openstack
/
puppet-swift
Code Issues Proposed changes

Add a meta_version_to_write parameter 

This parameter is useful to handle upgrades from prior versions of
swift when crypto is enabled. See this patch commit header for more info:
https://review.opendev.org/#/c/742033/

Change-Id: Icd321e03e5055044b2dba9c9fee191cb9546dd60
This commit is contained in:
Thomas Goirand 2020-08-31 10:25:26 +02:00
parent 5c68fd9be9
commit 8e9f7d5757
3 changed files with 45 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
manifests/keymaster.pp
View File

@ -56,6 +56,10 @@
# id may also be specified. # id may also be specified.
# Defaults to 'default' (note the capitalization). # Defaults to 'default' (note the capitalization).
# #
# [*meta_version_to_write*]
# (Optional) Int. The version of crypto metadata to write.
# Defaults to 1.
#
# == Dependencies # == Dependencies
# #
# None # None
@ -65,17 +69,18 @@
# Thiago da Silva thiago@redhat.com # Thiago da Silva thiago@redhat.com
# #
class swift::keymaster( class swift::keymaster(
$api_class = 'barbican', $api_class = 'barbican',
$key_id = undef, $key_id = undef,
$username = 'swift', $username = 'swift',
$password = undef, $password = undef,
$project_name = 'services', $project_name = 'services',
$project_id = undef, $project_id = undef,
$auth_endpoint = undef, $auth_endpoint = undef,
$project_domain_name = undef, $project_domain_name = undef,
$user_domain_name = undef, $user_domain_name = undef,
$project_domain_id = 'default', $project_domain_id = 'default',
$user_domain_id = 'default', $user_domain_id = 'default',
$meta_version_to_write = 1,
) { ) {
include swift::deps include swift::deps
@ -85,17 +90,18 @@ class swift::keymaster(
} }
swift_keymaster_config { swift_keymaster_config {
'kms_keymaster/api_class': value => $api_class; 'kms_keymaster/api_class': value => $api_class;
'kms_keymaster/key_id': value => $key_id; 'kms_keymaster/key_id': value => $key_id;
'kms_keymaster/username': value => $username; 'kms_keymaster/username': value => $username;
'kms_keymaster/password': value => $password, secret => true; 'kms_keymaster/password': value => $password, secret => true;
'kms_keymaster/project_name': value => $project_name; 'kms_keymaster/project_name': value => $project_name;
'kms_keymaster/project_id': value => $project_id; 'kms_keymaster/project_id': value => $project_id;
'kms_keymaster/auth_endpoint': value => $auth_endpoint; 'kms_keymaster/auth_endpoint': value => $auth_endpoint;
'kms_keymaster/project_domain_name': value => $project_domain_name; 'kms_keymaster/project_domain_name': value => $project_domain_name;
'kms_keymaster/user_domain_name': value => $user_domain_name; 'kms_keymaster/user_domain_name': value => $user_domain_name;
'kms_keymaster/project_domain_id': value => $project_domain_id; 'kms_keymaster/project_domain_id': value => $project_domain_id;
'kms_keymaster/user_domain_id': value => $user_domain_id; 'kms_keymaster/user_domain_id': value => $user_domain_id;
'kms_keymaster/meta_version_to_write': value => $meta_version_to_write;
} }
} }

14
releasenotes/notes/meta_version_to_write-5644a0ce81936572.yaml Normal file
View File

@ -0,0 +1,14 @@
---
features:
- |
Added a new meta_version_to_write for the keymaster config.
upgrade:
- |
When upgrading from Swift 2.20.0 or Swift 2.19.1 or earlier, set
meta_version_to_write to 1. When upgrading from 2.25.0 or earlier, set
meta_version_to_write to 2. After upgrading all proxy servers, set this to
3 (currently the highest version).
critical:
- |
Failing to set the correct version of meta_version_to_write can lead to
unrecoverable data.

3
spec/classes/swift_keymaster.rb
View File

@ -8,6 +8,7 @@ describe 'swift::keymaster' do
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services') } it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services') }
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default') } it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default') }
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_id').with_value('default') } it { is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_id').with_value('default') }
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('1') }
end end
describe "when overriding default parameters" do describe "when overriding default parameters" do
@ -17,6 +18,7 @@ describe 'swift::keymaster' do
:password => 'fake_password', :password => 'fake_password',
:auth_endpoint => 'http://127.0.0.1:5000', :auth_endpoint => 'http://127.0.0.1:5000',
:project_name => 'barbican_swift_service', :project_name => 'barbican_swift_service',
:meta_version_to_write => 3,
} }
end end
@ -24,6 +26,7 @@ describe 'swift::keymaster' do
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/password').with_value('fake_password').with_secret(true) } it { is_expected.to contain_swift_keymaster_config('kms_keymaster/password').with_value('fake_password').with_secret(true) }
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000') } it { is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000') }
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service') } it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service') }
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('3') }
end end
end end