Update to swift hash parameters
This change adds the ability to configure the swift_hash_path_prefix for swift. Additionally it deprecated swift_hash_suffix in favor of a new parameter called swift_hash_path_suffix for consistency. Change-Id: I26935fe21af42b488f4479c4e50e8f481a75ea40 Closes-Bug: #1505269
This commit is contained in:
Alex Schultz
@@ -2,7 +2,24 @@
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
# [*swift_hash_suffix*] string of text to be used
|
||||
# [*swift_hash_path_suffix*]
|
||||
# (Required) String. A suffix used by hash_path to offer a bit more security
|
||||
# when generating hashes for paths. It simply appends this value to all
|
||||
# paths; if someone knows this suffix, it's easier for them to guess the hash
|
||||
# a path will end up with. New installations are advised to set this
|
||||
# parameter to a random secret, which would not be disclosed ouside the
|
||||
# organization. The same secret needs to be used by all swift servers of the
|
||||
# same cluster. Existing installations should set this parameter to an empty
|
||||
# string.
|
||||
#
|
||||
# [*swift_hash_path_prefix*]
|
||||
# (Required)String. A prefix used by hash_path to offer a bit more security
|
||||
# when generating hashes for paths. It simply appends this value to all paths;
|
||||
# if someone knows this suffix, it's easier for them to guess the hash a path
|
||||
# will end up with. New installations are advised to set this parameter to a
|
||||
# random secret, which would not be disclosed ouside the organization. The
|
||||
# same secret needs to be used by all swift servers of the same cluster.
|
||||
# Existing installations should set this parameter to an empty string.
|
||||
# as a salt when hashing to determine mappings in the ring.
|
||||
# This file should be the same on every node in the cluster.
|
||||
#
|
||||
@@ -15,6 +32,13 @@
|
||||
# [*max_header_size*] Max HTTP header size for incoming requests for all swift
|
||||
# services. Recommended size is 32768 for PKI keystone tokens.
|
||||
# (Optional) Defaults to 8192
|
||||
|
||||
## DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*swift_hash_suffix*]
|
||||
# DEPRECATED. string of text to be used
|
||||
# as a salt when hashing to determine mappings in the ring.
|
||||
# This file should be the same on every node in the cluster.
|
||||
#
|
||||
# == Dependencies
|
||||
#
|
||||
@@ -29,14 +53,26 @@
|
||||
# Copyright 2011 Puppetlabs Inc, unless otherwise noted.
|
||||
#
|
||||
class swift(
|
||||
$swift_hash_suffix,
|
||||
$package_ensure = 'present',
|
||||
$client_package_ensure = 'present',
|
||||
$max_header_size = '8192',
|
||||
$swift_hash_path_suffix = undef,
|
||||
$swift_hash_path_prefix = undef,
|
||||
$package_ensure = 'present',
|
||||
$client_package_ensure = 'present',
|
||||
$max_header_size = '8192',
|
||||
# DEPRECATED PARAMETERS
|
||||
$swift_hash_suffix = undef,
|
||||
) {
|
||||
|
||||
include ::swift::params
|
||||
|
||||
if ($swift_hash_suffix == undef and $swift_hash_path_suffix == undef) {
|
||||
fail('You must specify swift_hash_path_suffix')
|
||||
} elsif ($swift_hash_suffix != undef and $swift_hash_path_suffix == undef) {
|
||||
warning('swift_hash_suffix has been deprecated and should be replaced with swift_hash_path_suffix, this will be removed as part of the N-cycle')
|
||||
$swift_hash_path_suffix_real = $swift_hash_suffix
|
||||
} else {
|
||||
$swift_hash_path_suffix_real = $swift_hash_path_suffix
|
||||
}
|
||||
|
||||
if !defined(Package['swift']) {
|
||||
package { 'swift':
|
||||
ensure => $package_ensure,
|
||||
@@ -72,10 +108,9 @@ class swift(
|
||||
|
||||
File['/etc/swift/swift.conf'] -> Swift_config<||>
|
||||
|
||||
swift_config { 'swift-hash/swift_hash_path_suffix':
|
||||
value => $swift_hash_suffix,
|
||||
}
|
||||
swift_config { 'swift-constraints/max_header_size':
|
||||
value => $max_header_size,
|
||||
swift_config {
|
||||
'swift-hash/swift_hash_path_suffix': value => $swift_hash_path_suffix_real;
|
||||
'swift-hash/swift_hash_path_prefix': value => $swift_hash_path_prefix;
|
||||
'swift-constraints/max_header_size': value => $max_header_size;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,7 +25,6 @@ describe 'swift' do
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
describe 'when using the default value for package_ensure' do
|
||||
let :file_defaults do
|
||||
{
|
||||
@@ -67,6 +66,19 @@ describe 'swift' do
|
||||
end
|
||||
end
|
||||
|
||||
describe 'when providing swift_hash_path_prefix and swift_hash_path_suffix' do
|
||||
let (:params) do
|
||||
{ :swift_hash_path_suffix => 'mysuffix',
|
||||
:swift_hash_path_prefix => 'myprefix' }
|
||||
end
|
||||
it 'should configure swift.conf' do
|
||||
is_expected.to contain_swift_config(
|
||||
'swift-hash/swift_hash_path_suffix').with_value('mysuffix')
|
||||
is_expected.to contain_swift_config(
|
||||
'swift-hash/swift_hash_path_prefix').with_value('myprefix')
|
||||
end
|
||||
end
|
||||
|
||||
describe 'when overriding client_package_ensure parameter' do
|
||||
it 'should effect ensure state of swift package' do
|
||||
params[:client_package_ensure] = '2.0.2-1'
|
||||
|
||||
Reference in New Issue
Block a user