Add parameter max_containers_per_account

This add parameters max_containers_per_account and max_containers_whitelist as new parameters. Change-Id: I15e40760340c7df123a7e3127ab40c6bc7ec7b45
2018-10-22 17:38:35 +02:00 · 2018-10-22 17:38:35 +02:00 · a6e9e39bbe
parent 82503a419f
commit a6e9e39bbe
3 changed files with 84 additions and 60 deletions
--- a/manifests/proxy.pp
+++ b/manifests/proxy.pp
@ -65,6 +65,14 @@
 #     (optional) If True, the proxy will log whenever it has to failover to a handoff node
 #     Defaults to true.
 #
 #  [*max_containers_per_account*]
 #     (optional) If set to a positive value, will limit container number per account.
 #     Default to 0.
 #
 #  [*max_containers_whitelist*]
 #     (optional) This is a comma separated list of account hashes that ignore the max_containers_per_account cap.
 #     Default to $::os_service_default.
 #
 #  [*read_affinity*]
 #    (optional) Configures the read affinity of proxy-server.
 #    Defaults to undef.
@ -131,30 +139,32 @@
 #
 class swift::proxy(
  $proxy_local_net_ip,
-  $port                      = '8080',
+  $port                       = '8080',
-  $pipeline                  = ['healthcheck', 'cache', 'tempauth', 'proxy-server'],
+  $pipeline                   = ['healthcheck', 'cache', 'tempauth', 'proxy-server'],
-  $workers                   = $::os_workers,
+  $workers                    = $::os_workers,
-  $allow_account_management  = true,
+  $allow_account_management   = true,
-  $account_autocreate        = true,
+  $account_autocreate         = true,
-  $log_headers               = 'False',
+  $log_headers                = 'False',
-  $log_udp_host              = undef,
+  $log_udp_host               = undef,
-  $log_udp_port              = undef,
+  $log_udp_port               = undef,
-  $log_address               = '/dev/log',
+  $log_address                = '/dev/log',
-  $log_level                 = 'INFO',
+  $log_level                  = 'INFO',
-  $log_facility              = 'LOG_LOCAL2',
+  $log_facility               = 'LOG_LOCAL2',
-  $log_handoffs              = true,
+  $log_handoffs               = true,
-  $log_name                  = 'proxy-server',
+  $log_name                   = 'proxy-server',
-  $cors_allow_origin         = undef,
+  $cors_allow_origin          = undef,
-  $strict_cors_mode          = true,
+  $strict_cors_mode           = true,
-  $read_affinity             = undef,
+  $max_containers_per_account = 0,
-  $write_affinity            = undef,
+  $max_containers_whitelist   = $::os_service_default,
-  $write_affinity_node_count = undef,
+  $read_affinity              = undef,
-  $node_timeout              = undef,
+  $write_affinity             = undef,
-  $manage_service            = true,
+  $write_affinity_node_count  = undef,
-  $enabled                   = true,
+  $node_timeout               = undef,
-  $package_ensure            = 'present',
+  $manage_service             = true,
-  $service_provider          = $::swift::params::service_provider,
+  $enabled                    = true,
-  $purge_config              = false,
+  $package_ensure             = 'present',
  $service_provider           = $::swift::params::service_provider,
  $purge_config               = false,
 ) inherits ::swift::params {
  include ::swift::deps
@ -201,29 +211,31 @@ class swift::proxy(
  }
  swift_proxy_config {
-    'DEFAULT/bind_port':                          value => $port;
+    'DEFAULT/bind_port':                           value => $port;
-    'DEFAULT/bind_ip':                            value => $proxy_local_net_ip;
+    'DEFAULT/bind_ip':                             value => $proxy_local_net_ip;
-    'DEFAULT/workers':                            value => $workers;
+    'DEFAULT/workers':                             value => $workers;
-    'DEFAULT/user':                               value => 'swift';
+    'DEFAULT/user':                                value => 'swift';
-    'DEFAULT/log_name':                           value => $log_name;
+    'DEFAULT/log_name':                            value => $log_name;
-    'DEFAULT/log_facility':                       value => $log_facility;
+    'DEFAULT/log_facility':                        value => $log_facility;
-    'DEFAULT/log_level':                          value => $log_level;
+    'DEFAULT/log_level':                           value => $log_level;
-    'DEFAULT/log_headers':                        value => $log_headers;
+    'DEFAULT/log_headers':                         value => $log_headers;
-    'DEFAULT/log_address':                        value => $log_address;
+    'DEFAULT/log_address':                         value => $log_address;
-    'DEFAULT/log_udp_host':                       value => $log_udp_host;
+    'DEFAULT/log_udp_host':                        value => $log_udp_host;
-    'DEFAULT/log_udp_port':                       value => $log_udp_port;
+    'DEFAULT/log_udp_port':                        value => $log_udp_port;
-    'pipeline:main/pipeline':                     value => join($pipeline, ' ');
+    'pipeline:main/pipeline':                      value => join($pipeline, ' ');
-    'app:proxy-server/use':                       value => 'egg:swift#proxy';
+    'app:proxy-server/use':                        value => 'egg:swift#proxy';
-    'app:proxy-server/set log_name':              value => $log_name;
+    'app:proxy-server/set log_name':               value => $log_name;
-    'app:proxy-server/set log_facility':          value => $log_facility;
+    'app:proxy-server/set log_facility':           value => $log_facility;
-    'app:proxy-server/set log_level':             value => $log_level;
+    'app:proxy-server/set log_level':              value => $log_level;
-    'app:proxy-server/set log_address':           value => $log_address;
+    'app:proxy-server/set log_address':            value => $log_address;
-    'app:proxy-server/log_handoffs':              value => $log_handoffs;
+    'app:proxy-server/log_handoffs':               value => $log_handoffs;
-    'app:proxy-server/allow_account_management':  value => $allow_account_management;
+    'app:proxy-server/allow_account_management':   value => $allow_account_management;
-    'app:proxy-server/account_autocreate':        value => $account_autocreate;
+    'app:proxy-server/account_autocreate':         value => $account_autocreate;
-    'app:proxy-server/write_affinity':            value => $write_affinity;
+    'app:proxy-server/max_containers_per_account': value => $max_containers_per_account;
-    'app:proxy-server/write_affinity_node_count': value => $write_affinity_node_count;
+    'app:proxy-server/max_containers_whitelist':   value => $max_containers_whitelist;
-    'app:proxy-server/node_timeout':              value => $node_timeout;
+    'app:proxy-server/write_affinity':             value => $write_affinity;
    'app:proxy-server/write_affinity_node_count':  value => $write_affinity_node_count;
    'app:proxy-server/node_timeout':               value => $node_timeout;
  }
  if $cors_allow_origin {
--- a/releasenotes/notes/swift-max-containers-per-account-f033e8f28c87a802.yaml
+++ b/releasenotes/notes/swift-max-containers-per-account-f033e8f28c87a802.yaml
@ -0,0 +1,6 @@
 ---
 features:
  - |
    Added new parameters max_containers_per_account and 
    max_containers_whitelist to proxy class that can be used to configure
    the maximum authorized container number for an account.
--- a/spec/classes/swift_proxy_spec.rb
+++ b/spec/classes/swift_proxy_spec.rb
@ -65,6 +65,8 @@ describe 'swift::proxy' do
        it { should contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true') }
        it { should contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('true') }
        it { should contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('true') }
        it { should contain_swift_proxy_config('app:proxy-server/max_containers_per_account').with_value(0) }
        it { should contain_swift_proxy_config('app:proxy-server/max_containers_whitelist').with_value('<SERVICE DEFAULT>') }
        it { should contain_service('swift-proxy-server').with_require([
          'Class[Swift::Proxy::Healthcheck]',
@ -96,19 +98,21 @@ describe 'swift::proxy' do
          let :params do
            {
-              :proxy_local_net_ip        => '10.0.0.2',
+              :proxy_local_net_ip         => '10.0.0.2',
-              :port                      => '80',
+              :port                       => '80',
-              :workers                   => 3,
+              :workers                    => 3,
-              :pipeline                  => ['swauth', 'proxy-server'],
+              :pipeline                   => ['swauth', 'proxy-server'],
-              :allow_account_management  => false,
+              :allow_account_management   => false,
-              :account_autocreate        => false,
+              :account_autocreate         => false,
-              :log_level                 => 'DEBUG',
+              :log_level                  => 'DEBUG',
-              :log_name                  => 'swift-proxy-server',
+              :log_name                   => 'swift-proxy-server',
-              :read_affinity             => 'r1z1=100, r1=200',
+              :max_containers_per_account => 10,
-              :write_affinity            => 'r1',
+              :max_containers_whitelist   => 'project1,project2',
-              :write_affinity_node_count => '2 * replicas',
+              :read_affinity              => 'r1z1=100, r1=200',
-              :node_timeout              => '20',
+              :write_affinity             => 'r1',
-              :cors_allow_origin         => 'http://foo.bar:1234,https://foo.bar',
+              :write_affinity_node_count  => '2 * replicas',
              :node_timeout               => '20',
              :cors_allow_origin          => 'http://foo.bar:1234,https://foo.bar',
            }
          end
@ -132,6 +136,8 @@ describe 'swift::proxy' do
          it { should contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true') }
          it { should contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('false') }
          it { should contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('false') }
          it { should contain_swift_proxy_config('app:proxy-server/max_containers_per_account').with_value(10) }
          it { should contain_swift_proxy_config('app:proxy-server/max_containers_whitelist').with_value('project1,project2') }
          it { should contain_swift_proxy_config('app:proxy-server/sorting_method').with_value('affinity') }
          it { should contain_swift_proxy_config('app:proxy-server/read_affinity').with_value('r1z1=100, r1=200') }
          it { should contain_swift_proxy_config('app:proxy-server/write_affinity').with_value('r1') }