Fix S3 API for >= Kilo

From Kilo onwards the swift-proxy charm is misconfiguring the swift3 middleware such that the api is unable to respond to any requests. We fix this by providing working config for Kilo onwards. NOTE: see LP for full explanation but due to problems with package version mismatches in the UCA this patch only fixes Trusty Kilo, (L is EOL) and Xenial Mitaka. Change-Id: Ice5690e7f06ffc78dd20b53b67dffc6bd72b2613 Closes-Bug: 1738063 (cherry picked from commit a256263c79)
2017-12-13 19:10:56 +00:00 · 2017-12-13 19:10:56 +00:00 · 37cfb1c504
parent d250624924
commit 37cfb1c504
3 changed files with 36 additions and 16 deletions
--- a/templates/kilo/proxy-server.conf
+++ b/templates/kilo/proxy-server.conf
@ -106,8 +106,14 @@ signing_dir = {{ signing_dir }}
 cache = swift.cache

 [filter:s3token]
-paste.filter_factory = keystonemiddleware.s3_token:filter_factory
-auth_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
+paste.filter_factory = keystoneclient.middleware.s3_token:filter_factory
+service_host = {{ keystone_host }}
+service_port = {{ service_port }}
+auth_port = {{ auth_port }}
+auth_host = {{ keystone_host }}
+auth_protocol = {{ auth_protocol }}
+auth_token = {{ admin_token }}
+admin_token = {{ admin_token }}

 [filter:swift3]
 use = egg:swift3#swift3
--- a/templates/mitaka/proxy-server.conf
+++ b/templates/mitaka/proxy-server.conf
@ -117,7 +117,13 @@ cache = swift.cache

 [filter:s3token]
 paste.filter_factory = keystonemiddleware.s3_token:filter_factory
-auth_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
+service_host = {{ keystone_host }}
+service_port = {{ service_port }}
+auth_port = {{ auth_port }}
+auth_host = {{ keystone_host }}
+auth_protocol = {{ auth_protocol }}
+auth_token = {{ admin_token }}
+admin_token = {{ admin_token }}

 [filter:swift3]
 use = egg:swift3#swift3
--- a/tests/basic_deployment.py
+++ b/tests/basic_deployment.py
@ -475,6 +475,16 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
                ' proxy-logging proxy-server'
            }

+        s3_token_auth_settings_legacy = {
+            'auth_port': keystone_relation['auth_port'],
+            'auth_host': keystone_relation['auth_host'],
+            'service_host': keystone_relation['service_host'],
+            'service_port': keystone_relation['service_port'],
+            'auth_protocol': keystone_relation['auth_protocol'],
+            'auth_token': keystone_relation['admin_token'],
+            'admin_token': keystone_relation['admin_token']
+        }
+
        if self._get_openstack_release() >= self.trusty_kilo:
            # Kilo and later
            expected['filter:authtoken'].update({
@ -503,13 +513,17 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
                })
            expected['filter:s3token'] = {
                # No section commonality with J and earlier
-                'paste.filter_factory': 'keystonemiddleware.s3_token'
+                'paste.filter_factory': 'keystoneclient.middleware.s3_token'
                                        ':filter_factory',
-                'auth_uri': '{}://{}:{}'.format(
-                    auth_protocol,
-                    auth_host,
-                    keystone_relation['auth_port']),
            }
+            expected['filter:s3token'].update(s3_token_auth_settings_legacy)
+
+            if self._get_openstack_release() >= self.trusty_mitaka:
+                expected['filter:s3token']['paste.filter_factory'] = \
+                    'keystonemiddleware.s3_token:filter_factory'
+
+            # NOTE(hopem): this will need extending for newer releases once
+            #              swift-plugin-s3 is updated in UCA. See LP: #1738063
        else:
            # Juno and earlier
            expected['filter:authtoken'].update({
@ -522,15 +536,9 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
            expected['filter:s3token'] = {
                # No section commonality with K and later
                'paste.filter_factory': 'keystoneclient.middleware.'
-                                        's3_token:filter_factory',
-                'auth_port': keystone_relation['auth_port'],
-                'auth_host': keystone_relation['auth_host'],
-                'service_host': keystone_relation['service_host'],
-                'service_port': keystone_relation['service_port'],
-                'auth_protocol': keystone_relation['auth_protocol'],
-                'auth_token': keystone_relation['admin_token'],
-                'admin_token': keystone_relation['admin_token']
+                's3_token:filter_factory',
            }
+            expected['filter:s3token'].update(s3_token_auth_settings_legacy)

        for section, pairs in expected.iteritems():
            ret = u.validate_config_data(unit, conf, section, pairs)