consumers => '<SERVICE DEFAULT>',
|
||||
:quota_cas => '<SERVICE DEFAULT>',
|
||||
}
|
||||
end
|
||||
|
||||
[{},
|
||||
{
|
||||
:quota_secrets => 100,
|
||||
:quota_orders => 100,
|
||||
:quota_containers => 100,
|
||||
:quota_consumers => 100,
|
||||
:quota_cas => 10,
|
||||
}
|
||||
].each do |param_set|
|
||||
|
||||
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
|
||||
|
||||
let :param_hash do
|
||||
default_params.merge(param_set)
|
||||
end
|
||||
|
||||
let :params do
|
||||
param_set
|
||||
end
|
||||
|
||||
it 'is_expected.to set quota parameters' do
|
||||
[
|
||||
'quota_secrets',
|
||||
'quota_orders',
|
||||
'quota_containers',
|
||||
'quota_consumers',
|
||||
'quota_cas',
|
||||
].each do |config|
|
||||
is_expected.to contain_barbican_config("quotas/#{config}").with_value(param_hash[config.intern])
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue