Add a meta_version_to_write parameter
This parameter is useful to handle upgrades from prior versions of swift when crypto is enabled. See this patch commit header for more info: https://review.opendev.org/#/c/742033/ Change-Id: Icd321e03e5055044b2dba9c9fee191cb9546dd60
This commit is contained in:
parent
5c68fd9be9
commit
8e9f7d5757
|
@ -56,6 +56,10 @@
|
||||||
# id may also be specified.
|
# id may also be specified.
|
||||||
# Defaults to 'default' (note the capitalization).
|
# Defaults to 'default' (note the capitalization).
|
||||||
#
|
#
|
||||||
|
# [*meta_version_to_write*]
|
||||||
|
# (Optional) Int. The version of crypto metadata to write.
|
||||||
|
# Defaults to 1.
|
||||||
|
#
|
||||||
# == Dependencies
|
# == Dependencies
|
||||||
#
|
#
|
||||||
# None
|
# None
|
||||||
|
@ -65,17 +69,18 @@
|
||||||
# Thiago da Silva thiago@redhat.com
|
# Thiago da Silva thiago@redhat.com
|
||||||
#
|
#
|
||||||
class swift::keymaster(
|
class swift::keymaster(
|
||||||
$api_class = 'barbican',
|
$api_class = 'barbican',
|
||||||
$key_id = undef,
|
$key_id = undef,
|
||||||
$username = 'swift',
|
$username = 'swift',
|
||||||
$password = undef,
|
$password = undef,
|
||||||
$project_name = 'services',
|
$project_name = 'services',
|
||||||
$project_id = undef,
|
$project_id = undef,
|
||||||
$auth_endpoint = undef,
|
$auth_endpoint = undef,
|
||||||
$project_domain_name = undef,
|
$project_domain_name = undef,
|
||||||
$user_domain_name = undef,
|
$user_domain_name = undef,
|
||||||
$project_domain_id = 'default',
|
$project_domain_id = 'default',
|
||||||
$user_domain_id = 'default',
|
$user_domain_id = 'default',
|
||||||
|
$meta_version_to_write = 1,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include swift::deps
|
include swift::deps
|
||||||
|
@ -85,17 +90,18 @@ class swift::keymaster(
|
||||||
}
|
}
|
||||||
|
|
||||||
swift_keymaster_config {
|
swift_keymaster_config {
|
||||||
'kms_keymaster/api_class': value => $api_class;
|
'kms_keymaster/api_class': value => $api_class;
|
||||||
'kms_keymaster/key_id': value => $key_id;
|
'kms_keymaster/key_id': value => $key_id;
|
||||||
'kms_keymaster/username': value => $username;
|
'kms_keymaster/username': value => $username;
|
||||||
'kms_keymaster/password': value => $password, secret => true;
|
'kms_keymaster/password': value => $password, secret => true;
|
||||||
'kms_keymaster/project_name': value => $project_name;
|
'kms_keymaster/project_name': value => $project_name;
|
||||||
'kms_keymaster/project_id': value => $project_id;
|
'kms_keymaster/project_id': value => $project_id;
|
||||||
'kms_keymaster/auth_endpoint': value => $auth_endpoint;
|
'kms_keymaster/auth_endpoint': value => $auth_endpoint;
|
||||||
'kms_keymaster/project_domain_name': value => $project_domain_name;
|
'kms_keymaster/project_domain_name': value => $project_domain_name;
|
||||||
'kms_keymaster/user_domain_name': value => $user_domain_name;
|
'kms_keymaster/user_domain_name': value => $user_domain_name;
|
||||||
'kms_keymaster/project_domain_id': value => $project_domain_id;
|
'kms_keymaster/project_domain_id': value => $project_domain_id;
|
||||||
'kms_keymaster/user_domain_id': value => $user_domain_id;
|
'kms_keymaster/user_domain_id': value => $user_domain_id;
|
||||||
|
'kms_keymaster/meta_version_to_write': value => $meta_version_to_write;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added a new meta_version_to_write for the keymaster config.
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
When upgrading from Swift 2.20.0 or Swift 2.19.1 or earlier, set
|
||||||
|
meta_version_to_write to 1. When upgrading from 2.25.0 or earlier, set
|
||||||
|
meta_version_to_write to 2. After upgrading all proxy servers, set this to
|
||||||
|
3 (currently the highest version).
|
||||||
|
critical:
|
||||||
|
- |
|
||||||
|
Failing to set the correct version of meta_version_to_write can lead to
|
||||||
|
unrecoverable data.
|
|
@ -8,6 +8,7 @@ describe 'swift::keymaster' do
|
||||||
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services') }
|
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services') }
|
||||||
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default') }
|
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default') }
|
||||||
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_id').with_value('default') }
|
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_id').with_value('default') }
|
||||||
|
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('1') }
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "when overriding default parameters" do
|
describe "when overriding default parameters" do
|
||||||
|
@ -17,6 +18,7 @@ describe 'swift::keymaster' do
|
||||||
:password => 'fake_password',
|
:password => 'fake_password',
|
||||||
:auth_endpoint => 'http://127.0.0.1:5000',
|
:auth_endpoint => 'http://127.0.0.1:5000',
|
||||||
:project_name => 'barbican_swift_service',
|
:project_name => 'barbican_swift_service',
|
||||||
|
:meta_version_to_write => 3,
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -24,6 +26,7 @@ describe 'swift::keymaster' do
|
||||||
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/password').with_value('fake_password').with_secret(true) }
|
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/password').with_value('fake_password').with_secret(true) }
|
||||||
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000') }
|
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000') }
|
||||||
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service') }
|
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service') }
|
||||||
|
it { is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('3') }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue