Remove credentials for glance S3 testing.

Some glance "unit" tests connect to a remote S3 account, but this is not in the spirit of proper unit testing and it's unclear whether the tests are even run any longer. Also, it would be best not to have credentials for remote services sitting on Jenkins unit test slaves as they're accessible to any other tests and could be trivially exposed. Change-Id: I2cf76f9a77efc08598e803d3413bb719e84bfe6a Reviewed-on: https://review.openstack.org/25921 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Mark Washenberger <mark.washenberger@markwash.net> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-04-02 17:18:59 +00:00 · 2013-04-02 17:18:59 +00:00 · 35ccdfc175
commit 35ccdfc175
parent 87ccf71b58
3 changed files with 12 additions and 97 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -290,10 +290,9 @@ node /^quantal.*\.slave\.openstack\.org$/ {
    certname  => 'quantal.slave.openstack.org',
    sysadmins => hiera('sysadmins'),
  }
-  class { 'openstack_project::glancetest':
-    s3_store_access_key   => hiera('s3_store_access_key'),
-    s3_store_secret_key   => hiera('s3_store_secret_key'),
-    s3_store_bucket       => hiera('s3_store_bucket'),
+  file { '/home/jenkins/.config/glance':
+    ensure  => absent,
+    recurse => true,
  }
  include jenkins::cgroups
  include ulimit
@ -311,10 +310,9 @@ node /^precise.*\.slave\.openstack\.org$/ {
    certname  => 'precise.slave.openstack.org',
    sysadmins => hiera('sysadmins'),
  }
-  class { 'openstack_project::glancetest':
-    s3_store_access_key   => hiera('s3_store_access_key'),
-    s3_store_secret_key   => hiera('s3_store_secret_key'),
-    s3_store_bucket       => hiera('s3_store_bucket'),
+  file { '/home/jenkins/.config/glance':
+    ensure  => absent,
+    recurse => true,
  }
  include jenkins::cgroups
  include ulimit
@ -332,10 +330,9 @@ node /^oneiric.*\.slave\.openstack\.org$/ {
    certname  => 'oneiric.slave.openstack.org',
    sysadmins => hiera('sysadmins'),
  }
-  class { 'openstack_project::glancetest':
-    s3_store_access_key   => hiera('s3_store_access_key'),
-    s3_store_secret_key   => hiera('s3_store_secret_key'),
-    s3_store_bucket       => hiera('s3_store_bucket'),
+  file { '/home/jenkins/.config/glance':
+    ensure  => absent,
+    recurse => true,
  }
  include jenkins::cgroups
  include ulimit
@ -354,10 +351,9 @@ node /^rhel6.*\.slave\.openstack\.org$/ {
    certname  => 'rhel6.slave.openstack.org',
    sysadmins => hiera('sysadmins'),
  }
-  class { 'openstack_project::glancetest':
-    s3_store_access_key   => hiera('s3_store_access_key'),
-    s3_store_secret_key   => hiera('s3_store_secret_key'),
-    s3_store_bucket       => hiera('s3_store_bucket'),
+  file { '/home/jenkins/.config/glance':
+    ensure  => absent,
+    recurse => true,
  }
  include jenkins::cgroups
  include ulimit
--- a/modules/openstack_project/manifests/glancetest.pp
+++ b/modules/openstack_project/manifests/glancetest.pp
@ -1,32 +0,0 @@
-# == Class: openstack_project::glancetest
-#
-class openstack_project::glancetest(
-  $s3_store_access_key = '',
-  $s3_store_secret_key = '',
-  $s3_store_bucket = '',
-  $s3_store_host = 's3.amazonaws.com',
-) {
-
-  file { 'jenkinsglanceconfigdir':
-    ensure  => directory,
-    name    => '/home/jenkins/.config/glance',
-    owner   => 'jenkins',
-    group   => 'jenkins',
-    mode    => '0700',
-    require => Class['::jenkins::jenkinsuser'],
-  }
-
-  file { 'glances3conf':
-    ensure  => present,
-    name    => '/home/jenkins/.config/glance/s3.conf',
-    owner   => 'jenkins',
-    group   => 'jenkins',
-    mode    => '0400',
-    require => File['jenkinsglanceconfigdir'],
-    content => template('openstack_project/glance_s3.conf.erb'),
-  }
-
-  file { '/home/jenkins/.config/glance/swift.conf':
-    ensure => absent,
-  }
-}
--- a/modules/openstack_project/templates/glance_s3.conf.erb
+++ b/modules/openstack_project/templates/glance_s3.conf.erb
@ -1,49 +0,0 @@
-[DEFAULT]
-# Which backend store should Glance use by default is not specified
-# in a request to add a new image to Glance? Default: 'file'
-# Available choices are 'file', 'swift', and 's3'
-default_store = s3
-
-# ============ S3 Store Options =============================
-
-# Address where the S3 authentication service lives
-s3_store_host = <%= s3_store_host %>
-
-# User to authenticate against the S3 authentication service
-s3_store_access_key = <%= s3_store_access_key %>
-
-# Auth key for the user authenticating against the
-# S3 authentication service
-s3_store_secret_key = <%= s3_store_secret_key %>
-
-# Container within the account that the account should use
-# for storing images in S3. Note that S3 has a flat namespace,
-# so you need a unique bucket name for your glance images. An
-# easy way to do this is append your AWS access key to "glance".
-# S3 buckets in AWS *must* be lowercased, so remember to lowercase
-# your AWS access key if you use it in your bucket name below!
-s3_store_bucket = <%= s3_store_bucket %>
-
-# Do we create the bucket if it does not exist?
-s3_store_create_bucket_on_put = True
-
-[pipeline:glance-api]
-pipeline = versionnegotiation context apiv1app
-
-[pipeline:versions]
-pipeline = versionsapp
-
-[app:versionsapp]
-paste.app_factory = glance.api.versions:app_factory
-
-[app:apiv1app]
-paste.app_factory = glance.api.v1:app_factory
-
-[filter:versionnegotiation]
-paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
-
-[filter:imagecache]
-paste.filter_factory = glance.api.middleware.image_cache:filter_factory
-
-[filter:context]
-paste.filter_factory = glance.common.context:filter_factory