Implement additional proxy middlewares

This commit implements additional proxy middlewares
  - catch_errors - handles errors
  - ratelimit    - limits incoming requests
  - s3token - misddleware for s3auth
  - swift3 - implement swift APIs

These middlewares needed to be modeled b/c they
are configurable interfaces that needed to be
configurable via Puppet.
This commit is contained in:
François Charlier 2012-06-04 13:18:12 -07:00 committed by Dan Bode
parent d831ec1c45
commit caad4e3732
14 changed files with 354 additions and 2 deletions

View File

@ -0,0 +1,27 @@
#
# Configure swift cache_errors.
#
# == Dependencies
#
# == Examples
#
# include 'swift::proxy::catch_errors'
#
# == Authors
#
# François Charlier fcharlier@ploup.net
#
# == Copyright
#
# Copyright 2012 eNovance licensing@enovance.com
#
class swift::proxy::catch_errors() {
concat::fragment { 'swift_catch_errors':
target => '/etc/swift/proxy-server.conf',
content => template('swift/proxy/catch_errors.conf.erb'),
order => '24',
}
}

View File

@ -0,0 +1,46 @@
#
# Configure swift ratelimit.
#
# See Swift's ratelimit documentation for more detail about the values.
#
# == Parameters
# [clock_accuracy] The accuracy of swift proxy servers' clocks.
# 1000 is 1ms max difference. No rate should be higher than this.
# Optional. Defaults to 1000
# [max_sleep_time_seconds] Time before the app returns a 498 response.
# Optional. Defaults to 60.
# [log_sleep_time_seconds] if >0, enables logging of sleeps longer than
# the value.
# Optional. Defaults to 0.
# [rate_buffer_seconds] Time in second the rate counter can skip.
# Optional. Defaults to 5.
# [account_ratelimit] if >0, limits PUT and DELETE requests to containers
# Optional. Defaults to 0.
#
# == Dependencies
#
# == Examples
#
# == Authors
#
# François Charlier fcharlier@ploup.net
#
# == Copyright
#
# Copyright 2012 eNovance licensing@enovance.com
#
class swift::proxy::ratelimit(
$clock_accuracy = 1000,
$max_sleep_time_seconds = 60,
$log_sleep_time_seconds = 0,
$rate_buffer_seconds = 5,
$account_ratelimit = 0
) {
concat::fragment { 'swift_ratelimit':
target => '/etc/swift/proxy-server.conf',
content => template('swift/proxy/ratelimit.conf.erb'),
order => '26',
}
}

View File

@ -0,0 +1,37 @@
#
# Configure swift s3token.
#
# == Parameters
# [auth_host] the keystone host
# Optional. Defaults to 127.0.0.1
# [auth_port] the Keystone client API port
# Optional. Defaults to 5000
# [auth_protocol] http or https
# Optional. Defaults to http
#
# == Dependencies
#
# == Examples
#
# == Authors
#
# François Charlier fcharlier@ploup.net
#
# == Copyright
#
# Copyright 2012 eNovance licensing@enovance.com
#
class swift::proxy::s3token(
auth_host = '127.0.0.1',
auth_port = 5000,
auth_protocol = 'http'
) {
concat::fragment { 'swift_s3token':
target => '/etc/swift/proxy-server.conf',
content => template('swift/proxy/s3token.conf.erb'),
order => '28',
}
include 'keystone::python'
}

24
manifests/proxy/swift3.pp Normal file
View File

@ -0,0 +1,24 @@
#
# Configure swift swift3.
#
# == Dependencies
#
# == Examples
#
# == Authors
#
# François Charlier fcharlier@ploup.net
#
# == Copyright
#
# Copyright 2012 eNovance licensing@enovance.com
#
class swift::proxy::swift3() {
concat::fragment { 'swift_swift3':
target => '/etc/swift/proxy-server.conf',
content => template('swift/proxy/swift3.conf.erb'),
order => '27',
}
}

View File

@ -0,0 +1,35 @@
require 'spec_helper'
describe 'swift::proxy::authtoken' do
let :facts do
{
:concat_basedir => '/var/lib/puppet/concat',
}
end
let :pre_condition do
'
include concat::setup
concat { "/etc/swift/proxy-server.conf": }
'
end
let :params do
{
:admin_token => 'admin_token',
:admin_user => 'admin_user',
:admin_tenant_name => 'admin_tenant_name',
:admin_password => 'admin_password',
:delay_auth_decision => 42,
:auth_host => '1.2.3.4',
:auth_port => 4682,
:auth_protocol => 'https'
}
end
it { should contain_keystone__client__authtoken('/etc/swift/proxy-server.conf').with(
params
)}
end

View File

@ -0,0 +1,23 @@
require 'spec_helper'
describe 'swift::proxy::catch_errors' do
let :facts do
{
:concat_basedir => '/var/lib/puppet/concat'
}
end
let :pre_condition do
'class { "concat::setup": }
concat { "/etc/swift/proxy-server.conf": }'
end
let :fragment_file do
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/24_swift_catch_errors"
end
it { should contain_file(fragment_file).with_content(/[filter:catch_errors]/) }
it { should contain_file(fragment_file).with_content(/use = egg:swift#catch_errors/) }
end

View File

@ -19,6 +19,8 @@ describe 'swift::proxy::keystone' do
'
end
it { should include_class('keystone::python') }
it { should contain_file(fragment_file).with_content(/[filter:keystone]/) }
it { should contain_file(fragment_file).with_content(/paste.filter_factory = keystone.middleware.swift_auth:filter_factory/) }
@ -29,8 +31,6 @@ describe 'swift::proxy::keystone' do
it { should contain_file(fragment_file).with_content(/is_admin = true/) }
it { should contain_file(fragment_file).with_content(/cache = swift.cache/) }
it { should contain_keystone__client__authtoken('/etc/swift/proxy-server.conf') }
end
describe 'with parameter overrides' do

View File

@ -0,0 +1,61 @@
require 'spec_helper'
describe 'swift::proxy::ratelimit' do
let :facts do
{
:concat_basedir => '/var/lib/puppet/concat'
}
end
let :pre_condition do
'class { "concat::setup": }
concat { "/etc/swift/proxy-server.conf": }'
end
let :fragment_file do
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/26_swift_ratelimit"
end
describe "when using default parameters" do
it 'should build the fragment with correct parameters' do
verify_contents(subject, fragment_file,
[
'[filter:ratelimit]',
'use = egg:swift#ratelimit',
'clock_accuracy = 1000',
'max_sleep_time_seconds = 60',
'log_sleep_time_seconds = 0',
'rate_buffer_seconds = 5',
'account_ratelimit = 0',
]
)
end
end
describe "when overriding default parameters" do
let :params do
{
:clock_accuracy => 9436,
:max_sleep_time_seconds => 3600,
:log_sleep_time_seconds => 42,
:rate_buffer_seconds => 51,
:account_ratelimit => 69
}
end
it 'should build the fragment with correct parameters' do
verify_contents(subject, fragment_file,
[
'[filter:ratelimit]',
'use = egg:swift#ratelimit',
'clock_accuracy = 9436',
'max_sleep_time_seconds = 3600',
'log_sleep_time_seconds = 42',
'rate_buffer_seconds = 51',
'account_ratelimit = 69',
]
)
end
end
end

View File

@ -0,0 +1,57 @@
require 'spec_helper'
describe 'swift::proxy::s3token' do
let :facts do
{
:concat_basedir => '/var/lib/puppet/concat'
}
end
let :pre_condition do
'class { "concat::setup": }
concat { "/etc/swift/proxy-server.conf": }'
end
let :fragment_file do
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/28_swift_s3token"
end
it { should include_class('keystone::python') }
describe "when using default parameters" do
it 'should build the fragment with correct parameters' do
verify_contents(subject, fragment_file,
[
'[filter:s3token]',
'paste.filter_factory = keystone.middleware.s3_token:filter_factory',
'auth_port = 5000',
'auth_protocol = http',
'auth_host = 127.0.0.1'
]
)
end
end
describe "when overriding default parameters" do
let :params do
{
:auth_port => 4212,
:auth_protocol => 'https',
:auth_host => '1.2.3.4'
}
end
it 'should build the fragment with correct parameters' do
verify_contents(subject, fragment_file,
[
'[filter:s3token]',
'paste.filter_factory = keystone.middleware.s3_token:filter_factory',
'auth_port = 4212',
'auth_protocol = https',
'auth_host = 1.2.3.4'
]
)
end
end
end

View File

@ -0,0 +1,23 @@
require 'spec_helper'
describe 'swift::proxy::swift3' do
let :facts do
{
:concat_basedir => '/var/lib/puppet/concat'
}
end
let :pre_condition do
'class { "concat::setup": }
concat { "/etc/swift/proxy-server.conf": }'
end
let :fragment_file do
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/27_swift_swift3"
end
it { should contain_file(fragment_file).with_content(/[filter:swift3]/) }
it { should contain_file(fragment_file).with_content(/use = egg:swift#swift3/) }
end

View File

@ -0,0 +1,3 @@
[filter:catch_errors]
use = egg:swift#catch_errors

View File

@ -0,0 +1,8 @@
[filter:ratelimit]
use = egg:swift#ratelimit
clock_accuracy = <%= clock_accuracy %>
max_sleep_time_seconds = <%= max_sleep_time_seconds %>
log_sleep_time_seconds = <%= log_sleep_time_seconds %>
rate_buffer_seconds = <%= rate_buffer_seconds %>
account_ratelimit = <%= account_ratelimit %>

View File

@ -0,0 +1,5 @@
[filter:s3token]
paste.filter_factory = keystone.middleware.s3_token:filter_factory
auth_port = <%= auth_port %>
auth_protocol = <%= auth_protocol %>
auth_host = <%= auth_host %>

View File

@ -0,0 +1,3 @@
[filter:swift3]
use = egg:swift#swift3