From c7f41fd9b820134fb1bcfeb75e54c3c022091a41 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Tue, 2 Apr 2013 17:13:05 +0000 Subject: [PATCH] Remove swift credentials from Jenkins slaves. Glance "unit" tests previously connected to a remote swift object store, but this test has not run in some time... known since the credentials it was configured to use have been invalid for a while and nobody noticed. These credentials are sensitive--or at least would be if they were accurate--and thus should not be present on Jenkins unit test slaves for security reasons. Change-Id: Ic4341f7d53209af31c37a4207ab9eff00aa48879 Reviewed-on: https://review.openstack.org/25920 Reviewed-by: James E. Blair Reviewed-by: Anita Kuno Approved: Monty Taylor Reviewed-by: Monty Taylor Tested-by: Jenkins --- manifests/site.pp | 12 ----- .../openstack_project/manifests/glancetest.pp | 14 +----- .../templates/glance_swift.conf.erb | 45 ------------------- 3 files changed, 2 insertions(+), 69 deletions(-) delete mode 100644 modules/openstack_project/templates/glance_swift.conf.erb diff --git a/manifests/site.pp b/manifests/site.pp index 88cc2f8d88..00e1b8c7d9 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -292,9 +292,6 @@ node /^quantal.*\.slave\.openstack\.org$/ { s3_store_access_key => hiera('s3_store_access_key'), s3_store_secret_key => hiera('s3_store_secret_key'), s3_store_bucket => hiera('s3_store_bucket'), - swift_store_user => hiera('swift_store_user'), - swift_store_key => hiera('swift_store_key'), - swift_store_container => hiera('swift_store_container'), } include jenkins::cgroups include ulimit @@ -316,9 +313,6 @@ node /^precise.*\.slave\.openstack\.org$/ { s3_store_access_key => hiera('s3_store_access_key'), s3_store_secret_key => hiera('s3_store_secret_key'), s3_store_bucket => hiera('s3_store_bucket'), - swift_store_user => hiera('swift_store_user'), - swift_store_key => hiera('swift_store_key'), - swift_store_container => hiera('swift_store_container'), } include jenkins::cgroups include ulimit @@ -340,9 +334,6 @@ node /^oneiric.*\.slave\.openstack\.org$/ { s3_store_access_key => hiera('s3_store_access_key'), s3_store_secret_key => hiera('s3_store_secret_key'), s3_store_bucket => hiera('s3_store_bucket'), - swift_store_user => hiera('swift_store_user'), - swift_store_key => hiera('swift_store_key'), - swift_store_container => hiera('swift_store_container'), } include jenkins::cgroups include ulimit @@ -365,9 +356,6 @@ node /^rhel6.*\.slave\.openstack\.org$/ { s3_store_access_key => hiera('s3_store_access_key'), s3_store_secret_key => hiera('s3_store_secret_key'), s3_store_bucket => hiera('s3_store_bucket'), - swift_store_user => hiera('swift_store_user'), - swift_store_key => hiera('swift_store_key'), - swift_store_container => hiera('swift_store_container'), } include jenkins::cgroups include ulimit diff --git a/modules/openstack_project/manifests/glancetest.pp b/modules/openstack_project/manifests/glancetest.pp index 4dd5134fdd..518901280b 100644 --- a/modules/openstack_project/manifests/glancetest.pp +++ b/modules/openstack_project/manifests/glancetest.pp @@ -4,11 +4,7 @@ class openstack_project::glancetest( $s3_store_access_key = '', $s3_store_secret_key = '', $s3_store_bucket = '', - $swift_store_user = '', - $swift_store_key = '', - $swift_store_container = '', $s3_store_host = 's3.amazonaws.com', - $swift_store_auth_address = 'auth.api.rackspacecloud.com/v1.0/' ) { file { 'jenkinsglanceconfigdir': @@ -30,13 +26,7 @@ class openstack_project::glancetest( content => template('openstack_project/glance_s3.conf.erb'), } - file { 'glanceswiftconf': - ensure => present, - name => '/home/jenkins/.config/glance/swift.conf', - owner => 'jenkins', - group => 'jenkins', - mode => '0400', - require => File['jenkinsglanceconfigdir'], - content => template('openstack_project/glance_swift.conf.erb'), + file { '/home/jenkins/.config/glance/swift.conf': + ensure => absent, } } diff --git a/modules/openstack_project/templates/glance_swift.conf.erb b/modules/openstack_project/templates/glance_swift.conf.erb deleted file mode 100644 index 9c73f8a5a4..0000000000 --- a/modules/openstack_project/templates/glance_swift.conf.erb +++ /dev/null @@ -1,45 +0,0 @@ -[DEFAULT] -# Which backend store should Glance use by default is not specified -# in a request to add a new image to Glance? Default: 'file' -# Available choices are 'file', 'swift', and 's3' -default_store = swift - -# ============ Swift Store Options ============================= - -# Address where the Swift authentication service lives -swift_store_auth_address = <%= swift_store_auth_address %> - -# User to authenticate against the Swift authentication service -swift_store_user = <%= swift_store_user %> - -# Auth key for the user authenticating against the -# Swift authentication service -swift_store_key = <%= swift_store_key %> - -# Container within the account that the account should use -# for storing images in Swift -swift_store_container = <%= swift_store_container %> - -# Do we create the container if it does not exist? -swift_store_create_container_on_put = False - -[pipeline:glance-api] -pipeline = versionnegotiation context apiv1app - -[pipeline:versions] -pipeline = versionsapp - -[app:versionsapp] -paste.app_factory = glance.api.versions:app_factory - -[app:apiv1app] -paste.app_factory = glance.api.v1:app_factory - -[filter:versionnegotiation] -paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory - -[filter:imagecache] -paste.filter_factory = glance.api.middleware.image_cache:filter_factory - -[filter:context] -paste.filter_factory = glance.common.context:filter_factory