Merge "swift-dsvm: Enable s3api"
This commit is contained in:
commit
8f1a40eaae
61
roles/additional-keystone-users/tasks/main.yaml
Normal file
61
roles/additional-keystone-users/tasks/main.yaml
Normal file
@ -0,0 +1,61 @@
|
||||
- name: Set S3 endpoint
|
||||
ini_file:
|
||||
path: /etc/swift/test.conf
|
||||
section: func_test
|
||||
option: s3_storage_url
|
||||
value: http://localhost:8080
|
||||
become: true
|
||||
|
||||
- name: Create primary S3 user
|
||||
shell: >
|
||||
openstack --os-auth-url http://localhost/identity
|
||||
--os-project-domain-id default --os-project-name admin
|
||||
--os-user-domain-id default --os-username admin
|
||||
--os-password secretadmin
|
||||
credential create --type ec2 --project swiftprojecttest1 swiftusertest1
|
||||
'{"access": "s3-user1", "secret": "s3-secret1"}'
|
||||
- name: Add primary S3 user to test.conf
|
||||
ini_file:
|
||||
path: /etc/swift/test.conf
|
||||
section: func_test
|
||||
option: s3_access_key
|
||||
value: s3-user1
|
||||
become: true
|
||||
- name: Add primary S3 user secret to test.conf
|
||||
ini_file:
|
||||
path: /etc/swift/test.conf
|
||||
section: func_test
|
||||
option: s3_secret_key
|
||||
value: s3-secret1
|
||||
become: true
|
||||
|
||||
- name: Clear secondary S3 user from test.conf
|
||||
ini_file:
|
||||
path: /etc/swift/test.conf
|
||||
section: func_test
|
||||
option: s3_access_key2
|
||||
value: ""
|
||||
become: true
|
||||
|
||||
- name: Create restricted S3 user
|
||||
shell: >
|
||||
openstack --os-auth-url http://localhost/identity
|
||||
--os-project-domain-id default --os-project-name admin
|
||||
--os-user-domain-id default --os-username admin
|
||||
--os-password secretadmin
|
||||
credential create --type ec2 --project swiftprojecttest1 swiftusertest3
|
||||
'{"access": "s3-user3", "secret": "s3-secret3"}'
|
||||
- name: Add restricted S3 user to test.conf
|
||||
ini_file:
|
||||
path: /etc/swift/test.conf
|
||||
section: func_test
|
||||
option: s3_access_key3
|
||||
value: s3-user3
|
||||
become: true
|
||||
- name: Add restricted S3 user secret to test.conf
|
||||
ini_file:
|
||||
path: /etc/swift/test.conf
|
||||
section: func_test
|
||||
option: s3_secret_key3
|
||||
value: s3-secret3
|
||||
become: true
|
@ -1,10 +1,17 @@
|
||||
- name: Add more middlewares to pipeline
|
||||
- name: Add domain_remap and etag-quoter to pipeline
|
||||
replace:
|
||||
path: "/etc/swift/proxy-server.conf"
|
||||
regexp: "cache listing_formats"
|
||||
replace: "cache domain_remap etag-quoter listing_formats"
|
||||
become: true
|
||||
|
||||
- name: Add s3api and s3token to pipeline
|
||||
replace:
|
||||
path: "/etc/swift/proxy-server.conf"
|
||||
regexp: "authtoken keystoneauth tempauth"
|
||||
replace: "authtoken s3api s3token keystoneauth tempauth"
|
||||
become: true
|
||||
|
||||
- name: Set domain_remap domain
|
||||
ini_file:
|
||||
path: /etc/swift/proxy-server.conf
|
||||
@ -29,6 +36,30 @@
|
||||
value: true
|
||||
become: true
|
||||
|
||||
- name: Configure s3api force_swift_request_proxy_log
|
||||
ini_file:
|
||||
path: /etc/swift/proxy-server.conf
|
||||
section: filter:s3api
|
||||
option: force_swift_request_proxy_log
|
||||
value: true
|
||||
become: true
|
||||
|
||||
- name: Configure s3token auth_uri
|
||||
ini_file:
|
||||
path: /etc/swift/proxy-server.conf
|
||||
section: filter:s3token
|
||||
option: auth_uri
|
||||
value: http://localhost/identity/v3
|
||||
become: true
|
||||
|
||||
- name: Configure s3token delay_auth_decision
|
||||
ini_file:
|
||||
path: /etc/swift/proxy-server.conf
|
||||
section: filter:s3token
|
||||
option: delay_auth_decision
|
||||
value: true
|
||||
become: true
|
||||
|
||||
- name: Copy ring for Policy-1
|
||||
copy:
|
||||
remote_src: true
|
||||
|
@ -42,11 +42,15 @@ class TestS3ApiBucket(S3ApiBaseBoto3):
|
||||
self.assertIn('ETag', obj)
|
||||
self.assertIn('Size', obj)
|
||||
self.assertEqual(obj['StorageClass'], 'STANDARD')
|
||||
if expect_owner:
|
||||
if not expect_owner:
|
||||
self.assertNotIn('Owner', obj)
|
||||
elif tf.cluster_info['s3api'].get('s3_acl'):
|
||||
self.assertEqual(obj['Owner']['ID'], self.access_key)
|
||||
self.assertEqual(obj['Owner']['DisplayName'], self.access_key)
|
||||
else:
|
||||
self.assertNotIn('Owner', obj)
|
||||
self.assertIn('Owner', obj)
|
||||
self.assertIn('ID', obj['Owner'])
|
||||
self.assertIn('DisplayName', obj['Owner'])
|
||||
|
||||
def test_bucket(self):
|
||||
bucket = 'bucket'
|
||||
|
@ -8,3 +8,4 @@
|
||||
- test-setup
|
||||
- ensure-tox
|
||||
- dsvm-additional-middlewares
|
||||
- additional-keystone-users
|
||||
|
Loading…
Reference in New Issue
Block a user