Fix S3 support, register endpoint in keystone
This change registers the configured S3 proxy with Keystone, so that your cloud knows about the S3 endpoints. Also includes an update to ensure that the s3token middleware authenticates against the correct keystone endpoint. Change-Id: I07d25df6332028a99e0bf79b39f998f84613a4fc
This commit is contained in:
parent
3d53a58984
commit
25a2ea7fdd
@ -196,9 +196,23 @@ def keystone_joined(relid=None):
|
||||
region = config('region')
|
||||
roles = config('operator-roles')
|
||||
|
||||
relation_set(service='swift', region=region, public_url=public_url,
|
||||
internal_url=internal_url, admin_url=admin_url,
|
||||
requested_roles=roles, relation_id=relid)
|
||||
s3_public_url = ('%s:%s' %
|
||||
(canonical_url(CONFIGS, PUBLIC), port))
|
||||
s3_internal_url = ('%s:%s' %
|
||||
(canonical_url(CONFIGS, INTERNAL), port))
|
||||
s3_admin_url = '%s:%s' % (canonical_url(CONFIGS, ADMIN), port)
|
||||
|
||||
relation_set(requested_roles=roles, relation_id=relid,
|
||||
region=None, public_url=None,
|
||||
internal_url=None, admin_url=None, service=None,
|
||||
swift_service='swift', swift_region=region,
|
||||
swift_public_url=public_url,
|
||||
swift_internal_url=internal_url,
|
||||
swift_admin_url=admin_url,
|
||||
s3_service='s3', s3_region=region,
|
||||
s3_public_url=s3_public_url,
|
||||
s3_admin_url=s3_admin_url,
|
||||
s3_internal_url=s3_internal_url)
|
||||
|
||||
|
||||
@hooks.hook('identity-service-relation-changed')
|
||||
|
@ -91,11 +91,7 @@ cache = swift.cache
|
||||
|
||||
[filter:s3token]
|
||||
paste.filter_factory = keystonemiddleware.s3_token:filter_factory
|
||||
identity_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
|
||||
auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
|
||||
admin_tenant_name = {{ service_tenant }}
|
||||
admin_user = {{ service_user }}
|
||||
admin_password = {{ service_password }}
|
||||
auth_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
|
||||
|
||||
[filter:swift3]
|
||||
use = egg:swift3#swift3
|
||||
|
@ -201,7 +201,7 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
|
||||
'tenantId': u.not_null,
|
||||
'id': u.not_null,
|
||||
'email': u'juju@localhost'}
|
||||
user4 = {'name': 'swift',
|
||||
user4 = {'name': 's3_swift',
|
||||
'enabled': True,
|
||||
'tenantId': u.not_null,
|
||||
'id': u.not_null,
|
||||
@ -223,7 +223,7 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
|
||||
'id': u.not_null}
|
||||
|
||||
expected = {'image': [endpoint_id], 'object-store': [endpoint_id],
|
||||
'identity': [endpoint_id]}
|
||||
'identity': [endpoint_id], 's3': [endpoint_id]}
|
||||
actual = self.keystone_demo.service_catalog.get_endpoints()
|
||||
|
||||
ret = u.validate_svc_catalog_endpoint_data(expected, actual)
|
||||
@ -254,13 +254,18 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
|
||||
unit = self.swift_proxy_sentry
|
||||
relation = ['identity-service', 'keystone:identity-service']
|
||||
expected = {
|
||||
'service': 'swift',
|
||||
'region': 'RegionOne',
|
||||
'public_url': u.valid_url,
|
||||
'internal_url': u.valid_url,
|
||||
'swift_service': 'swift',
|
||||
'swift_region': 'RegionOne',
|
||||
'swift_public_url': u.valid_url,
|
||||
'swift_internal_url': u.valid_url,
|
||||
'swift_admin_url': u.valid_url,
|
||||
's3_service': 's3',
|
||||
's3_region': 'RegionOne',
|
||||
's3_public_url': u.valid_url,
|
||||
's3_internal_url': u.valid_url,
|
||||
's3_admin_url': u.valid_url,
|
||||
'private-address': u.valid_ip,
|
||||
'requested_roles': 'Member,Admin',
|
||||
'admin_url': u.valid_url
|
||||
}
|
||||
|
||||
ret = u.validate_relation_data(unit, relation, expected)
|
||||
@ -283,7 +288,7 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
|
||||
'auth_protocol': 'http',
|
||||
'private-address': u.valid_ip,
|
||||
'auth_host': u.valid_ip,
|
||||
'service_username': 'swift',
|
||||
'service_username': 's3_swift',
|
||||
'service_tenant_id': u.not_null,
|
||||
'service_host': u.valid_ip
|
||||
}
|
||||
@ -463,10 +468,6 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
|
||||
'paste.filter_factory': 'keystonemiddleware.s3_token'
|
||||
':filter_factory',
|
||||
'auth_uri': '{}://{}:{}'.format(
|
||||
auth_protocol,
|
||||
auth_host,
|
||||
keystone_relation['service_port']),
|
||||
'identity_uri': '{}://{}:{}'.format(
|
||||
auth_protocol,
|
||||
auth_host,
|
||||
keystone_relation['auth_port']),
|
||||
|
@ -101,13 +101,23 @@ class SwiftHooksTestCase(unittest.TestCase):
|
||||
swift_hooks.keystone_joined()
|
||||
|
||||
_relation_set.assert_called_with(
|
||||
service='swift',
|
||||
region='RegionOne',
|
||||
public_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
|
||||
internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
|
||||
admin_url='http://swift-proxy:1234',
|
||||
admin_url=None,
|
||||
internal_url=None,
|
||||
public_url=None,
|
||||
region=None,
|
||||
relation_id=None,
|
||||
requested_roles='Operator,Monitor',
|
||||
relation_id=None
|
||||
s3_admin_url='http://swift-proxy:1234',
|
||||
s3_internal_url='http://swift-proxy:1234',
|
||||
s3_public_url='http://swift-proxy:1234',
|
||||
s3_region='RegionOne',
|
||||
s3_service='s3',
|
||||
service=None,
|
||||
swift_admin_url='http://swift-proxy:1234',
|
||||
swift_internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
|
||||
swift_public_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
|
||||
swift_region='RegionOne',
|
||||
swift_service='swift'
|
||||
)
|
||||
|
||||
@patch.object(swift_hooks, 'config')
|
||||
@ -148,14 +158,24 @@ class SwiftHooksTestCase(unittest.TestCase):
|
||||
swift_hooks.keystone_joined()
|
||||
|
||||
_relation_set.assert_called_with(
|
||||
service='swift',
|
||||
region='RegionOne',
|
||||
public_url=('http://public.example.com:1234/'
|
||||
'v1/AUTH_$(tenant_id)s'),
|
||||
internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
|
||||
admin_url='http://swift-proxy:1234',
|
||||
admin_url=None,
|
||||
internal_url=None,
|
||||
public_url=None,
|
||||
region=None,
|
||||
relation_id=None,
|
||||
requested_roles='Operator,Monitor',
|
||||
relation_id=None
|
||||
s3_admin_url='http://swift-proxy:1234',
|
||||
s3_internal_url='http://swift-proxy:1234',
|
||||
s3_public_url='http://public.example.com:1234',
|
||||
s3_region='RegionOne',
|
||||
s3_service='s3',
|
||||
service=None,
|
||||
swift_admin_url='http://swift-proxy:1234',
|
||||
swift_internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s',
|
||||
swift_public_url=('http://public.example.com' +
|
||||
':1234/v1/AUTH_$(tenant_id)s'),
|
||||
swift_region='RegionOne',
|
||||
swift_service='swift'
|
||||
)
|
||||
|
||||
@patch.object(swift_hooks.time, 'time')
|
||||
|
Loading…
Reference in New Issue
Block a user