openstack/puppet-nova
Code Issues Proposed changes

Add glance image signature verification parameter

Browse Source 
Change-Id: I06e428e51bf157ea22b7f46b9c00cfdf7bea5a7d
This commit is contained in:
Ade Lee
2017-12-07 16:20:34 -05:00
parent 9606525df2
commit f567320681
3 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
manifests/compute.pp
View File

@@ -142,6 +142,10 @@
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager # Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
# Defaults to 'nova.keymgr.conf_key_mgr.ConfKeyManager'. # Defaults to 'nova.keymgr.conf_key_mgr.ConfKeyManager'.
# #
# [*verify_glance_signatures*]
# (optional) Whether to verify image signatures. (boolean value)
# Defaults to $::os_service_default
#
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
# #
# [*keymgr_api_class*] # [*keymgr_api_class*]
@@ -180,6 +184,7 @@ class nova::compute (
$max_concurrent_live_migrations = $::os_service_default, $max_concurrent_live_migrations = $::os_service_default,
$consecutive_build_service_disable_threshold = $::os_service_default, $consecutive_build_service_disable_threshold = $::os_service_default,
$keymgr_backend = 'nova.keymgr.conf_key_mgr.ConfKeyManager', $keymgr_backend = 'nova.keymgr.conf_key_mgr.ConfKeyManager',
$verify_glance_signatures = $::os_service_default,
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
$keymgr_api_class = undef, $keymgr_api_class = undef,
) { ) {
@@ -294,7 +299,8 @@ class nova::compute (
} }
nova_config { nova_config {
'DEFAULT/config_drive_format': value => $config_drive_format; 'DEFAULT/config_drive_format': value => $config_drive_format;
'glance/verify_glance_signatures': value => $verify_glance_signatures;
} }
} }

4
releasenotes/notes/add-glance-image-verification-parameter-456df02dd26552d3.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
features:
- Added parameter verify_glance_signatures to enable verification of signatures
on glance images.

3
spec/classes/nova_compute_spec.rb
View File

@@ -33,6 +33,7 @@ describe 'nova::compute' do
it { is_expected.to contain_nova_config('barbican/barbican_endpoint').with_value('<SERVICE DEFAULT>') } it { is_expected.to contain_nova_config('barbican/barbican_endpoint').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('barbican/barbican_api_version').with_value('<SERVICE DEFAULT>') } it { is_expected.to contain_nova_config('barbican/barbican_api_version').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('barbican/auth_endpoint').with_value('<SERVICE DEFAULT>') } it { is_expected.to contain_nova_config('barbican/auth_endpoint').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_live_migrations').with_value('<SERVICE DEFAULT>') } it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_live_migrations').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('compute/consecutive_build_service_disable_threshold').with_value('<SERVICE DEFAULT>') } it { is_expected.to contain_nova_config('compute/consecutive_build_service_disable_threshold').with_value('<SERVICE DEFAULT>') }
@@ -79,6 +80,7 @@ describe 'nova::compute' do
:barbican_api_version => 'v1', :barbican_api_version => 'v1',
:barbican_auth_endpoint => 'http://127.0.0.1:5000/v3', :barbican_auth_endpoint => 'http://127.0.0.1:5000/v3',
:max_concurrent_live_migrations => '4', :max_concurrent_live_migrations => '4',
:verify_glance_signatures => true,
:consecutive_build_service_disable_threshold => '9', :consecutive_build_service_disable_threshold => '9',
} }
end end
@@ -132,6 +134,7 @@ describe 'nova::compute' do
it { is_expected.to contain_nova_config('compute/consecutive_build_service_disable_threshold').with_value('9') } it { is_expected.to contain_nova_config('compute/consecutive_build_service_disable_threshold').with_value('9') }
it { is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with_value(true) } it { is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with_value(true) }
it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value(true) }
it 'configures nova config_drive_format to vfat' do it 'configures nova config_drive_format to vfat' do
is_expected.to contain_nova_config('DEFAULT/config_drive_format').with_value('vfat') is_expected.to contain_nova_config('DEFAULT/config_drive_format').with_value('vfat')