openstack
/
charm-swift-proxy
Code Issues Proposed changes

Fix S3 support, register endpoint in keystone 

This change registers the configured S3 proxy with Keystone, so that
your cloud knows about the S3 endpoints.

Also includes an update to ensure that the s3token middleware
authenticates against the correct keystone endpoint.

Change-Id: I07d25df6332028a99e0bf79b39f998f84613a4fc
This commit is contained in:
Chris MacNaughton 2016-06-14 11:20:45 -04:00 committed by James Page
parent 3d53a58984
commit 25a2ea7fdd
4 changed files with 64 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
hooks/swift_hooks.py
View File

@ -196,9 +196,23 @@ def keystone_joined(relid=None):
region = config('region')
roles = config('operator-roles')
relation_set(service='swift', region=region, public_url=public_url,
internal_url=internal_url, admin_url=admin_url,
requested_roles=roles, relation_id=relid)
s3_public_url = ('%s:%s' %
(canonical_url(CONFIGS, PUBLIC), port))
s3_internal_url = ('%s:%s' %
(canonical_url(CONFIGS, INTERNAL), port))
s3_admin_url = '%s:%s' % (canonical_url(CONFIGS, ADMIN), port)
relation_set(requested_roles=roles, relation_id=relid,
region=None, public_url=None,
internal_url=None, admin_url=None, service=None,
swift_service='swift', swift_region=region,
swift_public_url=public_url,
swift_internal_url=internal_url,
swift_admin_url=admin_url,
s3_service='s3', s3_region=region,
s3_public_url=s3_public_url,
s3_admin_url=s3_admin_url,
s3_internal_url=s3_internal_url)
@hooks.hook('identity-service-relation-changed')

6
templates/kilo/proxy-server.conf
View File

@ -91,11 +91,7 @@ cache = swift.cache
[filter:s3token]
paste.filter_factory = keystonemiddleware.s3_token:filter_factory
identity_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
admin_tenant_name = {{ service_tenant }}
admin_user = {{ service_user }}
admin_password = {{ service_password }}
auth_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
[filter:swift3]
use = egg:swift3#swift3

25
tests/basic_deployment.py
View File

@ -201,7 +201,7 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
'tenantId': u.not_null,
'id': u.not_null,
'email': u'juju@localhost'}
user4 = {'name': 'swift',
user4 = {'name': 's3_swift',
'enabled': True,
'tenantId': u.not_null,
'id': u.not_null,
@ -223,7 +223,7 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
'id': u.not_null}
expected = {'image': [endpoint_id], 'object-store': [endpoint_id],
'identity': [endpoint_id]}
'identity': [endpoint_id], 's3': [endpoint_id]}
actual = self.keystone_demo.service_catalog.get_endpoints()
ret = u.validate_svc_catalog_endpoint_data(expected, actual)
@ -254,13 +254,18 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
unit = self.swift_proxy_sentry
relation = ['identity-service', 'keystone:identity-service']
expected = {
'service': 'swift',
'region': 'RegionOne',
'public_url': u.valid_url,
'internal_url': u.valid_url,
'swift_service': 'swift',
'swift_region': 'RegionOne',
'swift_public_url': u.valid_url,
'swift_internal_url': u.valid_url,
'swift_admin_url': u.valid_url,
's3_service': 's3',
's3_region': 'RegionOne',
's3_public_url': u.valid_url,
's3_internal_url': u.valid_url,
's3_admin_url': u.valid_url,
'private-address': u.valid_ip,
'requested_roles': 'Member,Admin',
'admin_url': u.valid_url
}
ret = u.validate_relation_data(unit, relation, expected)
@ -283,7 +288,7 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
'auth_protocol': 'http',
'private-address': u.valid_ip,
'auth_host': u.valid_ip,
'service_username': 'swift',
'service_username': 's3_swift',
'service_tenant_id': u.not_null,
'service_host': u.valid_ip
}
@ -463,10 +468,6 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
'paste.filter_factory': 'keystonemiddleware.s3_token'
':filter_factory',
'auth_uri': '{}://{}:{}'.format(
auth_protocol,
auth_host,
keystone_relation['service_port']),
'identity_uri': '{}://{}:{}'.format(
auth_protocol,
auth_host,
keystone_relation['auth_port']),

46
unit_tests/test_swift_hooks.py
View File

@ -101,13 +101,23 @@ class SwiftHooksTestCase(unittest.TestCase):
swift_hooks.keystone_joined()
_relation_set.assert_called_with(
service='swift',
region='RegionOne',
public_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
admin_url='http://swift-proxy:1234',
admin_url=None,
internal_url=None,
public_url=None,
region=None,
relation_id=None,
requested_roles='Operator,Monitor',
relation_id=None
s3_admin_url='http://swift-proxy:1234',
s3_internal_url='http://swift-proxy:1234',
s3_public_url='http://swift-proxy:1234',
s3_region='RegionOne',
s3_service='s3',
service=None,
swift_admin_url='http://swift-proxy:1234',
swift_internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
swift_public_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
swift_region='RegionOne',
swift_service='swift'
)
@patch.object(swift_hooks, 'config')
@ -148,14 +158,24 @@ class SwiftHooksTestCase(unittest.TestCase):
swift_hooks.keystone_joined()
_relation_set.assert_called_with(
service='swift',
region='RegionOne',
public_url=('http://public.example.com:1234/'
'v1/AUTH_$(tenant_id)s'),
internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
admin_url='http://swift-proxy:1234',
admin_url=None,
internal_url=None,
public_url=None,
region=None,
relation_id=None,
requested_roles='Operator,Monitor',
relation_id=None
s3_admin_url='http://swift-proxy:1234',
s3_internal_url='http://swift-proxy:1234',
s3_public_url='http://public.example.com:1234',
s3_region='RegionOne',
s3_service='s3',
service=None,
swift_admin_url='http://swift-proxy:1234',
swift_internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
swift_public_url=('http://public.example.com' +
':1234/v1/AUTH_$(tenant_id)s'),
swift_region='RegionOne',
swift_service='swift'
)
@patch.object(swift_hooks.time, 'time')