diff --git a/manifests/proxy.pp b/manifests/proxy.pp index 87b1a671..62fb69c9 100644 --- a/manifests/proxy.pp +++ b/manifests/proxy.pp @@ -65,6 +65,14 @@ # (optional) If True, the proxy will log whenever it has to failover to a handoff node # Defaults to true. # +# [*max_containers_per_account*] +# (optional) If set to a positive value, will limit container number per account. +# Default to 0. +# +# [*max_containers_whitelist*] +# (optional) This is a comma separated list of account hashes that ignore the max_containers_per_account cap. +# Default to $::os_service_default. +# # [*read_affinity*] # (optional) Configures the read affinity of proxy-server. # Defaults to undef. @@ -131,30 +139,32 @@ # class swift::proxy( $proxy_local_net_ip, - $port = '8080', - $pipeline = ['healthcheck', 'cache', 'tempauth', 'proxy-server'], - $workers = $::os_workers, - $allow_account_management = true, - $account_autocreate = true, - $log_headers = 'False', - $log_udp_host = undef, - $log_udp_port = undef, - $log_address = '/dev/log', - $log_level = 'INFO', - $log_facility = 'LOG_LOCAL2', - $log_handoffs = true, - $log_name = 'proxy-server', - $cors_allow_origin = undef, - $strict_cors_mode = true, - $read_affinity = undef, - $write_affinity = undef, - $write_affinity_node_count = undef, - $node_timeout = undef, - $manage_service = true, - $enabled = true, - $package_ensure = 'present', - $service_provider = $::swift::params::service_provider, - $purge_config = false, + $port = '8080', + $pipeline = ['healthcheck', 'cache', 'tempauth', 'proxy-server'], + $workers = $::os_workers, + $allow_account_management = true, + $account_autocreate = true, + $log_headers = 'False', + $log_udp_host = undef, + $log_udp_port = undef, + $log_address = '/dev/log', + $log_level = 'INFO', + $log_facility = 'LOG_LOCAL2', + $log_handoffs = true, + $log_name = 'proxy-server', + $cors_allow_origin = undef, + $strict_cors_mode = true, + $max_containers_per_account = 0, + $max_containers_whitelist = $::os_service_default, + $read_affinity = undef, + $write_affinity = undef, + $write_affinity_node_count = undef, + $node_timeout = undef, + $manage_service = true, + $enabled = true, + $package_ensure = 'present', + $service_provider = $::swift::params::service_provider, + $purge_config = false, ) inherits ::swift::params { include ::swift::deps @@ -201,29 +211,31 @@ class swift::proxy( } swift_proxy_config { - 'DEFAULT/bind_port': value => $port; - 'DEFAULT/bind_ip': value => $proxy_local_net_ip; - 'DEFAULT/workers': value => $workers; - 'DEFAULT/user': value => 'swift'; - 'DEFAULT/log_name': value => $log_name; - 'DEFAULT/log_facility': value => $log_facility; - 'DEFAULT/log_level': value => $log_level; - 'DEFAULT/log_headers': value => $log_headers; - 'DEFAULT/log_address': value => $log_address; - 'DEFAULT/log_udp_host': value => $log_udp_host; - 'DEFAULT/log_udp_port': value => $log_udp_port; - 'pipeline:main/pipeline': value => join($pipeline, ' '); - 'app:proxy-server/use': value => 'egg:swift#proxy'; - 'app:proxy-server/set log_name': value => $log_name; - 'app:proxy-server/set log_facility': value => $log_facility; - 'app:proxy-server/set log_level': value => $log_level; - 'app:proxy-server/set log_address': value => $log_address; - 'app:proxy-server/log_handoffs': value => $log_handoffs; - 'app:proxy-server/allow_account_management': value => $allow_account_management; - 'app:proxy-server/account_autocreate': value => $account_autocreate; - 'app:proxy-server/write_affinity': value => $write_affinity; - 'app:proxy-server/write_affinity_node_count': value => $write_affinity_node_count; - 'app:proxy-server/node_timeout': value => $node_timeout; + 'DEFAULT/bind_port': value => $port; + 'DEFAULT/bind_ip': value => $proxy_local_net_ip; + 'DEFAULT/workers': value => $workers; + 'DEFAULT/user': value => 'swift'; + 'DEFAULT/log_name': value => $log_name; + 'DEFAULT/log_facility': value => $log_facility; + 'DEFAULT/log_level': value => $log_level; + 'DEFAULT/log_headers': value => $log_headers; + 'DEFAULT/log_address': value => $log_address; + 'DEFAULT/log_udp_host': value => $log_udp_host; + 'DEFAULT/log_udp_port': value => $log_udp_port; + 'pipeline:main/pipeline': value => join($pipeline, ' '); + 'app:proxy-server/use': value => 'egg:swift#proxy'; + 'app:proxy-server/set log_name': value => $log_name; + 'app:proxy-server/set log_facility': value => $log_facility; + 'app:proxy-server/set log_level': value => $log_level; + 'app:proxy-server/set log_address': value => $log_address; + 'app:proxy-server/log_handoffs': value => $log_handoffs; + 'app:proxy-server/allow_account_management': value => $allow_account_management; + 'app:proxy-server/account_autocreate': value => $account_autocreate; + 'app:proxy-server/max_containers_per_account': value => $max_containers_per_account; + 'app:proxy-server/max_containers_whitelist': value => $max_containers_whitelist; + 'app:proxy-server/write_affinity': value => $write_affinity; + 'app:proxy-server/write_affinity_node_count': value => $write_affinity_node_count; + 'app:proxy-server/node_timeout': value => $node_timeout; } if $cors_allow_origin { diff --git a/releasenotes/notes/swift-max-containers-per-account-f033e8f28c87a802.yaml b/releasenotes/notes/swift-max-containers-per-account-f033e8f28c87a802.yaml new file mode 100644 index 00000000..7f9333fe --- /dev/null +++ b/releasenotes/notes/swift-max-containers-per-account-f033e8f28c87a802.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Added new parameters max_containers_per_account and + max_containers_whitelist to proxy class that can be used to configure + the maximum authorized container number for an account. diff --git a/spec/classes/swift_proxy_spec.rb b/spec/classes/swift_proxy_spec.rb index cc078e17..b0c7d1fa 100644 --- a/spec/classes/swift_proxy_spec.rb +++ b/spec/classes/swift_proxy_spec.rb @@ -65,6 +65,8 @@ describe 'swift::proxy' do it { should contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true') } it { should contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('true') } it { should contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('true') } + it { should contain_swift_proxy_config('app:proxy-server/max_containers_per_account').with_value(0) } + it { should contain_swift_proxy_config('app:proxy-server/max_containers_whitelist').with_value('') } it { should contain_service('swift-proxy-server').with_require([ 'Class[Swift::Proxy::Healthcheck]', @@ -96,19 +98,21 @@ describe 'swift::proxy' do let :params do { - :proxy_local_net_ip => '10.0.0.2', - :port => '80', - :workers => 3, - :pipeline => ['swauth', 'proxy-server'], - :allow_account_management => false, - :account_autocreate => false, - :log_level => 'DEBUG', - :log_name => 'swift-proxy-server', - :read_affinity => 'r1z1=100, r1=200', - :write_affinity => 'r1', - :write_affinity_node_count => '2 * replicas', - :node_timeout => '20', - :cors_allow_origin => 'http://foo.bar:1234,https://foo.bar', + :proxy_local_net_ip => '10.0.0.2', + :port => '80', + :workers => 3, + :pipeline => ['swauth', 'proxy-server'], + :allow_account_management => false, + :account_autocreate => false, + :log_level => 'DEBUG', + :log_name => 'swift-proxy-server', + :max_containers_per_account => 10, + :max_containers_whitelist => 'project1,project2', + :read_affinity => 'r1z1=100, r1=200', + :write_affinity => 'r1', + :write_affinity_node_count => '2 * replicas', + :node_timeout => '20', + :cors_allow_origin => 'http://foo.bar:1234,https://foo.bar', } end @@ -132,6 +136,8 @@ describe 'swift::proxy' do it { should contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true') } it { should contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('false') } it { should contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('false') } + it { should contain_swift_proxy_config('app:proxy-server/max_containers_per_account').with_value(10) } + it { should contain_swift_proxy_config('app:proxy-server/max_containers_whitelist').with_value('project1,project2') } it { should contain_swift_proxy_config('app:proxy-server/sorting_method').with_value('affinity') } it { should contain_swift_proxy_config('app:proxy-server/read_affinity').with_value('r1z1=100, r1=200') } it { should contain_swift_proxy_config('app:proxy-server/write_affinity').with_value('r1') }