openstack/puppet-nova
Code Issues Proposed changes

Add glance image signature verification parameter

Browse Source 
Change-Id: I06e428e51bf157ea22b7f46b9c00cfdf7bea5a7d
This commit is contained in:
Ade Lee 2017-12-07 16:20:34 -05:00
parent 9606525df2
commit f567320681
3 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
manifests/compute.pp
View File

@ -142,6 +142,10 @@
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
# Defaults to 'nova.keymgr.conf_key_mgr.ConfKeyManager'.
#
# [*verify_glance_signatures*]
# (optional) Whether to verify image signatures. (boolean value)
# Defaults to $::os_service_default
#
# DEPRECATED PARAMETERS
#
# [*keymgr_api_class*]
@ -180,6 +184,7 @@ class nova::compute (
$max_concurrent_live_migrations = $::os_service_default,
$consecutive_build_service_disable_threshold = $::os_service_default,
$keymgr_backend = 'nova.keymgr.conf_key_mgr.ConfKeyManager',
$verify_glance_signatures = $::os_service_default,
# DEPRECATED PARAMETERS
$keymgr_api_class = undef,
) {
@ -294,7 +299,8 @@ class nova::compute (
}
nova_config {
'DEFAULT/config_drive_format': value => $config_drive_format;
'DEFAULT/config_drive_format': value => $config_drive_format;
'glance/verify_glance_signatures': value => $verify_glance_signatures;
}
}

4
releasenotes/notes/add-glance-image-verification-parameter-456df02dd26552d3.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- Added parameter verify_glance_signatures to enable verification of signatures
on glance images.

3
spec/classes/nova_compute_spec.rb
View File

@ -33,6 +33,7 @@ describe 'nova::compute' do
it { is_expected.to contain_nova_config('barbican/barbican_endpoint').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('barbican/barbican_api_version').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('barbican/auth_endpoint').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_live_migrations').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('compute/consecutive_build_service_disable_threshold').with_value('<SERVICE DEFAULT>') }
@ -79,6 +80,7 @@ describe 'nova::compute' do
:barbican_api_version => 'v1',
:barbican_auth_endpoint => 'http://127.0.0.1:5000/v3',
:max_concurrent_live_migrations => '4',
:verify_glance_signatures => true,
:consecutive_build_service_disable_threshold => '9',
}
end
@ -132,6 +134,7 @@ describe 'nova::compute' do
it { is_expected.to contain_nova_config('compute/consecutive_build_service_disable_threshold').with_value('9') }
it { is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with_value(true) }
it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value(true) }
it 'configures nova config_drive_format to vfat' do
is_expected.to contain_nova_config('DEFAULT/config_drive_format').with_value('vfat')