Additional options for keystone-paste.ini

* This change allows further flexibility with handling keystone-paste.ini * We now support pulling from a local file (redhat use case), pulling from a remote file, and finally template functionality (default) * We support a misc_paste chef attribute to add custom lines to the keystone-paste.ini when using the templated version Change-Id: I9a9adf3fd63df7a36deea274aac51ecd08335bfa
2014-06-20 11:48:10 -07:00
parent 0b59f6ed86
commit 00354fe02a
7 changed files with 151 additions and 25 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # CHANGELOG for cookbook-openstack-identity
 This file is used to list changes made in each version of cookbook-openstack-identity.

+## 9.3.1
+* Add support for a templated keystone-paste.ini
+  as well as support misc_paste options inserted
+
 ## 9.3.0
 * python_packages database client attributes have been migrated to the -common cookbook

--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -36,8 +36,16 @@ default['openstack']['identity']['verbose'] = 'False'
 default['openstack']['identity']['debug'] = 'False'

 # Specify a location to retrieve keystone-paste.ini from
+# which can either be a remote url using http:// or a
+# local path to a file using file:// which would generally
+# be a distribution file - if this option is left nil then
+# the templated version distributed with this cookbook
+# will be used (keystone-paste.ini.erb)
 default['openstack']['identity']['pastefile_url'] = nil

+# array of lines to add to templated version of keystone-paste.ini
+default['openstack']['identity']['misc_paste'] = []
+
 default['openstack']['identity']['region'] = node['openstack']['region']
 default['openstack']['identity']['token']['expiration'] = '86400'

--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'matt@opscode.com'
 license          'Apache 2.0'
 description      'The OpenStack Identity service Keystone.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '9.3.0'
+version          '9.3.1'

 recipe           'openstack-identity::client', 'Install packages required for keystone client'
 recipe           'openstack-identity::server', 'Installs and Configures Keystone Service'
--- a/recipes/server.rb
+++ b/recipes/server.rb
@@ -179,6 +179,7 @@ admin_endpoint = "#{ae.scheme}://#{ae.host}:#{ae.port}/"
 # /etc/keystone/keystone-paste.ini is not packaged.
 if node['openstack']['identity']['pastefile_url']
  remote_file '/etc/keystone/keystone-paste.ini' do
+    action   :create_if_missing
    source   node['openstack']['identity']['pastefile_url']
    owner    node['openstack']['identity']['user']
    group    node['openstack']['identity']['group']
@@ -186,14 +187,12 @@ if node['openstack']['identity']['pastefile_url']
    notifies :restart, 'service[keystone]', :delayed
  end
 else
-  remote_file '/etc/keystone/keystone-paste.ini' do
-    source   'file:////usr/share/keystone/keystone-dist-paste.ini'
-    action   :create_if_missing
-    owner    node['openstack']['identity']['user']
-    group    node['openstack']['identity']['group']
-    mode     00644
+  template '/etc/keystone/keystone-paste.ini' do
+    source 'keystone-paste.ini.erb'
+    owner node['openstack']['identity']['user']
+    group node['openstack']['identity']['group']
+    mode   00644
    notifies :restart, 'service[keystone]', :delayed
-    only_if  { platform_family?('rhel') }
  end
 end

--- a/spec/server-redhat_spec.rb
+++ b/spec/server-redhat_spec.rb
@@ -46,12 +46,13 @@ describe 'openstack-identity::server' do
    end

    describe 'keystone-paste.ini' do
+      before { node.set['openstack']['identity']['pastefile_url'] = 'file:///usr/share/keystone/keystone-dist-paste.ini' }
      paste_file = '/etc/keystone/keystone-paste.ini'
-
      let(:file_resource) { chef_run.remote_file(paste_file) }

-      it 'copies in keystone-dist-paste.ini when keystone-paste remote not specified ' do
+      it 'copies local keystone-dist-paste.ini when keystone-paste pastefile_url is specified' do
        expect(chef_run).to create_remote_file_if_missing(paste_file).with(
+          source: 'file:///usr/share/keystone/keystone-dist-paste.ini',
          user: 'keystone',
          group: 'keystone',
          mode: 00644)
--- a/spec/server_spec.rb
+++ b/spec/server_spec.rb
@@ -703,27 +703,41 @@ describe 'openstack-identity::server' do
      end
    end

-    describe 'keystone-paste.ini' do
+    describe 'keystone-paste.ini as template' do

-      it 'does not manage keystone-paste unless specified' do
-        expect(chef_run).not_to create_remote_file('/etc/keystone/keystone-paste.ini')
+      let(:path) { '/etc/keystone/keystone-paste.ini' }
+      let(:template) { chef_run.template(path) }
+
+      it 'has proper owner' do
+        expect(template.owner).to eq('keystone')
+        expect(template.group).to eq('keystone')
      end

-      describe 'keystone-paste remote specified' do
-
-        before { node.set['openstack']['identity']['pastefile_url'] = 'http://server/mykeystone-paste.ini' }
-        let(:remote_paste) { chef_run.remote_file('/etc/keystone/keystone-paste.ini') }
-
-        it 'does manage keystone-paste from remote file if specified' do
-          expect(chef_run).to create_remote_file('/etc/keystone/keystone-paste.ini').with(
-            user: 'keystone',
-            group: 'keystone',
-            mode: 00644)
-          expect(remote_paste).to notify('service[keystone]').to(:restart)
-        end
+      it 'has proper modes' do
+        expect(sprintf('%o', template.mode)).to eq('644')
      end

+      it 'template misc_paste array correctly' do
+        node.set['openstack']['identity']['misc_paste'] = ['MISC1=OPTION1', 'MISC2=OPTION2']
+        expect(chef_run).to render_file(path).with_content(
+          /^MISC1=OPTION1$/)
+        expect(chef_run).to render_file(path).with_content(
+          /^MISC2=OPTION2$/)
+      end
    end

+    describe 'keystone-paste.ini as remote file' do
+      before { node.set['openstack']['identity']['pastefile_url'] = 'http://server/mykeystone-paste.ini' }
+      let(:remote_paste) { chef_run.remote_file('/etc/keystone/keystone-paste.ini') }
+
+      it 'uses a remote file if pastefile_url is specified' do
+        expect(chef_run).to create_remote_file_if_missing('/etc/keystone/keystone-paste.ini').with(
+          source: 'http://server/mykeystone-paste.ini',
+          user: 'keystone',
+          group: 'keystone',
+          mode: 00644)
+        expect(remote_paste).to notify('service[keystone]').to(:restart)
+      end
+    end
  end
 end
--- a/templates/default/keystone-paste.ini.erb
+++ b/templates/default/keystone-paste.ini.erb
@@ -0,0 +1,100 @@
+<%= node["openstack"]["identity"]["custom_template_banner"] %>
+
+# keystone PasteDeploy configuration file.
+
+[filter:debug]
+paste.filter_factory = keystone.common.wsgi:Debug.factory
+
+[filter:token_auth]
+paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
+
+[filter:admin_token_auth]
+paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
+
+[filter:xml_body]
+paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
+
+[filter:json_body]
+paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
+
+[filter:user_crud_extension]
+paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
+
+[filter:crud_extension]
+paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
+
+[filter:ec2_extension]
+paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
+
+[filter:oauth_extension]
+paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory
+
+[filter:s3_extension]
+paste.filter_factory = keystone.contrib.s3:S3Extension.factory
+
+[filter:endpoint_filter_extension]
+paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory
+
+[filter:url_normalize]
+paste.filter_factory = keystone.middleware:NormalizingFilter.factory
+
+[filter:sizelimit]
+paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
+
+[filter:stats_monitoring]
+paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
+
+[filter:stats_reporting]
+paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
+
+[filter:access_log]
+paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
+
+[app:public_service]
+paste.app_factory = keystone.service:public_app_factory
+
+[app:service_v3]
+paste.app_factory = keystone.service:v3_app_factory
+
+[app:admin_service]
+paste.app_factory = keystone.service:admin_app_factory
+
+[pipeline:public_api]
+pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension user_crud_extension public_service
+
+[pipeline:admin_api]
+pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service
+
+[pipeline:api_v3]
+pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension service_v3
+
+[app:public_version_service]
+paste.app_factory = keystone.service:public_version_app_factory
+
+[app:admin_version_service]
+paste.app_factory = keystone.service:admin_version_app_factory
+
+[pipeline:public_version_api]
+pipeline = access_log sizelimit url_normalize xml_body public_version_service
+
+[pipeline:admin_version_api]
+pipeline = access_log sizelimit url_normalize xml_body admin_version_service
+
+[composite:main]
+use = egg:Paste#urlmap
+/v2.0 = public_api
+/v3 = api_v3
+/ = public_version_api
+
+[composite:admin]
+use = egg:Paste#urlmap
+/v2.0 = admin_api
+/v3 = api_v3
+/ = admin_version_api
+
+<% if node["openstack"]["identity"]["misc_paste"] %>
+<% node["openstack"]["identity"]["misc_paste"].each do |m| %>
+<%= m %>
+<% end %>
+<% end %>
+