From a256263c79236be8adc0ea5176c0e4512c5a135b Mon Sep 17 00:00:00 2001
From: Edward Hope-Morley <edward.hope-morley@canonical.com>
Date: Wed, 13 Dec 2017 19:10:56 +0000
Subject: [PATCH] Fix S3 API for >= Kilo

From Kilo onwards the swift-proxy charm is
misconfiguring the swift3 middleware such that
the api is unable to respond to any requests.
We fix this by providing working config for
Kilo onwards.

NOTE: see LP for full explanation but due to
problems with package version mismatches in the
UCA this patch only fixes Trusty Kilo, (L is
EOL) and Xenial Mitaka.

Change-Id: Ice5690e7f06ffc78dd20b53b67dffc6bd72b2613
Closes-Bug: 1738063
---
 templates/kilo/proxy-server.conf   | 10 +++++++--
 templates/mitaka/proxy-server.conf |  8 ++++++-
 tests/basic_deployment.py          | 34 ++++++++++++++++++------------
 3 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/templates/kilo/proxy-server.conf b/templates/kilo/proxy-server.conf
index 51dc2fd..091eb3f 100644
--- a/templates/kilo/proxy-server.conf
+++ b/templates/kilo/proxy-server.conf
@@ -106,8 +106,14 @@ signing_dir = {{ signing_dir }}
 cache = swift.cache
 
 [filter:s3token]
-paste.filter_factory = keystonemiddleware.s3_token:filter_factory
-auth_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
+paste.filter_factory = keystoneclient.middleware.s3_token:filter_factory
+service_host = {{ keystone_host }}
+service_port = {{ service_port }}
+auth_port = {{ auth_port }}
+auth_host = {{ keystone_host }}
+auth_protocol = {{ auth_protocol }}
+auth_token = {{ admin_token }}
+admin_token = {{ admin_token }}
 
 [filter:swift3]
 use = egg:swift3#swift3
diff --git a/templates/mitaka/proxy-server.conf b/templates/mitaka/proxy-server.conf
index 52e7035..46be548 100644
--- a/templates/mitaka/proxy-server.conf
+++ b/templates/mitaka/proxy-server.conf
@@ -117,7 +117,13 @@ cache = swift.cache
 
 [filter:s3token]
 paste.filter_factory = keystonemiddleware.s3_token:filter_factory
-auth_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
+service_host = {{ keystone_host }}
+service_port = {{ service_port }}
+auth_port = {{ auth_port }}
+auth_host = {{ keystone_host }}
+auth_protocol = {{ auth_protocol }}
+auth_token = {{ admin_token }}
+admin_token = {{ admin_token }}
 
 [filter:swift3]
 use = egg:swift3#swift3
diff --git a/tests/basic_deployment.py b/tests/basic_deployment.py
index b4a7680..a091024 100644
--- a/tests/basic_deployment.py
+++ b/tests/basic_deployment.py
@@ -475,6 +475,16 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
                 ' proxy-logging proxy-server'
             }
 
+        s3_token_auth_settings_legacy = {
+            'auth_port': keystone_relation['auth_port'],
+            'auth_host': keystone_relation['auth_host'],
+            'service_host': keystone_relation['service_host'],
+            'service_port': keystone_relation['service_port'],
+            'auth_protocol': keystone_relation['auth_protocol'],
+            'auth_token': keystone_relation['admin_token'],
+            'admin_token': keystone_relation['admin_token']
+        }
+
         if self._get_openstack_release() >= self.trusty_kilo:
             # Kilo and later
             expected['filter:authtoken'].update({
@@ -503,13 +513,17 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
                 })
             expected['filter:s3token'] = {
                 # No section commonality with J and earlier
-                'paste.filter_factory': 'keystonemiddleware.s3_token'
+                'paste.filter_factory': 'keystoneclient.middleware.s3_token'
                                         ':filter_factory',
-                'auth_uri': '{}://{}:{}'.format(
-                    auth_protocol,
-                    auth_host,
-                    keystone_relation['auth_port']),
             }
+            expected['filter:s3token'].update(s3_token_auth_settings_legacy)
+
+            if self._get_openstack_release() >= self.trusty_mitaka:
+                expected['filter:s3token']['paste.filter_factory'] = \
+                    'keystonemiddleware.s3_token:filter_factory'
+
+            # NOTE(hopem): this will need extending for newer releases once
+            #              swift-plugin-s3 is updated in UCA. See LP: #1738063
         else:
             # Juno and earlier
             expected['filter:authtoken'].update({
@@ -522,15 +536,9 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
             expected['filter:s3token'] = {
                 # No section commonality with K and later
                 'paste.filter_factory': 'keystoneclient.middleware.'
-                                        's3_token:filter_factory',
-                'auth_port': keystone_relation['auth_port'],
-                'auth_host': keystone_relation['auth_host'],
-                'service_host': keystone_relation['service_host'],
-                'service_port': keystone_relation['service_port'],
-                'auth_protocol': keystone_relation['auth_protocol'],
-                'auth_token': keystone_relation['admin_token'],
-                'admin_token': keystone_relation['admin_token']
+                's3_token:filter_factory',
             }
+            expected['filter:s3token'].update(s3_token_auth_settings_legacy)
 
         for section, pairs in expected.items():
             ret = u.validate_config_data(unit, conf, section, pairs)