Merge "Only manage the keystone-paste.ini if specified"
This commit is contained in:
Jenkins
@@ -247,6 +247,7 @@ Please refer to the Common cookbook for more attributes.
|
||||
* `openstack['identity']['admin_token']` - Admin token for bootstraping keystone server
|
||||
* `openstack['identity']['roles']` - Array of roles to create in the keystone server
|
||||
* `openstack['identity']['users']` - Array of users to create in the keystone server
|
||||
* `openstack['identity']['pastefile_url']` - Specify the URL for a keystone-paste.ini file that will override the default packaged file
|
||||
TODO: Add DB2 support on other platforms
|
||||
* `openstack['identity']['platform']['db2_python_packages']` - Array of DB2 python packages, only available on redhat platform
|
||||
* `openstack['identity']['token']['expiration']` - Token validity time in seconds
|
||||
|
||||
@@ -35,6 +35,9 @@ default['credentials']['EC2']['admin']['secret'] = ''
|
||||
default['openstack']['identity']['verbose'] = 'False'
|
||||
default['openstack']['identity']['debug'] = 'False'
|
||||
|
||||
# Specify a location to retrieve keystone-paste.ini from
|
||||
default['openstack']['identity']['pastefile_url'] = nil
|
||||
|
||||
default['openstack']['identity']['region'] = node['openstack']['region']
|
||||
default['openstack']['identity']['token']['expiration'] = '86400'
|
||||
|
||||
|
||||
@@ -194,13 +194,16 @@ template '/etc/keystone/keystone.conf' do
|
||||
notifies :restart, 'service[keystone]', :delayed
|
||||
end
|
||||
|
||||
template '/etc/keystone/keystone-paste.ini' do
|
||||
source 'keystone-paste.ini.erb'
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00644
|
||||
# If a keystone-paste.ini is specified use it
|
||||
if node['openstack']['identity']['pastefile_url']
|
||||
remote_file '/etc/keystone/keystone-paste.ini' do
|
||||
source node['openstack']['identity']['pastefile_url']
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00644
|
||||
|
||||
notifies :restart, 'service[keystone]', :immediately
|
||||
notifies :restart, 'service[keystone]', :immediately
|
||||
end
|
||||
end
|
||||
|
||||
# populate the templated catlog, if you're using the templated catalog backend
|
||||
|
||||
@@ -651,94 +651,26 @@ describe 'openstack-identity::server' do
|
||||
end
|
||||
|
||||
describe 'keystone-paste.ini' do
|
||||
let(:paste_file_path) { '/etc/keystone/keystone-paste.ini' }
|
||||
let(:paste_file_template) { chef_run.template paste_file_path }
|
||||
|
||||
it 'has proper owner' do
|
||||
expect(paste_file_template.owner).to eq('keystone')
|
||||
expect(paste_file_template.group).to eq('keystone')
|
||||
it 'does not manage keystone-paste unless specified' do
|
||||
expect(chef_run).not_to create_remote_file('/etc/keystone/keystone-paste.ini')
|
||||
end
|
||||
|
||||
it 'has proper modes' do
|
||||
expect(sprintf('%o', paste_file_template.mode)).to eq '644'
|
||||
end
|
||||
describe 'keystone-paste remote specified' do
|
||||
|
||||
it 'contains sections' do
|
||||
required_sections = %w{filter:debug filter:token_auth
|
||||
filter:admin_token_auth filter:xml_body
|
||||
filter:json_body filter:user_crud_extension
|
||||
filter:crud_extension filter:ec2_extension
|
||||
filter:oauth_extension filter:s3_extension
|
||||
filter:endpoint_filter_extension filter:url_normalize
|
||||
filter:sizelimit filter:stats_monitoring
|
||||
filter:stats_reporting filter:access_log
|
||||
app:public_service app:service_v3
|
||||
app:admin_service pipeline:public_api
|
||||
pipeline:admin_api pipeline:api_v3
|
||||
app:public_version_service app:admin_version_service
|
||||
pipeline:public_version_api pipeline:admin_version_api
|
||||
composite:main composite:admin}
|
||||
required_sections.each do |section|
|
||||
expect(chef_run).to render_file(paste_file_path).with_content(
|
||||
/#{Regexp.quote(section)}/)
|
||||
before { node.set['openstack']['identity']['pastefile_url'] = 'http://server/mykeystone-paste.ini' }
|
||||
let(:remote_paste) { chef_run.remote_file('/etc/keystone/keystone-paste.ini') }
|
||||
|
||||
it 'does manage keystone-paste from remote file if specified' do
|
||||
expect(chef_run).to create_remote_file('/etc/keystone/keystone-paste.ini').with(
|
||||
user: 'keystone',
|
||||
group: 'keystone',
|
||||
mode: 00644)
|
||||
expect(remote_paste).to notify('service[keystone]').to(:restart)
|
||||
end
|
||||
end
|
||||
|
||||
it 'has the correct filter configuration' do
|
||||
filter_factory_key = 'paste.filter_factory'
|
||||
required_filter_factories = %w{keystone.common.wsgi:Debug.factory
|
||||
keystone.middleware:TokenAuthMiddleware.factory
|
||||
keystone.middleware:AdminTokenAuthMiddleware.factory
|
||||
keystone.middleware:XmlBodyMiddleware.factory
|
||||
keystone.middleware:JsonBodyMiddleware.factory
|
||||
keystone.contrib.user_crud:CrudExtension.factory
|
||||
keystone.contrib.admin_crud:CrudExtension.factory
|
||||
keystone.contrib.ec2:Ec2Extension.factory
|
||||
keystone.contrib.oauth1.routers:OAuth1Extension.factory
|
||||
keystone.contrib.s3:S3Extension.factory
|
||||
keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory
|
||||
keystone.middleware:NormalizingFilter.factory
|
||||
keystone.middleware:RequestBodySizeLimiter.factory
|
||||
keystone.contrib.stats:StatsMiddleware.factory
|
||||
keystone.contrib.stats:StatsExtension.factory
|
||||
keystone.contrib.access:AccessLogMiddleware.factory}
|
||||
required_filter_factories.each do |filter_factory|
|
||||
r = line_regexp("#{filter_factory_key} = #{filter_factory}")
|
||||
expect(chef_run).to render_file(paste_file_path).with_content(r)
|
||||
end
|
||||
end
|
||||
|
||||
it 'has the correct app configuration' do
|
||||
app_factory_key = 'paste.app_factory'
|
||||
required_app_factories = %w{keystone.service:public_app_factory
|
||||
keystone.service:v3_app_factory
|
||||
keystone.service:admin_app_factory
|
||||
keystone.service:public_version_app_factory
|
||||
keystone.service:admin_version_app_factory}
|
||||
required_app_factories.each do |app_factory|
|
||||
r = line_regexp("#{app_factory_key} = #{app_factory}")
|
||||
expect(chef_run).to render_file(paste_file_path).with_content(r)
|
||||
end
|
||||
end
|
||||
|
||||
it 'has the correct pipeline configuration for public_api' do
|
||||
r = line_regexp('pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension user_crud_extension public_service')
|
||||
expect(chef_run).to render_file(paste_file_path).with_content(r)
|
||||
end
|
||||
|
||||
it 'has the correct pipeline configuration for admin_api' do
|
||||
r = line_regexp('pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service')
|
||||
expect(chef_run).to render_file(paste_file_path).with_content(r)
|
||||
end
|
||||
|
||||
it 'has the correct pipeline configuration for admin_api' do
|
||||
r = line_regexp('pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service')
|
||||
expect(chef_run).to render_file(paste_file_path).with_content(r)
|
||||
end
|
||||
|
||||
it 'notifies keystone restart' do
|
||||
expect(paste_file_template).to notify('service[keystone]').to(:restart)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,93 +0,0 @@
|
||||
<%= node["openstack"]["identity"]["custom_template_banner"] %>
|
||||
|
||||
# keystone PasteDeploy configuration file.
|
||||
|
||||
[filter:debug]
|
||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
||||
|
||||
[filter:token_auth]
|
||||
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
|
||||
|
||||
[filter:admin_token_auth]
|
||||
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
|
||||
|
||||
[filter:xml_body]
|
||||
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
|
||||
|
||||
[filter:json_body]
|
||||
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
|
||||
|
||||
[filter:user_crud_extension]
|
||||
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
||||
|
||||
[filter:crud_extension]
|
||||
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
|
||||
|
||||
[filter:ec2_extension]
|
||||
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
|
||||
|
||||
[filter:oauth_extension]
|
||||
paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory
|
||||
|
||||
[filter:s3_extension]
|
||||
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
|
||||
|
||||
[filter:endpoint_filter_extension]
|
||||
paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory
|
||||
|
||||
[filter:url_normalize]
|
||||
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
|
||||
|
||||
[filter:sizelimit]
|
||||
paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
|
||||
|
||||
[filter:stats_monitoring]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
|
||||
|
||||
[filter:stats_reporting]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
|
||||
|
||||
[filter:access_log]
|
||||
paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
|
||||
|
||||
[app:public_service]
|
||||
paste.app_factory = keystone.service:public_app_factory
|
||||
|
||||
[app:service_v3]
|
||||
paste.app_factory = keystone.service:v3_app_factory
|
||||
|
||||
[app:admin_service]
|
||||
paste.app_factory = keystone.service:admin_app_factory
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension user_crud_extension public_service
|
||||
|
||||
[pipeline:admin_api]
|
||||
pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service
|
||||
|
||||
[pipeline:api_v3]
|
||||
pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension service_v3
|
||||
|
||||
[app:public_version_service]
|
||||
paste.app_factory = keystone.service:public_version_app_factory
|
||||
|
||||
[app:admin_version_service]
|
||||
paste.app_factory = keystone.service:admin_version_app_factory
|
||||
|
||||
[pipeline:public_version_api]
|
||||
pipeline = access_log sizelimit url_normalize xml_body public_version_service
|
||||
|
||||
[pipeline:admin_version_api]
|
||||
pipeline = access_log sizelimit url_normalize xml_body admin_version_service
|
||||
|
||||
[composite:main]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = public_api
|
||||
/v3 = api_v3
|
||||
/ = public_version_api
|
||||
|
||||
[composite:admin]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = admin_api
|
||||
/v3 = api_v3
|
||||
/ = admin_version_api
|
||||
Reference in New Issue
Block a user