From 25a2ea7fdde1307e95622cf626ed531a7689c26b Mon Sep 17 00:00:00 2001 From: Chris MacNaughton Date: Tue, 14 Jun 2016 11:20:45 -0400 Subject: [PATCH] Fix S3 support, register endpoint in keystone This change registers the configured S3 proxy with Keystone, so that your cloud knows about the S3 endpoints. Also includes an update to ensure that the s3token middleware authenticates against the correct keystone endpoint. Change-Id: I07d25df6332028a99e0bf79b39f998f84613a4fc --- hooks/swift_hooks.py | 20 +++++++++++--- templates/kilo/proxy-server.conf | 6 +---- tests/basic_deployment.py | 25 ++++++++--------- unit_tests/test_swift_hooks.py | 46 +++++++++++++++++++++++--------- 4 files changed, 64 insertions(+), 33 deletions(-) diff --git a/hooks/swift_hooks.py b/hooks/swift_hooks.py index b54f221..57afa32 100755 --- a/hooks/swift_hooks.py +++ b/hooks/swift_hooks.py @@ -196,9 +196,23 @@ def keystone_joined(relid=None): region = config('region') roles = config('operator-roles') - relation_set(service='swift', region=region, public_url=public_url, - internal_url=internal_url, admin_url=admin_url, - requested_roles=roles, relation_id=relid) + s3_public_url = ('%s:%s' % + (canonical_url(CONFIGS, PUBLIC), port)) + s3_internal_url = ('%s:%s' % + (canonical_url(CONFIGS, INTERNAL), port)) + s3_admin_url = '%s:%s' % (canonical_url(CONFIGS, ADMIN), port) + + relation_set(requested_roles=roles, relation_id=relid, + region=None, public_url=None, + internal_url=None, admin_url=None, service=None, + swift_service='swift', swift_region=region, + swift_public_url=public_url, + swift_internal_url=internal_url, + swift_admin_url=admin_url, + s3_service='s3', s3_region=region, + s3_public_url=s3_public_url, + s3_admin_url=s3_admin_url, + s3_internal_url=s3_internal_url) @hooks.hook('identity-service-relation-changed') diff --git a/templates/kilo/proxy-server.conf b/templates/kilo/proxy-server.conf index 3b9e9ae..0c0bf13 100644 --- a/templates/kilo/proxy-server.conf +++ b/templates/kilo/proxy-server.conf @@ -91,11 +91,7 @@ cache = swift.cache [filter:s3token] paste.filter_factory = keystonemiddleware.s3_token:filter_factory -identity_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }} -auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }} -admin_tenant_name = {{ service_tenant }} -admin_user = {{ service_user }} -admin_password = {{ service_password }} +auth_uri = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }} [filter:swift3] use = egg:swift3#swift3 diff --git a/tests/basic_deployment.py b/tests/basic_deployment.py index c0fb709..e4e958e 100644 --- a/tests/basic_deployment.py +++ b/tests/basic_deployment.py @@ -201,7 +201,7 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment): 'tenantId': u.not_null, 'id': u.not_null, 'email': u'juju@localhost'} - user4 = {'name': 'swift', + user4 = {'name': 's3_swift', 'enabled': True, 'tenantId': u.not_null, 'id': u.not_null, @@ -223,7 +223,7 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment): 'id': u.not_null} expected = {'image': [endpoint_id], 'object-store': [endpoint_id], - 'identity': [endpoint_id]} + 'identity': [endpoint_id], 's3': [endpoint_id]} actual = self.keystone_demo.service_catalog.get_endpoints() ret = u.validate_svc_catalog_endpoint_data(expected, actual) @@ -254,13 +254,18 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment): unit = self.swift_proxy_sentry relation = ['identity-service', 'keystone:identity-service'] expected = { - 'service': 'swift', - 'region': 'RegionOne', - 'public_url': u.valid_url, - 'internal_url': u.valid_url, + 'swift_service': 'swift', + 'swift_region': 'RegionOne', + 'swift_public_url': u.valid_url, + 'swift_internal_url': u.valid_url, + 'swift_admin_url': u.valid_url, + 's3_service': 's3', + 's3_region': 'RegionOne', + 's3_public_url': u.valid_url, + 's3_internal_url': u.valid_url, + 's3_admin_url': u.valid_url, 'private-address': u.valid_ip, 'requested_roles': 'Member,Admin', - 'admin_url': u.valid_url } ret = u.validate_relation_data(unit, relation, expected) @@ -283,7 +288,7 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment): 'auth_protocol': 'http', 'private-address': u.valid_ip, 'auth_host': u.valid_ip, - 'service_username': 'swift', + 'service_username': 's3_swift', 'service_tenant_id': u.not_null, 'service_host': u.valid_ip } @@ -463,10 +468,6 @@ class SwiftProxyBasicDeployment(OpenStackAmuletDeployment): 'paste.filter_factory': 'keystonemiddleware.s3_token' ':filter_factory', 'auth_uri': '{}://{}:{}'.format( - auth_protocol, - auth_host, - keystone_relation['service_port']), - 'identity_uri': '{}://{}:{}'.format( auth_protocol, auth_host, keystone_relation['auth_port']), diff --git a/unit_tests/test_swift_hooks.py b/unit_tests/test_swift_hooks.py index ad174ab..6fd46d6 100644 --- a/unit_tests/test_swift_hooks.py +++ b/unit_tests/test_swift_hooks.py @@ -101,13 +101,23 @@ class SwiftHooksTestCase(unittest.TestCase): swift_hooks.keystone_joined() _relation_set.assert_called_with( - service='swift', - region='RegionOne', - public_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s', - internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s', - admin_url='http://swift-proxy:1234', + admin_url=None, + internal_url=None, + public_url=None, + region=None, + relation_id=None, requested_roles='Operator,Monitor', - relation_id=None + s3_admin_url='http://swift-proxy:1234', + s3_internal_url='http://swift-proxy:1234', + s3_public_url='http://swift-proxy:1234', + s3_region='RegionOne', + s3_service='s3', + service=None, + swift_admin_url='http://swift-proxy:1234', + swift_internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s', + swift_public_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s', + swift_region='RegionOne', + swift_service='swift' ) @patch.object(swift_hooks, 'config') @@ -148,14 +158,24 @@ class SwiftHooksTestCase(unittest.TestCase): swift_hooks.keystone_joined() _relation_set.assert_called_with( - service='swift', - region='RegionOne', - public_url=('http://public.example.com:1234/' - 'v1/AUTH_$(tenant_id)s'), - internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s', - admin_url='http://swift-proxy:1234', + admin_url=None, + internal_url=None, + public_url=None, + region=None, + relation_id=None, requested_roles='Operator,Monitor', - relation_id=None + s3_admin_url='http://swift-proxy:1234', + s3_internal_url='http://swift-proxy:1234', + s3_public_url='http://public.example.com:1234', + s3_region='RegionOne', + s3_service='s3', + service=None, + swift_admin_url='http://swift-proxy:1234', + swift_internal_url='http://swift-proxy:1234/v1/AUTH_$(tenant_id)s', + swift_public_url=('http://public.example.com' + + ':1234/v1/AUTH_$(tenant_id)s'), + swift_region='RegionOne', + swift_service='swift' ) @patch.object(swift_hooks.time, 'time')