Merge "set rgw keystone revocation interval to 0"

2021-06-15 03:21:15 +00:00 · 2021-06-15 03:21:15 +00:00 · 0f1b77b7d5
parent d99b2d6ba4 d9cc3f3bfb
commit 0f1b77b7d5
3 changed files with 21 additions and 6 deletions
--- a/hooks/ceph_radosgw_context.py
+++ b/hooks/ceph_radosgw_context.py
@ -92,6 +92,8 @@ class IdentityServiceContext(context.IdentityServiceContext):
            ctxt.pop('admin_domain_id')

        ctxt['auth_type'] = 'keystone'
+        if cmp_pkgrevno('radosgw', '15.0.0') < 0:
+            ctxt['keystone_revocation_parameter_supported'] = True
        if cmp_pkgrevno('radosgw', "11.0.0") >= 0:
            ctxt['user_roles'] = config('operator-roles')
            ctxt['admin_roles'] = config('admin-roles')
--- a/templates/ceph.conf
+++ b/templates/ceph.conf
@ -55,6 +55,9 @@ rgw keystone admin tenant = {{ admin_tenant_name }}
 rgw keystone accepted roles = {{ user_roles }}
 rgw keystone accepted admin roles = {{ admin_roles }}
 rgw keystone token cache size = {{ cache_size }}
+{% if keystone_revocation_parameter_supported -%}
+rgw keystone revocation interval = 0
+{% endif -%}
 rgw s3 auth use keystone = true
 rgw s3 auth order = local, external
 {% if namespace_tenants %}
--- a/unit_tests/test_ceph_radosgw_context.py
+++ b/unit_tests/test_ceph_radosgw_context.py
@ -89,7 +89,7 @@ class IdentityServiceContextTest(CharmTestCase):
                      jewel_installed=False, cmp_pkgrevno_side_effects=None):
        self.cmp_pkgrevno.side_effect = (cmp_pkgrevno_side_effects
                                         if cmp_pkgrevno_side_effects
-                                         else [-1, -1])
+                                         else [-1, 1, -1])
        self.test_config.set('operator-roles', 'Babel')
        self.test_config.set('admin-roles', 'Dart')
        self.test_config.set('cache-size', '42')
@ -129,11 +129,13 @@ class IdentityServiceContextTest(CharmTestCase):
            'service_port': 9876,
            'service_protocol': 'http',
        }
-        if cmp_pkgrevno_side_effects and cmp_pkgrevno_side_effects[1] >= 0:
+        if cmp_pkgrevno_side_effects and cmp_pkgrevno_side_effects[2] >= 0:
            expect['user_roles'] = 'Babel'
            expect['admin_roles'] = 'Dart'
        else:
            expect['user_roles'] = 'Babel,Dart'
+        if cmp_pkgrevno_side_effects and cmp_pkgrevno_side_effects[1] < 0:
+            expect['keystone_revocation_parameter_supported'] = True
        if jewel_installed:
            expect['auth_keystone_v3_supported'] = True
        self.assertEqual(expect, ids_ctxt())
@ -153,7 +155,7 @@ class IdentityServiceContextTest(CharmTestCase):
                                     cmp_pkgrevno_side_effects=None):
        self.cmp_pkgrevno.side_effect = (cmp_pkgrevno_side_effects
                                         if cmp_pkgrevno_side_effects
-                                         else [-1, -1])
+                                         else [-1, 1, -1])
        self.test_config.set('operator-roles', 'Babel')
        self.test_config.set('admin-roles', 'Dart')
        self.test_config.set('cache-size', '42')
@ -194,11 +196,13 @@ class IdentityServiceContextTest(CharmTestCase):
            'service_port': 9876,
            'service_protocol': 'http',
        }
-        if cmp_pkgrevno_side_effects and cmp_pkgrevno_side_effects[1] >= 0:
+        if cmp_pkgrevno_side_effects and cmp_pkgrevno_side_effects[2] >= 0:
            expect['user_roles'] = 'Babel'
            expect['admin_roles'] = 'Dart'
        else:
            expect['user_roles'] = 'Babel,Dart'
+        if cmp_pkgrevno_side_effects and cmp_pkgrevno_side_effects[1] < 0:
+            expect['keystone_revocation_parameter_supported'] = True
        if jewel_installed:
            expect['auth_keystone_v3_supported'] = True
        self.assertEqual(expect, ids_ctxt())
@ -250,6 +254,7 @@ class IdentityServiceContextTest(CharmTestCase):
            'auth_type': 'keystone',
            'namespace_tenants': False,
            'cache_size': '42',
+            'keystone_revocation_parameter_supported': True,
            'service_host': '127.0.0.4',
            'service_port': 9876,
            'service_protocol': 'http',
@ -311,6 +316,7 @@ class IdentityServiceContextTest(CharmTestCase):
            'auth_type': 'keystone',
            'namespace_tenants': False,
            'cache_size': '42',
+            'keystone_revocation_parameter_supported': True,
            'service_domain_id': '8e50f28a556911e8aaeed33789425d23',
            'service_host': '127.0.0.4',
            'service_port': 9876,
@ -324,11 +330,15 @@ class IdentityServiceContextTest(CharmTestCase):

    def test_ids_ctxt_jewel(self):
        self.test_ids_ctxt(jewel_installed=True,
-                           cmp_pkgrevno_side_effects=[0, -1])
+                           cmp_pkgrevno_side_effects=[0, 1, -1])

    def test_ids_ctxt_luminous(self):
        self.test_ids_ctxt(jewel_installed=True,
-                           cmp_pkgrevno_side_effects=[1, 0])
+                           cmp_pkgrevno_side_effects=[1, 1, 0])
+
+    def test_ids_ctxt_octopus(self):
+        self.test_ids_ctxt(jewel_installed=True,
+                           cmp_pkgrevno_side_effects=[1, -1, 0])

    @patch.object(charmhelpers.contrib.openstack.context,
                  'filter_installed_packages', return_value=['absent-pkg'])