Drop support of swauth for Train and later

swauth is no longer maintained as of OpenStack Train [1] so we need to stop supporting it for OpenStack Train and later. [1] https://opendev.org/x/swauth Closes-Bug: #1851394 Change-Id: Ic2345427951a311477d6808077fb18b248036b82
2020-01-07 14:13:04 -05:00 · 2020-01-07 14:13:04 -05:00 · 1b47612f87
commit 1b47612f87
parent e31253d15b
9 changed files with 200 additions and 10 deletions
--- a/actions.yaml
+++ b/actions.yaml
@ -2,6 +2,7 @@ add-user:
  description: |
    Add a user to swauth.
    This adds a given user / pass to swauth. Auth-type must be set to swauth.
+    Note that swauth is not supported for OpenStack Train and later.
  params:
    account:
      type: string
--- a/actions/add_user.py
+++ b/actions/add_user.py
@ -43,18 +43,29 @@ from charmhelpers.core.hookenv import (
    log,
 )

-from lib.swift_utils import (
-    try_initialize_swauth,
+from charmhelpers.contrib.openstack.utils import (
+    os_release,
+    CompareOpenStackReleases,
 )

 from charmhelpers.contrib.hahelpers.cluster import (
    determine_api_port,
 )

+from lib.swift_utils import (
+    try_initialize_swauth,
+)
+

 def add_user():
    """Add a swauth user to swift."""
    if config('auth-type') == 'swauth':
+        cmp_openstack = CompareOpenStackReleases(os_release('swift'))
+        if cmp_openstack >= 'train':
+            message = "swauth is not supported for OpenStack Train and later"
+            log(message)
+            action_fail(message)
+            return None
        try_initialize_swauth()
        account = action_get('account')
        username = action_get('username')
--- a/config.yaml
+++ b/config.yaml
@ -63,11 +63,13 @@ options:
  auth-type:
    type: string
    default: tempauth
-    description: Auth method to use, tempauth, swauth or keystone
+    description: Auth method to use, tempauth, swauth or keystone. Note
+      that swauth is not supported for OpenStack Train and later.
  swauth-admin-key:
    type: string
    default: 
    description: The secret key to use to authenticate as an swauth admin
+      Note that swauth is not supported for OpenStack Train and later.
  delay-auth-decision:
    type: boolean
    default: true
--- a/lib/swift_context.py
+++ b/lib/swift_context.py
@ -145,9 +145,12 @@ class SwiftIdentityContext(OSContextGenerator):
            'write_affinity_node_count': get_write_affinity_node_count()
        }

-        admin_key = leader_get('swauth-admin-key')
-        if admin_key is not None:
-            ctxt['swauth_admin_key'] = admin_key
+        cmp_openstack = CompareOpenStackReleases(os_release('swift'))
+        if cmp_openstack < 'train':
+            # swauth is no longer supported for OpenStack Train and later
+            admin_key = leader_get('swauth-admin-key')
+            if admin_key is not None:
+                ctxt['swauth_admin_key'] = admin_key

        if config('debug'):
            ctxt['log_level'] = 'DEBUG'
--- a/lib/swift_utils.py
+++ b/lib/swift_utils.py
@ -354,6 +354,10 @@ class SwiftProxyClusterRPC(object):


 def try_initialize_swauth():
+    cmp_openstack = CompareOpenStackReleases(os_release('swift'))
+    if cmp_openstack >= 'train':
+        # swauth is no longer maintained as of openstack train
+        return None
    if is_leader() and config('auth-type') == 'swauth':
        if leader_get('swauth-init') is not True:
            try:
@ -499,6 +503,8 @@ def determine_packages(release):
    if cmp_openstack >= 'train':
        pkgs = [p for p in pkgs if not p.startswith('python-')]
        pkgs.extend(PY3_PACKAGES)
+        # swauth is no longer maintained as of openstack train
+        pkgs.remove('swauth')
    return pkgs


--- a/templates/train/proxy-server.conf
+++ b/templates/train/proxy-server.conf
@ -0,0 +1,158 @@
+# rocky
+[DEFAULT]
+bind_port = {{ bind_port }}
+workers = {{ workers }}
+user = swift
+bind_ip = {{ bind_host }}
+log_name = swift
+log_facility = LOG_LOCAL0
+log_level = {{ log_level }}
+log_address = /dev/log
+log_headers = {{ log_headers }}
+
+{% if statsd_host %}
+log_statsd_host = {{ statsd_host }}
+log_statsd_port = {{ statsd_port }}
+log_statsd_default_sample_rate = {{ statsd_sample_rate }}
+{% endif %}
+
+{% if ssl %}
+cert_file = {{ ssl_cert }}
+key_file = {{ ssl_key }}
+{% endif %}
+
+{% if auth_type == 'keystone' %}
+[pipeline:main]
+{% if transport_url %}
+pipeline = ceilometer catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit formpost authtoken s3api s3token keystoneauth staticweb copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server
+{% else %}
+pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit formpost authtoken s3api s3token keystoneauth staticweb copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server
+{% endif %}
+{% else %}
+[pipeline:main]
+pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl slo dlo formpost {{ auth_type }} staticweb versioned_writes container-quotas account-quotas proxy-logging proxy-server
+{% endif %}
+
+[app:proxy-server]
+use = egg:swift#proxy
+allow_account_management = true
+{% if auth_type == 'keystone' %}account_autocreate = true{% endif %}
+node_timeout = {{ node_timeout }}
+recoverable_node_timeout = {{ recoverable_node_timeout }}
+{% if enable_multi_region %}
+sorting_method = affinity
+{% if read_affinity %}
+read_affinity = {{ read_affinity }}
+{% endif %}
+{% if write_affinity %}
+write_affinity = {{ write_affinity }}
+{% endif %}
+{% if write_affinity_node_count %}
+write_affinity_node_count = {{ write_affinity_node_count }}
+{% endif %}
+{% endif %}
+
+[filter:tempauth]
+use = egg:swift#tempauth
+user_system_root = testpass .admin https://{{ proxy_ip }}:8080/v1/AUTH_system
+
+[filter:healthcheck]
+use = egg:swift#healthcheck
+
+[filter:cache]
+use = egg:swift#memcache
+memcache_servers = {{ memcached_ip }}:11211
+
+[filter:account-quotas]
+use = egg:swift#account_quotas
+
+[filter:container-quotas]
+use = egg:swift#container_quotas
+
+[filter:proxy-logging]
+use = egg:swift#proxy_logging
+
+[filter:staticweb]
+use = egg:swift#staticweb
+
+[filter:bulk]
+use = egg:swift#bulk
+
+[filter:slo]
+use = egg:swift#slo
+{% if static_large_object_segments and static_large_object_segments > 0 %}
+max_manifest_size = 536870912
+max_manifest_segments = {{ static_large_object_segments }}
+{% endif %}
+
+[filter:dlo]
+use = egg:swift#dlo
+
+[filter:formpost]
+use = egg:swift#formpost
+
+[filter:tempurl]
+use = egg:swift#tempurl
+
+[filter:catch_errors]
+use = egg:swift#catch_errors
+
+[filter:versioned_writes]
+use = egg:swift#versioned_writes
+
+[filter:container_sync]
+use = egg:swift#container_sync
+
+[filter:gatekeeper]
+use = egg:swift#gatekeeper
+
+[filter:ratelimit]
+use = egg:swift#ratelimit
+
+[filter:copy]
+use = egg:swift#copy
+
+[filter:symlink]
+use = egg:swift#symlink
+
+{% if auth_type == 'keystone' %}
+[filter:keystoneauth]
+use = egg:swift#keystoneauth
+operator_roles = {{ operator_roles }}
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+identity_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
+auth_plugin = password
+auth_url = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
+auth_version = 3
+username = {{ service_user }}
+password = {{ service_password }}
+project_domain_name = {{ admin_domain_name }}
+user_domain_name = {{ admin_domain_name }}
+project_name = {{ admin_tenant_name }}
+delay_auth_decision = {{ delay_auth_decision|lower }}
+signing_dir = {{ signing_dir }}
+cache = swift.cache
+
+[filter:s3token]
+use = egg:swift#s3token
+auth_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
+auth_version = 3
+
+[filter:s3api]
+use = egg:swift#s3api
+{% if location -%}
+location = {{ location }}
+{% endif -%}
+{% endif %}
+
+{% if transport_url -%}
+[filter:ceilometer]
+paste.filter_factory = ceilometermiddleware.swift:filter_factory
+url = {{ transport_url }}
+driver = messagingv2
+topic = notifications
+log_level = WARN
+{% endif -%}
--- a/unit_tests/test_actions.py
+++ b/unit_tests/test_actions.py
@ -215,9 +215,11 @@ class AddUserTestCase(CharmTestCase):
                               "action_fail", "check_call",
                               "try_initialize_swauth", "config",
                               "determine_api_port", "leader_get"])
+        self.mock_os_release = self.patch('os_release')

    def test_success(self):
        """Ensure that the action_set is called on succees."""
+        self.mock_os_release.return_value = "queens"
        self.config.return_value = "swauth"
        self.action_get.return_value = "test"
        self.determine_api_port.return_value = 8070
@ -232,6 +234,7 @@ class AddUserTestCase(CharmTestCase):

    def test_failure(self):
        """Ensure that action_fail is called on failure."""
+        self.mock_os_release.return_value = "queens"
        self.config.return_value = "swauth"
        self.action_get.return_value = "test"
        self.determine_api_port.return_value = 8070
--- a/unit_tests/test_swift_context.py
+++ b/unit_tests/test_swift_context.py
@ -25,6 +25,7 @@ with mock.patch('charmhelpers.core.hookenv.config'):

 class SwiftIdentityContextTest(unittest.TestCase):

+    @mock.patch('lib.swift_context.os_release')
    @mock.patch('lib.swift_context.leader_get')
    @mock.patch('lib.swift_context.relation_get')
    @mock.patch('lib.swift_context.related_units')
@ -38,7 +39,7 @@ class SwiftIdentityContextTest(unittest.TestCase):
                            mock_unit_get, mock_determine_api_port,
                            mock_IdentityServiceContext, mock_relation_ids,
                            mock_related_units, mock_relation_get,
-                            mock_leader_get):
+                            mock_leader_get, mock_os_release):
        _relinfo = {
            'auth_protocol': 'http',
            'service_protocol': 'http',
@ -56,9 +57,11 @@ class SwiftIdentityContextTest(unittest.TestCase):
        mock_relation_ids.return_value = ['rid1']
        mock_related_units.return_value = ['ksunit/0']
        mock_relation_get.side_effect = lambda x, y, z: _relinfo[x]
+        mock_os_release.return_value = 'queens'
        ctxt = swift_context.SwiftIdentityContext()
        self.assertEqual(ctxt()['api_version'], '2')

+    @mock.patch('lib.swift_context.os_release')
    @mock.patch('lib.swift_context.leader_get')
    @mock.patch('lib.swift_context.relation_get')
    @mock.patch('lib.swift_context.related_units')
@ -72,7 +75,7 @@ class SwiftIdentityContextTest(unittest.TestCase):
                            mock_unit_get, mock_determine_api_port,
                            mock_IdentityServiceContext, mock_relation_ids,
                            mock_related_units, mock_relation_get,
-                            mock_leader_get):
+                            mock_leader_get, mock_os_release):
        _relinfo = {
            'auth_protocol': 'http',
            'service_protocol': 'http',
@ -94,6 +97,7 @@ class SwiftIdentityContextTest(unittest.TestCase):
        mock_related_units.return_value = ['ksunit/0']
        mock_relation_get.side_effect = lambda x, y, z: _relinfo[x]
        mock_config.return_value = None
+        mock_os_release.return_value = 'queens'
        ctxt = swift_context.SwiftIdentityContext()
        self.assertEqual(ctxt()['api_version'], '3')
        self.assertEqual(ctxt()['admin_domain_id'], 'admin_dom_id')
--- a/unit_tests/test_swift_utils.py
+++ b/unit_tests/test_swift_utils.py
@ -565,6 +565,7 @@ class SwiftUtilsTestCase(unittest.TestCase):
            charm_func=swift_utils.customer_check_assess_status,
            services='s1', ports=None)

+    @mock.patch.object(swift_utils, 'os_release')
    @mock.patch.object(swift_utils, 'leader_set')
    @mock.patch.object(swift_utils, 'determine_api_port')
    @mock.patch.object(swift_utils, 'is_leader')
@ -572,7 +573,8 @@ class SwiftUtilsTestCase(unittest.TestCase):
    @mock.patch.object(swift_utils, 'leader_get')
    @mock.patch.object(subprocess, 'check_call')
    def test_config_and_leader_get(self, check_call, leader_get, config,
-                                   is_leader, determine_api_port, leader_set):
+                                   is_leader, determine_api_port, leader_set,
+                                   os_release):
        """Ensure that we config_get, and then leader_get."""
        config.side_effect = lambda key: {
            'auth-type': 'swauth',
@ -581,6 +583,7 @@ class SwiftUtilsTestCase(unittest.TestCase):
        determine_api_port.return_value = 8080
        is_leader.return_value = True
        leader_get.return_value = "Test"
+        os_release.return_value = "queens"
        swift_utils.try_initialize_swauth()
        check_call.assert_called_with(['swauth-prep',
                                       '-A',
@ -707,7 +710,6 @@ class SwiftUtilsTestCase(unittest.TestCase):
             'swift-proxy',
             'memcached',
             'apache2',
-             'swauth',
             'python3-ceilometermiddleware',
             'python3-keystonemiddleware',
             'python3-six',