Implement additional proxy middlewares

This commit implements additional proxy middlewares
  - catch_errors - handles errors
  - ratelimit    - limits incoming requests
  - s3token - misddleware for s3auth
  - swift3 - implement swift APIs

These middlewares needed to be modeled b/c they
are configurable interfaces that needed to be
configurable via Puppet.

manifests/proxy/catch_errors.pp

@@ -0,0 +1,27 @@
+#
+# Configure swift cache_errors.
+#
+# == Dependencies
+#
+# == Examples
+#
+#  include 'swift::proxy::catch_errors'
+#
+# == Authors
+#
+#   François Charlier fcharlier@ploup.net
+#
+# == Copyright
+#
+# Copyright 2012 eNovance licensing@enovance.com
+#
+
+class swift::proxy::catch_errors() {
+
+  concat::fragment { 'swift_catch_errors':
+    target  => '/etc/swift/proxy-server.conf',
+    content => template('swift/proxy/catch_errors.conf.erb'),
+    order   => '24',
+  }
+
+}

manifests/proxy/ratelimit.pp

@@ -0,0 +1,46 @@
+#
+# Configure swift ratelimit.
+#
+# See Swift's ratelimit documentation for more detail about the values.
+#
+# == Parameters
+#  [clock_accuracy] The accuracy of swift proxy servers' clocks.
+#   1000 is 1ms max difference. No rate should be higher than this.
+#   Optional. Defaults to 1000
+#  [max_sleep_time_seconds] Time before the app returns a 498 response.
+#   Optional. Defaults to 60.
+#  [log_sleep_time_seconds] if >0, enables logging of sleeps longer than
+#   the value.
+#   Optional. Defaults to 0.
+#  [rate_buffer_seconds] Time in second the rate counter can skip.
+#   Optional. Defaults to 5.
+#  [account_ratelimit] if >0, limits PUT and DELETE requests to containers
+#   Optional. Defaults to 0.
+#
+# == Dependencies
+#
+# == Examples
+#
+# == Authors
+#
+#   François Charlier fcharlier@ploup.net
+#
+# == Copyright
+#
+# Copyright 2012 eNovance licensing@enovance.com
+#
+class swift::proxy::ratelimit(
+  $clock_accuracy = 1000,
+  $max_sleep_time_seconds = 60,
+  $log_sleep_time_seconds = 0,
+  $rate_buffer_seconds = 5,
+  $account_ratelimit = 0
+) {
+
+  concat::fragment { 'swift_ratelimit':
+    target  => '/etc/swift/proxy-server.conf',
+    content => template('swift/proxy/ratelimit.conf.erb'),
+    order   => '26',
+  }
+
+}

manifests/proxy/s3token.pp

@@ -0,0 +1,37 @@
+#
+# Configure swift s3token.
+#
+# == Parameters
+#  [auth_host] the keystone host
+#   Optional. Defaults to 127.0.0.1
+#  [auth_port] the Keystone client API port
+#   Optional. Defaults to 5000
+#  [auth_protocol] http or https
+#   Optional. Defaults to http
+#
+# == Dependencies
+#
+# == Examples
+#
+# == Authors
+#
+#   François Charlier fcharlier@ploup.net
+#
+# == Copyright
+#
+# Copyright 2012 eNovance licensing@enovance.com
+#
+class swift::proxy::s3token(
+  auth_host = '127.0.0.1',
+  auth_port = 5000,
+  auth_protocol = 'http'
+) {
+
+  concat::fragment { 'swift_s3token':
+    target  => '/etc/swift/proxy-server.conf',
+    content => template('swift/proxy/s3token.conf.erb'),
+    order   => '28',
+  }
+
+  include 'keystone::python'
+}

manifests/proxy/swift3.pp

@@ -0,0 +1,24 @@
+#
+# Configure swift swift3.
+#
+# == Dependencies
+#
+# == Examples
+#
+# == Authors
+#
+#   François Charlier fcharlier@ploup.net
+#
+# == Copyright
+#
+# Copyright 2012 eNovance licensing@enovance.com
+#
+class swift::proxy::swift3() {
+
+  concat::fragment { 'swift_swift3':
+    target  => '/etc/swift/proxy-server.conf',
+    content => template('swift/proxy/swift3.conf.erb'),
+    order   => '27',
+  }
+
+}

spec/classes/swift_proxy_authtoken_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe 'swift::proxy::authtoken' do
+
+  let :facts do
+    {
+      :concat_basedir => '/var/lib/puppet/concat',
+    }
+  end
+
+  let :pre_condition do
+    '
+      include concat::setup
+      concat { "/etc/swift/proxy-server.conf": }
+    '
+  end
+
+  let :params do
+    {
+      :admin_token => 'admin_token',
+      :admin_user => 'admin_user',
+      :admin_tenant_name => 'admin_tenant_name',
+      :admin_password => 'admin_password',
+      :delay_auth_decision => 42,
+      :auth_host => '1.2.3.4',
+      :auth_port => 4682,
+      :auth_protocol => 'https'
+    }
+  end
+
+  it { should contain_keystone__client__authtoken('/etc/swift/proxy-server.conf').with(
+    params
+  )}
+
+end

spec/classes/swift_proxy_catch_errors_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe 'swift::proxy::catch_errors' do
+
+  let :facts do
+    {
+      :concat_basedir => '/var/lib/puppet/concat'
+    }
+  end
+
+  let :pre_condition do
+    'class { "concat::setup": }
+     concat { "/etc/swift/proxy-server.conf": }'
+  end
+
+  let :fragment_file do
+    "/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/24_swift_catch_errors"
+  end
+
+  it { should contain_file(fragment_file).with_content(/[filter:catch_errors]/) }
+  it { should contain_file(fragment_file).with_content(/use = egg:swift#catch_errors/) }
+
+end

spec/classes/swift_proxy_keystone_spec.rb

@@ -19,6 +19,8 @@ describe 'swift::proxy::keystone' do
     '
   end
 
+  it { should include_class('keystone::python') }
+
   it { should contain_file(fragment_file).with_content(/[filter:keystone]/) }
 
   it { should contain_file(fragment_file).with_content(/paste.filter_factory = keystone.middleware.swift_auth:filter_factory/) }
@@ -29,8 +31,6 @@ describe 'swift::proxy::keystone' do
     it { should contain_file(fragment_file).with_content(/is_admin = true/) }
     it { should contain_file(fragment_file).with_content(/cache = swift.cache/) }
 
-    it { should contain_keystone__client__authtoken('/etc/swift/proxy-server.conf') }
-
   end
 
   describe 'with parameter overrides' do

spec/classes/swift_proxy_ratelimit_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe 'swift::proxy::ratelimit' do
+
+  let :facts do
+    {
+      :concat_basedir => '/var/lib/puppet/concat'
+    }
+  end
+
+  let :pre_condition do
+    'class { "concat::setup": }
+     concat { "/etc/swift/proxy-server.conf": }'
+  end
+
+  let :fragment_file do
+    "/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/26_swift_ratelimit"
+  end
+
+  describe "when using default parameters" do
+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:ratelimit]',
+          'use = egg:swift#ratelimit',
+          'clock_accuracy = 1000',
+          'max_sleep_time_seconds = 60',
+          'log_sleep_time_seconds = 0',
+          'rate_buffer_seconds = 5',
+          'account_ratelimit = 0',
+        ]
+      )
+    end
+  end
+
+  describe "when overriding default parameters" do
+    let :params do
+      {
+        :clock_accuracy         => 9436,
+        :max_sleep_time_seconds => 3600,
+        :log_sleep_time_seconds => 42,
+        :rate_buffer_seconds    => 51,
+        :account_ratelimit      => 69
+      }
+    end
+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:ratelimit]',
+          'use = egg:swift#ratelimit',
+          'clock_accuracy = 9436',
+          'max_sleep_time_seconds = 3600',
+          'log_sleep_time_seconds = 42',
+          'rate_buffer_seconds = 51',
+          'account_ratelimit = 69',
+        ]
+      )
+    end
+  end
+
+end

spec/classes/swift_proxy_s3token_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+
+describe 'swift::proxy::s3token' do
+
+  let :facts do
+    {
+      :concat_basedir => '/var/lib/puppet/concat'
+    }
+  end
+
+  let :pre_condition do
+    'class { "concat::setup": }
+     concat { "/etc/swift/proxy-server.conf": }'
+  end
+
+  let :fragment_file do
+    "/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/28_swift_s3token"
+  end
+
+  it { should include_class('keystone::python') }
+
+  describe "when using default parameters" do
+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:s3token]',
+          'paste.filter_factory = keystone.middleware.s3_token:filter_factory',
+          'auth_port = 5000',
+          'auth_protocol = http',
+          'auth_host = 127.0.0.1'
+        ]
+      )
+    end
+  end
+
+  describe "when overriding default parameters" do
+    let :params do
+      {
+          :auth_port     => 4212,
+          :auth_protocol => 'https',
+          :auth_host     => '1.2.3.4'
+      }
+    end
+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:s3token]',
+          'paste.filter_factory = keystone.middleware.s3_token:filter_factory',
+          'auth_port = 4212',
+          'auth_protocol = https',
+          'auth_host = 1.2.3.4'
+        ]
+      )
+    end
+  end
+
+end

spec/classes/swift_proxy_swift3_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe 'swift::proxy::swift3' do
+
+  let :facts do
+    {
+      :concat_basedir => '/var/lib/puppet/concat'
+    }
+  end
+
+  let :pre_condition do
+    'class { "concat::setup": }
+     concat { "/etc/swift/proxy-server.conf": }'
+  end
+
+  let :fragment_file do
+    "/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/27_swift_swift3"
+  end
+
+  it { should contain_file(fragment_file).with_content(/[filter:swift3]/) }
+  it { should contain_file(fragment_file).with_content(/use = egg:swift#swift3/) }
+
+end

templates/proxy/catch_errors.conf.erb

@@ -0,0 +1,3 @@
+[filter:catch_errors]
+use = egg:swift#catch_errors
+

templates/proxy/ratelimit.conf.erb

@@ -0,0 +1,8 @@
+[filter:ratelimit]
+use = egg:swift#ratelimit
+clock_accuracy = <%= clock_accuracy %>
+max_sleep_time_seconds = <%= max_sleep_time_seconds %>
+log_sleep_time_seconds = <%= log_sleep_time_seconds %>
+rate_buffer_seconds = <%= rate_buffer_seconds %>
+account_ratelimit = <%= account_ratelimit %>
+

templates/proxy/s3token.conf.erb

@@ -0,0 +1,5 @@
+[filter:s3token]
+paste.filter_factory = keystone.middleware.s3_token:filter_factory
+auth_port = <%= auth_port %>
+auth_protocol = <%= auth_protocol %>
+auth_host = <%= auth_host %>

templates/proxy/swift3.conf.erb

@@ -0,0 +1,3 @@
+[filter:swift3]
+use = egg:swift#swift3 
+