Stein fixes

- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
  cookbooks
- Update documentation
- Enable sensitive resources for the execute resources in
  openstack_image_image and template[/etc/glance/glance-api.conf] to
  improve security.
- Update delivery configuration to exclude integration cookbooks
- Set glance_store/stores, and update auth_type to password as described
  in the upstream documentation [1]
- Fix ChefSpec output

[1] https://docs.openstack.org/glance/stein/install/install-rdo.html#install-and-configure-components

Depends-On: https://review.opendev.org/706151
Change-Id: I695b576267bc220b0b70011ab035520fc18ff955

.delivery/project.toml

@@ -1 +1,9 @@
-remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"
+[local_phases]
+unit = 'rspec spec/'
+lint = 'cookstyle --display-cop-names --extra-details'
+syntax = "berks install -e integration"
+provision = "echo skipping"
+deploy = "echo skipping"
+smoke = "echo skipping"
+functional = "echo skipping"
+cleanup = "echo skipping"

.rubocop.yml

@@ -14,17 +14,3 @@ AllCops:
     - .cookbooks/**/*
     - berks-cookbooks/**/*
     - .bundle/**/*
-
-Encoding:
-  Exclude:
-    - metadata.rb
-    - Gemfile
-
-NumericLiterals:
-  Enabled: false
-
-LineLength:
-  Enabled: false
-
-WordArray:
-  MinSize: 3

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2018-08-03 05:26:00 -0700 using RuboCop version 0.55.0.
+# on 2020-02-05 23:01:39 +0000 using RuboCop version 0.75.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -10,16 +10,3 @@
 # Configuration parameters: CountKeywordArgs.
 Metrics/ParameterLists:
   Max: 6
-
-# Offense count: 5
-# Cop supports --auto-correct.
-Style/IfUnlessModifier:
-  Exclude:
-    - 'recipes/api.rb'
-    - 'recipes/image_upload.rb'
-
-# Offense count: 97
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
-# URISchemes: http, https
-Metrics/LineLength:
-  Max: 327

Berksfile

@@ -2,20 +2,20 @@ source 'https://supermarket.chef.io'
 
 solver :ruby, :required
 
-%w(
-  client
-  -common
-  -dns
-  -identity
-  -integration-test
-  -network
-  -ops-database
-  -ops-messaging
-).each do |cookbook|
+[
+  %w(client dep),
+  %w(-common dep),
+  %w(-dns integration),
+  %w(-identity dep),
+  %w(-integration-test integration),
+  %w(-network integration),
+  %w(-ops-database integration),
+  %w(-ops-messaging integration)
+].each do |cookbook, group|
   if Dir.exist?("../cookbook-openstack#{cookbook}")
-    cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
+    cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}", group: group
   else
-    cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}"
+    cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}", group: group
   end
 end
 

README.rst

@@ -20,9 +20,9 @@ https://docs.openstack.org/glance/latest
 Requirements
 ============
 
-- Chef 14 or higher
-- ChefDK 3.2.30 for testing (also includes Berkshelf for cookbook
-  dependency resolution)
+- Chef 15 or higher
+- Chef Workstation 0.15.18 for testing (also includes Berkshelf for
+  cookbook dependency resolution)
 
 Platform
 ========
@@ -37,8 +37,8 @@ Cookbooks
 The following cookbooks are dependencies:
 
 - 'openstackclient'
-- 'openstack-common', '>= 18.0.0'
-- 'openstack-identity', '>= 18.0.0'
+- 'openstack-common', '>= 19.0.0'
+- 'openstack-identity', '>= 19.0.0'
 
 Attributes
 ==========
@@ -144,9 +144,6 @@ Action: ``:upload``
 - ``:identity_project_domain_name``: Project domain name for Keystone
   admin user.
 
-For testing this provider with ChefSpec, a custom matcher was added to
-``libraries/matchers.rb``.
-
 License and Author
 ==================
 
@@ -209,7 +206,7 @@ License and Author
 +-----------------+----------------------------------------------------------+
 | **Copyright**   | Copyright (c) 2014, SUSE Linux, GmbH.                    |
 +-----------------+----------------------------------------------------------+
-| **Copyright**   | Copyright (c) 2019, Oregon State University              |
+| **Copyright**   | Copyright (c) 2019-2020, Oregon State University         |
 +-----------------+----------------------------------------------------------+
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may

attributes/default.rb

@@ -1,11 +1,11 @@
 # encoding: UTF-8
 #
-# Cookbook Name:: openstack-image
+# Cookbook:: openstack-image
 # Attributes:: default
 #
-# Copyright 2012, Rackspace US, Inc.
-# Copyright 2013, Craig Tracey <craigtracey@gmail.com>
-# Copyright 2013, Opscode, Inc.
+# Copyright:: 2012, Rackspace US, Inc.
+# Copyright:: 2013, Craig Tracey <craigtracey@gmail.com>
+# Copyright:: 2019-2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -118,7 +118,7 @@ when 'debian'
   default['openstack']['image']['user'] = 'glance'
   default['openstack']['image']['group'] = 'glance'
   default['openstack']['image']['platform'] = {
-    'image_packages' => ['python3-glance', 'glance'],
+    'image_packages' => %w(python3-glance glance),
     'swift_packages' => ['python3-swift'],
     'image_api_service' => 'glance-api',
     'package_overrides' => '',

attributes/glance_api_conf.rb

@@ -7,13 +7,14 @@ default['openstack']['image_api']['conf'].tap do |conf|
   end
 
   # [glance_store] section
+  conf['glance_store']['stores'] = 'file,http'
   conf['glance_store']['default_store'] = 'file'
 
   # [paste_deploy] section
   conf['paste_deploy']['flavor'] = 'keystone'
 
   # [keystone_authtoken] section
-  conf['keystone_authtoken']['auth_type'] = 'v3password'
+  conf['keystone_authtoken']['auth_type'] = 'password'
   conf['keystone_authtoken']['region_name'] = node['openstack']['region']
   conf['keystone_authtoken']['username'] = 'glance'
   conf['keystone_authtoken']['project_name'] = 'admin'

libraries/matchers.rb

@@ -1,6 +0,0 @@
-# encoding: UTF-8
-if defined?(ChefSpec)
-  def upload_openstack_image_image(resource_name)
-    ChefSpec::Matchers::ResourceMatcher.new(:openstack_image_image, :upload, resource_name)
-  end
-end

metadata.rb

@@ -3,21 +3,16 @@ maintainer       'openstack-chef'
 maintainer_email 'openstack-discuss@lists.openstack.org'
 license          'Apache-2.0'
 description      'Installs and configures the Glance Image Registry and Delivery Service'
-version          '18.0.0'
-
-recipe 'openstack-image::api', 'Installs the glance-api server'
-recipe 'openstack-image::identity_registration', 'Registers the API endpoint and glance service Keystone user'
-recipe 'openstack-image::image-upload', 'Upload image to glance.'
-recipe 'openstack-image::swift_store', 'Install and configure swift glance packages'
+version          '19.0.0'
 
 %w(ubuntu redhat centos).each do |os|
   supports os
 end
 
 depends 'openstackclient'
-depends 'openstack-common', '>= 18.0.0'
-depends 'openstack-identity', '>= 18.0.0'
+depends 'openstack-common', '>= 19.0.0'
+depends 'openstack-identity', '>= 19.0.0'
 
 issues_url 'https://launchpad.net/openstack-chef'
 source_url 'https://opendev.org/openstack/cookbook-openstack-image'
-chef_version '>= 14.0'
+chef_version '>= 15.0'

providers/image.rb

@@ -1,10 +1,11 @@
 # encoding: UTF-8
 #
-# Cookbook Name:: openstack-image
+# Cookbook:: openstack-image
 # Provider:: image
 #
-# Copyright 2012, Rackspace US, Inc.
-# Copyright 2013, Opscode, Inc.
+# Copyright:: 2012, Rackspace US, Inc.
+# Copyright:: 2013, Opscode, Inc.
+# Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -47,9 +48,9 @@ def _determine_type(url)
   # Lets do our best to determine the type from the file extension
   case ::File.extname(url)
   when '.gz', '.tgz'
-    return 'ami'
+    'ami'
   when '.qcow2', '.img'
-    return 'qcow'
+    'qcow'
   else
     raise ArgumentError, "File extension not supported for #{url}, supported extensions are: .gz, .tgz for ami and .qcow2 and .img for qcow"
   end
@@ -73,7 +74,7 @@ def _upload_image_bare(name, api, url, public, type, id)
 
   execute "Uploading #{type} image #{name}" do # :pragma-foodcritic: ~FC041
     cwd '/tmp'
-
+    sensitive true
     command "curl -L #{url} | #{glance_cmd} image-create --name #{name} #{"--id #{id}" unless id == ''} --visibility #{public} #{c_fmt} #{d_fmt}"
     not_if "#{glance_cmd} image-list | grep #{name}"
   end
@@ -89,6 +90,7 @@ def _upload_ami(name, api, url, public, id)
   bash "Uploading AMI image #{name}" do
     cwd '/tmp'
     user 'root'
+    sensitive true
     code <<-EOH
         set -x
         mkdir -p images/#{name}

recipes/api.rb

@@ -1,13 +1,14 @@
 # encoding: UTF-8
 #
-# Cookbook Name:: openstack-image
+# Cookbook:: openstack-image
 # Recipe:: api
 #
-# Copyright 2012, Rackspace US, Inc.
-# Copyright 2012-2013, Opscode, Inc.
-# Copyright 2012-2013, AT&T Services, Inc.
-# Copyright 2013, Craig Tracey <craigtracey@gmail.com>
-# Copyright 2013, IBM Corp.
+# Copyright:: 2012, Rackspace US, Inc.
+# Copyright:: 2012-2013, Opscode, Inc.
+# Copyright:: 2012-2013, AT&T Services, Inc.
+# Copyright:: 2013, Craig Tracey <craigtracey@gmail.com>
+# Copyright:: 2013, IBM Corp.
+# Copyright:: 2019-2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -43,7 +44,7 @@ end
 directory '/etc/glance' do
   owner node['openstack']['image']['user']
   group node['openstack']['image']['group']
-  mode 0o0700
+  mode '700'
 end
 
 if node['openstack']['image_api']['conf']['glance_store']['default_store'] == 'file'
@@ -52,7 +53,7 @@ if node['openstack']['image_api']['conf']['glance_store']['default_store'] == 'f
   directory node['openstack']['image_api']['conf']['glance_store']['filesystem_store_datadir'] do
     owner node['openstack']['image']['user']
     group node['openstack']['image']['group']
-    mode 0o0750
+    mode '750'
     recursive true
   end
 end
@@ -95,7 +96,8 @@ template '/etc/glance/glance-api.conf' do
   cookbook 'openstack-common'
   owner node['openstack']['image']['user']
   group node['openstack']['image']['group']
-  mode 0o0640
+  mode '640'
+  sensitive true
   variables(
     service_config: glance_api_conf
   )
@@ -106,7 +108,7 @@ template '/etc/glance/glance-cache.conf' do
   cookbook 'openstack-common'
   owner node['openstack']['image']['user']
   group node['openstack']['image']['group']
-  mode 0o0640
+  mode '640'
   variables(
     service_config: glance_cache_conf
   )
@@ -117,7 +119,7 @@ template '/etc/glance/glance-scrubber.conf' do
   cookbook 'openstack-common'
   owner node['openstack']['image']['user']
   group node['openstack']['image']['group']
-  mode 0o0640
+  mode '640'
   variables(
     service_config: glance_scrubber_conf
   )
@@ -157,7 +159,7 @@ directory node['openstack']['image']['cache']['dir'] do
   owner node['openstack']['image']['user']
   group node['openstack']['image']['group']
   recursive true
-  mode 0o0755
+  mode '755'
 end
 
 service 'glance-api' do

recipes/identity_registration.rb

@@ -1,11 +1,12 @@
 # encoding: UTF-8
 #
-# Cookbook Name:: openstack-image
+# Cookbook:: openstack-image
 # Recipe:: identity_registration
 #
-# Copyright 2013, AT&T Services, Inc.
-# Copyright 2013, Craig Tracey <craigtracey@gmail.com>
-# Copyright 2013, Opscode, Inc.
+# Copyright:: 2013, AT&T Services, Inc.
+# Copyright:: 2013, Craig Tracey <craigtracey@gmail.com>
+# Copyright:: 2013, Opscode, Inc.
+# Copyright:: 2019-2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -52,11 +53,11 @@ region = node['openstack']['region']
 # endpoint_type = node['openstack']['identity']['endpoint_type']
 
 connection_params = {
-  openstack_auth_url:      auth_url,
-  openstack_username:      admin_user,
-  openstack_api_key:       admin_pass,
-  openstack_project_name:  admin_project,
-  openstack_domain_name:   admin_domain,
+  openstack_auth_url: auth_url,
+  openstack_username: admin_user,
+  openstack_api_key: admin_pass,
+  openstack_project_name: admin_project,
+  openstack_domain_name: admin_domain,
   # openstack_endpoint_type: endpoint_type,
 }
 

recipes/image_upload.rb

@@ -1,9 +1,9 @@
 # encoding: UTF-8
 #
-# Cookbook Name:: openstack-image
+# Cookbook:: openstack-image
 # Recipe:: image_upload
 #
-# Copyright 2013, IBM Corp.
+# Copyright:: 2013, IBM Corp.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

recipes/swift_store.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 #
-# Cookbook Name:: openstack-image
+# Cookbook:: openstack-image
 # Recipe:: swift_store
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

resources/image.rb

@@ -1,9 +1,10 @@
 # encoding: UTF-8
 #
-# Cookbook Name:: openstack-image
+# Cookbook:: openstack-image
 # Resource:: image
 #
-# Copyright 2012, Rackspace US, Inc.
+# Copyright:: 2012, Rackspace US, Inc.
+# Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

spec/api_spec.rb

@@ -24,7 +24,7 @@ describe 'openstack-image::api' do
         .with(
           user: 'glance',
           group: 'glance',
-          mode: 0o0700
+          mode: '700'
         )
     end
 
@@ -33,7 +33,7 @@ describe 'openstack-image::api' do
         .with(
           user: 'glance',
           group: 'glance',
-          mode: 0o0750,
+          mode: '750',
           recursive: true
         )
     end
@@ -47,60 +47,61 @@ describe 'openstack-image::api' do
             cookbook: 'openstack-common',
             user: 'glance',
             group: 'glance',
-            mode: 0o0640
+            mode: '640'
           )
       end
 
-      it do
-        [
-          %r{^log_file = /var/log/glance/api.log$},
-          %r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$},
-          /^bind_host = 127.0.0.1$/,
-          /^bind_port = 9292$/,
-        ].each do |line|
+      [
+        %r{^log_file = /var/log/glance/api.log$},
+        %r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$},
+        /^bind_host = 127.0.0.1$/,
+        /^bind_port = 9292$/,
+      ].each do |line|
+        it do
           expect(chef_run).to render_config_file(file.name)
             .with_section_content('DEFAULT', line)
         end
       end
 
-      it do
-        [
-          %r{^filesystem_store_datadir = /var/lib/glance/images$},
-          /^default_store = file$/,
-        ].each do |line|
+      [
+        %r{^filesystem_store_datadir = /var/lib/glance/images$},
+        /^stores = file,http$/,
+        /^default_store = file$/,
+      ].each do |line|
+        it do
           expect(chef_run).to render_config_file(file.name)
             .with_section_content('glance_store', line)
         end
       end
 
-      it do
-        [
-          /^flavor = keystone$/,
-        ].each do |line|
+      [
+        /^flavor = keystone$/,
+      ].each do |line|
+        it do
           expect(chef_run).to render_config_file(file.name)
             .with_section_content('paste_deploy', line)
         end
       end
 
-      it do
-        [
-          /^auth_type = v3password$/,
-          /^region_name = RegionOne$/,
-          /^username = glance$/,
-          /^project_name = admin$/,
-          %r{^auth_url = http://127.0.0.1:5000/v3$},
-          /^password = glance-pass$/,
-          /^user_domain_name = Default$/,
-        ].each do |line|
+      [
+        /^auth_type = password$/,
+        /^region_name = RegionOne$/,
+        /^username = glance$/,
+        /^project_name = admin$/,
+        %r{^auth_url = http://127.0.0.1:5000/v3$},
+        /^password = glance-pass$/,
+        /^user_domain_name = Default$/,
+      ].each do |line|
+        it do
           expect(chef_run).to render_config_file(file.name)
             .with_section_content('keystone_authtoken', line)
         end
       end
 
-      it do
-        [
-          %r{^connection = mysql\+pymysql://glance:db-pass@127\.0\.0\.1:3306/glance\?charset=utf8$},
-        ].each do |line|
+      [
+        %r{^connection = mysql\+pymysql://glance:db-pass@127\.0\.0\.1:3306/glance\?charset=utf8$},
+      ].each do |line|
+        it do
           expect(chef_run).to render_config_file(file.name)
             .with_section_content('database', line)
         end
@@ -117,7 +118,7 @@ describe 'openstack-image::api' do
             cookbook: 'openstack-common',
             user: 'glance',
             group: 'glance',
-            mode: 0o0640
+            mode: '640'
           )
       end
     end
@@ -132,7 +133,7 @@ describe 'openstack-image::api' do
             cookbook: 'openstack-common',
             user: 'glance',
             group: 'glance',
-            mode: 0o0640
+            mode: '640'
           )
       end
     end
@@ -159,7 +160,7 @@ describe 'openstack-image::api' do
         .with(
           user: 'glance',
           group: 'glance',
-          mode: 0o0755,
+          mode: '755',
           recursive: true
         )
     end

spec/image_upload_spec.rb

@@ -82,7 +82,7 @@ describe 'openstack-image::image_upload' do
 
     context 'uploads the raw and vdi images' do
       cached(:chef_run) do
-        node.override['openstack']['image']['upload_images'] = ['raw_imageName', 'vdi_imageName']
+        node.override['openstack']['image']['upload_images'] = %w(raw_imageName vdi_imageName)
         node.override['openstack']['image']['upload_image']['raw_imageName'] = 'image_file.raw'
         node.override['openstack']['image']['upload_image_type']['raw_imageName'] = 'raw'
         node.override['openstack']['image']['upload_image']['vdi_imageName'] = 'image_file.vdi'