Use Mistral to create Swift temporary URLs

This patch consists of two parts. A new Mistral action has been added to create signed temporary URLs. The method to generate temporary URLs isnt' exposed by python-swiftclient, therefore adding that method using it's own action. It also sets the required metadata with a random key if not yet existing. The deployment workbook has been updated to create two temporary URLs (one PUT, one GET) that can be used during the deployment for up- and downloading Swift rings to the undercloud node. Related-Bug: 1609421 Change-Id: Ic3da38cffdd993c768bdb137c17d625dff1aa372
2016-12-20 16:50:19 +00:00 · 2016-12-20 16:50:19 +00:00 · 067049594a
commit 067049594a
parent f6854d453a
5 changed files with 155 additions and 1 deletions
--- a/releasenotes/notes/mistral-swift-tempurl-action-ce4946a0b76db53c.yaml
+++ b/releasenotes/notes/mistral-swift-tempurl-action-ce4946a0b76db53c.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - A new Mistral action has been added to create signed temporary URLs. It
+    also sets the required metadata with a random key if not yet existing.
+    This can be used on overcloud nodes to pull and push objects, for example
+    to distribute Swift rings across all nodes.
--- a/setup.cfg
+++ b/setup.cfg
@ -85,6 +85,7 @@ mistral.actions =
    tripleo.plan.list = tripleo_common.actions.plan:ListPlansAction
    tripleo.role.list = tripleo_common.actions.plan:ListRolesAction
    tripleo.scale.delete_node = tripleo_common.actions.scale:ScaleDownAction
+    tripleo.swift.tempurl = tripleo_common.actions.swifthelper:SwiftTempUrlAction
    tripleo.templates.process = tripleo_common.actions.templates:ProcessTemplatesAction
    tripleo.templates.upload_default = tripleo_common.actions.templates:UploadTemplatesAction
    tripleo.validations.get_pubkey = tripleo_common.actions.validations:GetPubkeyAction
--- a/tripleo_common/actions/swifthelper.py
+++ b/tripleo_common/actions/swifthelper.py
@ -0,0 +1,49 @@
+# Copyright 2016 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import uuid
+
+from six.moves import urllib
+from swiftclient import exceptions as swiftexceptions
+from swiftclient.utils import generate_temp_url
+from tripleo_common.actions import base
+
+
+class SwiftTempUrlAction(base.TripleOAction):
+
+    def __init__(self, container, obj, method='GET', valid='86400'):
+        super(SwiftTempUrlAction, self).__init__()
+        self.container = container
+        self.obj = obj
+        self.method = method
+        self.valid = valid
+
+    def run(self):
+        swift_client = self.get_object_client()
+
+        try:
+            cont_stat = swift_client.head_container(self.container)
+        except swiftexceptions.ClientException:
+            cont_stat = {}
+
+        key = cont_stat.get('x-container-meta-temp-url-key')
+        if not key:
+            key = str(uuid.uuid4())
+            cont_stat = swift_client.put_container(
+                self.container, {'X-Container-Meta-Temp-Url-Key': key})
+        parsed = urllib.parse.urlparse(swift_client.url)
+        path = "%s/%s/%s" % (parsed.path, self.container, self.obj)
+        temp_path = generate_temp_url(path, self.valid, key, self.method)
+        return "%s://%s%s" % (parsed.scheme, parsed.netloc, temp_path)
--- a/tripleo_common/tests/actions/test_swifthelper.py
+++ b/tripleo_common/tests/actions/test_swifthelper.py
@ -0,0 +1,58 @@
+# Copyright 2016 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+import mock
+
+from tripleo_common.actions import swifthelper
+from tripleo_common.tests import base
+
+
+class SwiftTempUrlActionTest(base.TestCase):
+    @mock.patch('time.time')
+    @mock.patch('uuid.uuid4')
+    @mock.patch('tripleo_common.actions.base.TripleOAction.get_object_client')
+    @mock.patch('mistral.context.ctx')
+    def _test_get_tempurl(self, secret, mock_ctx, mock_get_object_client,
+                          mock_uuid, mock_time):
+        mock_ctx.return_value = mock.MagicMock()
+
+        url = "http://swift:8080/v1/AUTH_test"
+        swiftclient = mock.MagicMock(url=url)
+        headers = {}
+        if secret:
+            headers['x-container-meta-temp-url-key'] = secret
+        swiftclient.head_container.return_value = headers
+        mock_get_object_client.return_value = swiftclient
+
+        mock_uuid.return_value = '1-2-3-4'
+        mock_time.return_value = 1500000000
+
+        action = swifthelper.SwiftTempUrlAction("container", "obj")
+        tempurl = action.run()
+
+        expected = "%s/container/obj?temp_url_sig=%s&temp_url_expires=%d" % (
+            url, "ea8fdc57e2b2b1fbb7210bddd40029a7c8d5e2ed", 1500086400)
+        self.assertEqual(expected, tempurl)
+
+        if not secret:
+            swiftclient.put_container.assert_called_with(
+                'container', {'X-Container-Meta-Temp-Url-Key': '1-2-3-4'})
+
+    def test_get_tempurl(self):
+        # temp-url-key already set on the container
+        self._test_get_tempurl('1-2-3-4')
+
+    def test_get_tempurl_no_key(self):
+        # temp-url-key not yet set
+        self._test_get_tempurl(None)
--- a/workbooks/deployment.yaml
+++ b/workbooks/deployment.yaml
@ -128,7 +128,7 @@ workflows:

      get_heat_stack:
        action: heat.stacks_get stack_id=<% $.container %>
-        on-error: deploy
+        on-error: check_container
        on-success:
          - set_stack_in_progress: <% "_IN_PROGRESS" in task(get_heat_stack).result.stack_status %>
          - deploy: <% not "_IN_PROGRESS" in task(get_heat_stack).result.stack_status %>
@ -139,6 +139,46 @@ workflows:
          status: FAILED
          message: The Heat stack is busy.

+      check_container:
+        action: swift.head_container container=<% $.container %>
+        on-success: get_tempurl
+        on-error: create_container
+
+      create_container:
+        action: tripleo.plan.create_container container="<% $.container %>-swift-rings"
+        on-success: get_tempurl
+
+      get_tempurl:
+        action: tripleo.swift.tempurl
+        on-success: set_get_tempurl
+        input:
+          container: "<% $.container %>-swift-rings"
+          obj: "swift-rings.tar.gz"
+
+      set_get_tempurl:
+        action: tripleo.parameters.update
+        input:
+          parameters:
+            SwiftRingGetTempurl: <% task(get_tempurl).result %>
+          container: <% $.container %>
+        on-success: put_tempurl
+
+      put_tempurl:
+        action: tripleo.swift.tempurl
+        on-success: set_put_tempurl
+        input:
+          container: "<% $.container %>-swift-rings"
+          obj: "swift-rings.tar.gz"
+          method: "PUT"
+
+      set_put_tempurl:
+        action: tripleo.parameters.update
+        input:
+          parameters:
+            SwiftRingPutTempurl: <% task(put_tempurl).result %>
+          container: <% $.container %>
+        on-success: deploy
+
      deploy:
        action: tripleo.deployment.deploy timeout=<% $.timeout %> container=<% $.container %>
        on-success: send_message