From 00abb7c54d22488b4b7e9f700aafd86b5278ca45 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Tue, 22 Mar 2016 16:10:32 -0400 Subject: [PATCH] Add quota and secret limit parameters to barbican-api manifest Change-Id: I512e8c5a5ffa4442a68b41e7b0783ee7b90279c1 --- manifests/api.pp | 98 ++++++++++++---------- manifests/quota.pp | 42 ++++++++++ spec/acceptance/basic_barbican_spec.rb | 3 + spec/classes/barbican_api_spec.rb | 111 +++++++++++++------------ spec/classes/barbican_quota_spec.rb | 57 +++++++++++++ 5 files changed, 215 insertions(+), 96 deletions(-) create mode 100644 manifests/quota.pp create mode 100644 spec/classes/barbican_quota_spec.rb diff --git a/manifests/api.pp b/manifests/api.pp index b154301a..b2034e97 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -27,16 +27,24 @@ # Defaults to http://`hostname`: # TODO: needs to be set # +# [*max_allowed_secret_in_bytes*] +# (optional) Maximum allowed secret size to be stored. +# Defaults to $::os_service_default +# +# [*max_allowed_request_size_in_bytes*] +# (optional) Maximum request size against the barbican API. +# Defaults to $::os_service_default +# # [*rpc_backend*] # (optional) The rpc backend implementation to use, can be: # rabbit (for rabbitmq) # qpid (for qpid) # zmq (for zeromq) -# Defaults to 'rabbit' +# Defaults to $::os_service_default # # [*rabbit_host*] # (optional) Location of rabbitmq installation. -# Defaults to 'localhost' +# Defaults to $::os_service_default # # [*rabbit_hosts*] # (optional) List of clustered rabbit servers. @@ -87,31 +95,31 @@ # # [*enable_queue*] # (optional) Enable asynchronous queuing -# Defaults to False +# Defaults to $::os_service_default # # [*queue_namespace*] # (optional) Namespace for the queue -# Defaults to barbican +# Defaults to $::os_service_default # # [*queue_topic*] # (optional) Topic for the queue -# Defaults to barbican.workers +# Defaults to $::os_service_default # # [*queue_version*] # (optional) Version for the task API -# Defaults to 1.1 +# Defaults to $::os_service_default # # [*queue_server_name*] # (optional) Server name for RPC service -# Defaults to 'barbican.queue' +# Defaults to $::os_service_default # # [*retry_scheduler_initial_delay_seconds*] # (optional) Seconds (float) to wait before starting retry scheduler -# Defaults to 10.0 +# Defaults to $::os_service_default # # [*retry_scheduler_periodic_interval_max_seconds*] # (optional) Seconds (float) to wait between starting retry scheduler -# Defaults to 10.0 +# Defaults to $::os_service_default # # [*kombu_ssl_ca_certs*] # (optional) SSL certification authority file (valid only if SSL enabled). @@ -151,40 +159,40 @@ # Defaults to true. # class barbican::api ( - $ensure_package = 'present', - $client_package_ensure = 'present', - $bind_host = '0.0.0.0', - $bind_port = '9311', - $host_href = undef, - $rpc_backend = $::os_service_default, - $rabbit_host = $::os_service_default, - $rabbit_hosts = $::os_service_default, - $rabbit_password = $::os_service_default, - $rabbit_port = $::os_service_default, - $rabbit_userid = $::os_service_default, - $rabbit_virtual_host = $::os_service_default, - $rabbit_use_ssl = $::os_service_default, - $rabbit_heartbeat_timeout_threshold = $::os_service_default, - $rabbit_heartbeat_rate = $::os_service_default, - $rabbit_ha_queues = $::os_service_default, - $amqp_durable_queues = $::os_service_default, - $enable_queue = $::os_service_default, - $queue_namespace = $::os_service_default, - $queue_topic = $::os_service_default, - $queue_version = $::os_service_default, - $queue_server_name = $::os_service_default, - $retry_scheduler_initial_delay_seconds - = $::os_service_default, - $retry_scheduler_periodic_interval_max_seconds - = $::os_service_default, - $kombu_ssl_ca_certs = $::os_service_default, - $kombu_ssl_certfile = $::os_service_default, - $kombu_ssl_keyfile = $::os_service_default, - $kombu_ssl_version = $::os_service_default, - $kombu_reconnect_delay = $::os_service_default, - $kombu_compression = $::os_service_default, - $manage_service = true, - $enabled = true, + $ensure_package = 'present', + $client_package_ensure = 'present', + $bind_host = '0.0.0.0', + $bind_port = '9311', + $host_href = undef, + $max_allowed_secret_in_bytes = $::os_service_default, + $max_allowed_request_size_in_bytes = $::os_service_default, + $rpc_backend = $::os_service_default, + $rabbit_host = $::os_service_default, + $rabbit_hosts = $::os_service_default, + $rabbit_password = $::os_service_default, + $rabbit_port = $::os_service_default, + $rabbit_userid = $::os_service_default, + $rabbit_virtual_host = $::os_service_default, + $rabbit_use_ssl = $::os_service_default, + $rabbit_heartbeat_timeout_threshold = $::os_service_default, + $rabbit_heartbeat_rate = $::os_service_default, + $rabbit_ha_queues = $::os_service_default, + $amqp_durable_queues = $::os_service_default, + $enable_queue = $::os_service_default, + $queue_namespace = $::os_service_default, + $queue_topic = $::os_service_default, + $queue_version = $::os_service_default, + $queue_server_name = $::os_service_default, + $retry_scheduler_initial_delay_seconds = $::os_service_default, + $retry_scheduler_periodic_interval_max_seconds = $::os_service_default, + $kombu_ssl_ca_certs = $::os_service_default, + $kombu_ssl_certfile = $::os_service_default, + $kombu_ssl_keyfile = $::os_service_default, + $kombu_ssl_version = $::os_service_default, + $kombu_reconnect_delay = $::os_service_default, + $kombu_compression = $::os_service_default, + $manage_service = true, + $enabled = true, ) inherits barbican::params { include ::barbican::db @@ -282,10 +290,12 @@ class barbican::api ( 'queue/server_name': value => $queue_server_name; } - # retry scheduler options + # retry scheduler and max allowed secret options barbican_config { 'retry_scheduler/initial_delay_seconds': value => $retry_scheduler_initial_delay_seconds; 'retry_scheduler/periodic_interval_max_seconds': value => $retry_scheduler_periodic_interval_max_seconds; + 'DEFAULT/max_allowed_secret_in_bytes': value => $max_allowed_secret_in_bytes; + 'DEFAULT/max_allowed_request_size_in_bytes': value => $max_allowed_request_size_in_bytes; } if $manage_service { diff --git a/manifests/quota.pp b/manifests/quota.pp new file mode 100644 index 00000000..a72842f3 --- /dev/null +++ b/manifests/quota.pp @@ -0,0 +1,42 @@ +# == Class: barbican::quota +# +# Sets up Barbican API server quotas +# +# === Parameters +# +# [*quota_secrets*] +# (optional) default number of secrets allowed per project +# Defaults to $::os_service_default +# +# [*quota_orders*] +# (optional) default number of orders allowed per project +# Defaults to $::os_service_default +# +# [*quota_containers*] +# (optional) default number of containers allowed per project +# Defaults to $::os_service_default +# +# [*quota_consumers*] +# (optional) default number of consumers allowed per project +# Defaults to $::os_service_default +# +# [*quota_cas*] +# (optional) default number of CAs allowed per project +# Defaults to $::os_service_default +# +class barbican::quota ( + $quota_secrets = $::os_service_default, + $quota_orders = $::os_service_default, + $quota_containers = $::os_service_default, + $quota_consumers = $::os_service_default, + $quota_cas = $::os_service_default, +) { + + barbican_config { + 'quotas/quota_secrets': value => $quota_secrets; + 'quotas/quota_orders': value => $quota_orders; + 'quotas/quota_containers': value => $quota_containers; + 'quotas/quota_consumers': value => $quota_consumers; + 'quotas/quota_cas': value => $quota_cas; + } +} diff --git a/spec/acceptance/basic_barbican_spec.rb b/spec/acceptance/basic_barbican_spec.rb index 141abbb5..515be436 100644 --- a/spec/acceptance/basic_barbican_spec.rb +++ b/spec/acceptance/basic_barbican_spec.rb @@ -18,6 +18,9 @@ describe 'barbican::api class' do verbose => true, } + class { '::barbican::quota': + } + class { '::barbican::api': } } diff --git a/spec/classes/barbican_api_spec.rb b/spec/classes/barbican_api_spec.rb index 61cb5d1f..ca47159d 100644 --- a/spec/classes/barbican_api_spec.rb +++ b/spec/classes/barbican_api_spec.rb @@ -13,32 +13,34 @@ describe 'barbican::api' do let :default_params do { - :bind_host => '0.0.0.0', - :bind_port => '9311', - :rpc_backend => 'rabbit', - :rabbit_host => '', - :rabbit_hosts => [''], - :rabbit_password => '', - :rabbit_port => '', - :rabbit_userid => '', - :rabbit_virtual_host => '', - :rabbit_use_ssl => '', - :rabbit_heartbeat_timeout_threshold => '', - :rabbit_heartbeat_rate => '', - :rabbit_ha_queues => '', - :amqp_durable_queues => '', - :enable_queue => '', - :queue_namespace => '', - :queue_topic => '', - :queue_version => '', - :queue_server_name => '', - :manage_service => true, - :enabled => true, - :kombu_ssl_ca_certs => '', - :kombu_ssl_certfile => '', - :kombu_ssl_keyfile => '', - :kombu_ssl_version => '', - :kombu_reconnect_delay => '', + :bind_host => '0.0.0.0', + :bind_port => '9311', + :rpc_backend => 'rabbit', + :rabbit_host => '', + :rabbit_hosts => [''], + :rabbit_password => '', + :rabbit_port => '', + :rabbit_userid => '', + :rabbit_virtual_host => '', + :rabbit_use_ssl => '', + :rabbit_heartbeat_timeout_threshold => '', + :rabbit_heartbeat_rate => '', + :rabbit_ha_queues => '', + :amqp_durable_queues => '', + :max_allowed_secret_in_bytes => '', + :max_allowed_request_size_in_bytes => '', + :enable_queue => '', + :queue_namespace => '', + :queue_topic => '', + :queue_version => '', + :queue_server_name => '', + :kombu_ssl_ca_certs => '', + :kombu_ssl_certfile => '', + :kombu_ssl_keyfile => '', + :kombu_ssl_version => '', + :kombu_reconnect_delay => '', + :manage_service => true, + :enabled => true, :retry_scheduler_initial_delay_seconds => '', :retry_scheduler_periodic_interval_max_seconds => '', } @@ -46,34 +48,37 @@ describe 'barbican::api' do [{}, { - :bind_host => '127.0.0.1', - :bind_port => '9312', - :rpc_backend => 'rabbit', - :rabbit_host => 'rabbithost', - :rabbit_hosts => ['rabbithost:1234'], - :rabbit_password => 'bugs_bunny', - :rabbit_port => '1234', - :rabbit_userid => 'bugs', - :rabbit_virtual_host => 'rabbithost', - :rabbit_use_ssl => true, - :rabbit_heartbeat_timeout_threshold => '10', - :rabbit_heartbeat_rate => '10', - :rabbit_ha_queues => true, - :amqp_durable_queues => true, - :enable_queue => true, - :queue_namespace => 'barbican1', - :queue_topic => 'barbican1.workers', - :queue_version => '1.2', - :queue_server_name => 'barbican1.queue', - :manage_service => true, - :enabled => false, - :kombu_ssl_ca_certs => 'path_to_certs', - :kombu_ssl_certfile => 'path_to_certfile', - :kombu_ssl_keyfile => 'path_to_keyfile', - :kombu_ssl_version => '1.2', - :kombu_reconnect_delay => '10', + :bind_host => '127.0.0.1', + :bind_port => '9312', + :rpc_backend => 'rabbit', + :rabbit_host => 'rabbithost', + :rabbit_hosts => ['rabbithost:1234'], + :rabbit_password => 'bugs_bunny', + :rabbit_port => '1234', + :rabbit_userid => 'bugs', + :rabbit_virtual_host => 'rabbithost', + :rabbit_use_ssl => true, + :rabbit_heartbeat_timeout_threshold => '10', + :rabbit_heartbeat_rate => '10', + :rabbit_ha_queues => true, + :amqp_durable_queues => true, + :enable_queue => true, + :queue_namespace => 'barbican1', + :queue_topic => 'barbican1.workers', + :queue_version => '1.2', + :queue_server_name => 'barbican1.queue', + :manage_service => true, + :enabled => false, + :kombu_ssl_ca_certs => 'path_to_certs', + :kombu_ssl_certfile => 'path_to_certfile', + :kombu_ssl_keyfile => 'path_to_keyfile', + :kombu_ssl_version => '1.2', + :kombu_reconnect_delay => '10', :retry_scheduler_initial_delay_seconds => 20.0, :retry_scheduler_periodic_interval_max_seconds => 20.0, + :max_allowed_secret_in_bytes => 20000, + :max_allowed_request_size_in_bytes => 2000000, + :enabled => false, } ].each do |param_set| @@ -106,6 +111,8 @@ describe 'barbican::api' do [ 'bind_host', 'bind_port', + 'max_allowed_secret_in_bytes', + 'max_allowed_request_size_in_bytes' ].each do |config| is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) end diff --git a/spec/classes/barbican_quota_spec.rb b/spec/classes/barbican_quota_spec.rb new file mode 100644 index 00000000..0803b959 --- /dev/null +++ b/spec/classes/barbican_quota_spec.rb @@ -0,0 +1,57 @@ +require 'spec_helper' + +describe 'barbican::quota' do + + let :facts do + @default_facts.merge( + { + :osfamily => 'RedHat', + :processorcount => '7', + } + ) + end + + let :default_params do + { + :quota_secrets => '', + :quota_orders => '', + :quota_containers => '', + :quota_consumers => '', + :quota_cas => '', + } + end + + [{}, + { + :quota_secrets => 100, + :quota_orders => 100, + :quota_containers => 100, + :quota_consumers => 100, + :quota_cas => 10, + } + ].each do |param_set| + + describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do + + let :param_hash do + default_params.merge(param_set) + end + + let :params do + param_set + end + + it 'is_expected.to set quota parameters' do + [ + 'quota_secrets', + 'quota_orders', + 'quota_containers', + 'quota_consumers', + 'quota_cas', + ].each do |config| + is_expected.to contain_barbican_config("quotas/#{config}").with_value(param_hash[config.intern]) + end + end + end + end +end