Remove swift credentials from Jenkins slaves.

Glance "unit" tests previously connected to a remote swift object store, but this test has not run in some time... known since the credentials it was configured to use have been invalid for a while and nobody noticed. These credentials are sensitive--or at least would be if they were accurate--and thus should not be present on Jenkins unit test slaves for security reasons. Change-Id: Ic4341f7d53209af31c37a4207ab9eff00aa48879 Reviewed-on: https://review.openstack.org/25920 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Anita Kuno <akuno@lavabit.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-04-02 17:13:05 +00:00 · 2013-04-02 17:13:05 +00:00 · c7f41fd9b8
commit c7f41fd9b8
parent ac538fdb38
3 changed files with 2 additions and 69 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -292,9 +292,6 @@ node /^quantal.*\.slave\.openstack\.org$/ {
    s3_store_access_key   => hiera('s3_store_access_key'),
    s3_store_secret_key   => hiera('s3_store_secret_key'),
    s3_store_bucket       => hiera('s3_store_bucket'),
-    swift_store_user      => hiera('swift_store_user'),
-    swift_store_key       => hiera('swift_store_key'),
-    swift_store_container => hiera('swift_store_container'),
  }
  include jenkins::cgroups
  include ulimit
@ -316,9 +313,6 @@ node /^precise.*\.slave\.openstack\.org$/ {
    s3_store_access_key   => hiera('s3_store_access_key'),
    s3_store_secret_key   => hiera('s3_store_secret_key'),
    s3_store_bucket       => hiera('s3_store_bucket'),
-    swift_store_user      => hiera('swift_store_user'),
-    swift_store_key       => hiera('swift_store_key'),
-    swift_store_container => hiera('swift_store_container'),
  }
  include jenkins::cgroups
  include ulimit
@ -340,9 +334,6 @@ node /^oneiric.*\.slave\.openstack\.org$/ {
    s3_store_access_key   => hiera('s3_store_access_key'),
    s3_store_secret_key   => hiera('s3_store_secret_key'),
    s3_store_bucket       => hiera('s3_store_bucket'),
-    swift_store_user      => hiera('swift_store_user'),
-    swift_store_key       => hiera('swift_store_key'),
-    swift_store_container => hiera('swift_store_container'),
  }
  include jenkins::cgroups
  include ulimit
@ -365,9 +356,6 @@ node /^rhel6.*\.slave\.openstack\.org$/ {
    s3_store_access_key   => hiera('s3_store_access_key'),
    s3_store_secret_key   => hiera('s3_store_secret_key'),
    s3_store_bucket       => hiera('s3_store_bucket'),
-    swift_store_user      => hiera('swift_store_user'),
-    swift_store_key       => hiera('swift_store_key'),
-    swift_store_container => hiera('swift_store_container'),
  }
  include jenkins::cgroups
  include ulimit
--- a/modules/openstack_project/manifests/glancetest.pp
+++ b/modules/openstack_project/manifests/glancetest.pp
@ -4,11 +4,7 @@ class openstack_project::glancetest(
  $s3_store_access_key = '',
  $s3_store_secret_key = '',
  $s3_store_bucket = '',
-  $swift_store_user = '',
-  $swift_store_key = '',
-  $swift_store_container = '',
  $s3_store_host = 's3.amazonaws.com',
-  $swift_store_auth_address = 'auth.api.rackspacecloud.com/v1.0/'
 ) {

  file { 'jenkinsglanceconfigdir':
@ -30,13 +26,7 @@ class openstack_project::glancetest(
    content => template('openstack_project/glance_s3.conf.erb'),
  }

-  file { 'glanceswiftconf':
-    ensure  => present,
-    name    => '/home/jenkins/.config/glance/swift.conf',
-    owner   => 'jenkins',
-    group   => 'jenkins',
-    mode    => '0400',
-    require => File['jenkinsglanceconfigdir'],
-    content => template('openstack_project/glance_swift.conf.erb'),
+  file { '/home/jenkins/.config/glance/swift.conf':
+    ensure => absent,
  }
 }
--- a/modules/openstack_project/templates/glance_swift.conf.erb
+++ b/modules/openstack_project/templates/glance_swift.conf.erb
@ -1,45 +0,0 @@
-[DEFAULT]
-# Which backend store should Glance use by default is not specified
-# in a request to add a new image to Glance? Default: 'file'
-# Available choices are 'file', 'swift', and 's3'
-default_store = swift
-
-# ============ Swift Store Options =============================
-
-# Address where the Swift authentication service lives
-swift_store_auth_address = <%= swift_store_auth_address %>
-
-# User to authenticate against the Swift authentication service
-swift_store_user = <%= swift_store_user %>
-
-# Auth key for the user authenticating against the
-# Swift authentication service
-swift_store_key = <%= swift_store_key %>
-
-# Container within the account that the account should use
-# for storing images in Swift
-swift_store_container = <%= swift_store_container %>
-
-# Do we create the container if it does not exist?
-swift_store_create_container_on_put = False
-
-[pipeline:glance-api]
-pipeline = versionnegotiation context apiv1app
-
-[pipeline:versions]
-pipeline = versionsapp
-
-[app:versionsapp]
-paste.app_factory = glance.api.versions:app_factory
-
-[app:apiv1app]
-paste.app_factory = glance.api.v1:app_factory
-
-[filter:versionnegotiation]
-paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
-
-[filter:imagecache]
-paste.filter_factory = glance.api.middleware.image_cache:filter_factory
-
-[filter:context]
-paste.filter_factory = glance.common.context:filter_factory