Merge "swift-dsvm: Enable s3api"
This commit is contained in:
Zuul
Gerrit Code Review
commit
8f1a40eaae
61
roles/additional-keystone-users/tasks/main.yaml
Normal file
61
roles/additional-keystone-users/tasks/main.yaml
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
- name: Set S3 endpoint
|
||||||
|
ini_file:
|
||||||
|
path: /etc/swift/test.conf
|
||||||
|
section: func_test
|
||||||
|
option: s3_storage_url
|
||||||
|
value: http://localhost:8080
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Create primary S3 user
|
||||||
|
shell: >
|
||||||
|
openstack --os-auth-url http://localhost/identity
|
||||||
|
--os-project-domain-id default --os-project-name admin
|
||||||
|
--os-user-domain-id default --os-username admin
|
||||||
|
--os-password secretadmin
|
||||||
|
credential create --type ec2 --project swiftprojecttest1 swiftusertest1
|
||||||
|
'{"access": "s3-user1", "secret": "s3-secret1"}'
|
||||||
|
- name: Add primary S3 user to test.conf
|
||||||
|
ini_file:
|
||||||
|
path: /etc/swift/test.conf
|
||||||
|
section: func_test
|
||||||
|
option: s3_access_key
|
||||||
|
value: s3-user1
|
||||||
|
become: true
|
||||||
|
- name: Add primary S3 user secret to test.conf
|
||||||
|
ini_file:
|
||||||
|
path: /etc/swift/test.conf
|
||||||
|
section: func_test
|
||||||
|
option: s3_secret_key
|
||||||
|
value: s3-secret1
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Clear secondary S3 user from test.conf
|
||||||
|
ini_file:
|
||||||
|
path: /etc/swift/test.conf
|
||||||
|
section: func_test
|
||||||
|
option: s3_access_key2
|
||||||
|
value: ""
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Create restricted S3 user
|
||||||
|
shell: >
|
||||||
|
openstack --os-auth-url http://localhost/identity
|
||||||
|
--os-project-domain-id default --os-project-name admin
|
||||||
|
--os-user-domain-id default --os-username admin
|
||||||
|
--os-password secretadmin
|
||||||
|
credential create --type ec2 --project swiftprojecttest1 swiftusertest3
|
||||||
|
'{"access": "s3-user3", "secret": "s3-secret3"}'
|
||||||
|
- name: Add restricted S3 user to test.conf
|
||||||
|
ini_file:
|
||||||
|
path: /etc/swift/test.conf
|
||||||
|
section: func_test
|
||||||
|
option: s3_access_key3
|
||||||
|
value: s3-user3
|
||||||
|
become: true
|
||||||
|
- name: Add restricted S3 user secret to test.conf
|
||||||
|
ini_file:
|
||||||
|
path: /etc/swift/test.conf
|
||||||
|
section: func_test
|
||||||
|
option: s3_secret_key3
|
||||||
|
value: s3-secret3
|
||||||
|
become: true
|
||||||
@ -1,8 +1,15 @@
|
|||||||
- name: Add more middlewares to pipeline
|
- name: Add domain_remap and etag-quoter to pipeline
|
||||||
replace:
|
replace:
|
||||||
path: "/etc/swift/proxy-server.conf"
|
path: "/etc/swift/proxy-server.conf"
|
||||||
regexp: "cache listing_formats"
|
regexp: "cache listing_formats"
|
||||||
replace: "cache domain_remap etag-quoter listing_formats"
|
replace: "cache domain_remap etag-quoter listing_formats"
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Add s3api and s3token to pipeline
|
||||||
|
replace:
|
||||||
|
path: "/etc/swift/proxy-server.conf"
|
||||||
|
regexp: "authtoken keystoneauth tempauth"
|
||||||
|
replace: "authtoken s3api s3token keystoneauth tempauth"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Set domain_remap domain
|
- name: Set domain_remap domain
|
||||||
@ -29,6 +36,30 @@
|
|||||||
value: true
|
value: true
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
- name: Configure s3api force_swift_request_proxy_log
|
||||||
|
ini_file:
|
||||||
|
path: /etc/swift/proxy-server.conf
|
||||||
|
section: filter:s3api
|
||||||
|
option: force_swift_request_proxy_log
|
||||||
|
value: true
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Configure s3token auth_uri
|
||||||
|
ini_file:
|
||||||
|
path: /etc/swift/proxy-server.conf
|
||||||
|
section: filter:s3token
|
||||||
|
option: auth_uri
|
||||||
|
value: http://localhost/identity/v3
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Configure s3token delay_auth_decision
|
||||||
|
ini_file:
|
||||||
|
path: /etc/swift/proxy-server.conf
|
||||||
|
section: filter:s3token
|
||||||
|
option: delay_auth_decision
|
||||||
|
value: true
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Copy ring for Policy-1
|
- name: Copy ring for Policy-1
|
||||||
copy:
|
copy:
|
||||||
remote_src: true
|
remote_src: true
|
||||||
|
|||||||
@ -42,11 +42,15 @@ class TestS3ApiBucket(S3ApiBaseBoto3):
|
|||||||
self.assertIn('ETag', obj)
|
self.assertIn('ETag', obj)
|
||||||
self.assertIn('Size', obj)
|
self.assertIn('Size', obj)
|
||||||
self.assertEqual(obj['StorageClass'], 'STANDARD')
|
self.assertEqual(obj['StorageClass'], 'STANDARD')
|
||||||
if expect_owner:
|
if not expect_owner:
|
||||||
|
self.assertNotIn('Owner', obj)
|
||||||
|
elif tf.cluster_info['s3api'].get('s3_acl'):
|
||||||
self.assertEqual(obj['Owner']['ID'], self.access_key)
|
self.assertEqual(obj['Owner']['ID'], self.access_key)
|
||||||
self.assertEqual(obj['Owner']['DisplayName'], self.access_key)
|
self.assertEqual(obj['Owner']['DisplayName'], self.access_key)
|
||||||
else:
|
else:
|
||||||
self.assertNotIn('Owner', obj)
|
self.assertIn('Owner', obj)
|
||||||
|
self.assertIn('ID', obj['Owner'])
|
||||||
|
self.assertIn('DisplayName', obj['Owner'])
|
||||||
|
|
||||||
def test_bucket(self):
|
def test_bucket(self):
|
||||||
bucket = 'bucket'
|
bucket = 'bucket'
|
||||||
|
|||||||
@ -8,3 +8,4 @@
|
|||||||
- test-setup
|
- test-setup
|
||||||
- ensure-tox
|
- ensure-tox
|
||||||
- dsvm-additional-middlewares
|
- dsvm-additional-middlewares
|
||||||
|
- additional-keystone-users
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user