diff options
author | Tim Burke <tim.burke@gmail.com> | 2020-04-23 16:26:53 -0700 |
---|---|---|
committer | Tim Burke <tim.burke@gmail.com> | 2020-05-22 16:04:52 -0700 |
commit | bb9b0326fde08768e6d609a210a1d1a5ec1c32ff (patch) | |
tree | 41d9dcae57571010710a96cdfc1fcf0f60e86127 | |
parent | 9581254e6617f1bb51c7de0599107999622fbe82 (diff) | |
download | swift-bb9b0326fde08768e6d609a210a1d1a5ec1c32ff.tar.gz |
swift-dsvm: Enable s3api
Depends-On: https://review.opendev.org/#/c/571021/
Change-Id: I3ac3288cd61b745ce7dbf2bded8eade026d0418f
-rw-r--r-- | roles/additional-keystone-users/tasks/main.yaml | 61 | ||||
-rw-r--r-- | roles/dsvm-additional-middlewares/tasks/main.yaml | 39 | ||||
-rw-r--r-- | test/functional/s3api/test_bucket.py | 8 | ||||
-rw-r--r-- | tools/playbooks/dsvm/pre.yaml | 1 |
4 files changed, 103 insertions, 6 deletions
diff --git a/roles/additional-keystone-users/tasks/main.yaml b/roles/additional-keystone-users/tasks/main.yaml new file mode 100644 index 000000000..3e2b01342 --- /dev/null +++ b/roles/additional-keystone-users/tasks/main.yaml @@ -0,0 +1,61 @@ +- name: Set S3 endpoint + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_storage_url + value: http://localhost:8080 + become: true + +- name: Create primary S3 user + shell: > + openstack --os-auth-url http://localhost/identity + --os-project-domain-id default --os-project-name admin + --os-user-domain-id default --os-username admin + --os-password secretadmin + credential create --type ec2 --project swiftprojecttest1 swiftusertest1 + '{"access": "s3-user1", "secret": "s3-secret1"}' +- name: Add primary S3 user to test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_access_key + value: s3-user1 + become: true +- name: Add primary S3 user secret to test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_secret_key + value: s3-secret1 + become: true + +- name: Clear secondary S3 user from test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_access_key2 + value: "" + become: true + +- name: Create restricted S3 user + shell: > + openstack --os-auth-url http://localhost/identity + --os-project-domain-id default --os-project-name admin + --os-user-domain-id default --os-username admin + --os-password secretadmin + credential create --type ec2 --project swiftprojecttest1 swiftusertest3 + '{"access": "s3-user3", "secret": "s3-secret3"}' +- name: Add restricted S3 user to test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_access_key3 + value: s3-user3 + become: true +- name: Add restricted S3 user secret to test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_secret_key3 + value: s3-secret3 + become: true diff --git a/roles/dsvm-additional-middlewares/tasks/main.yaml b/roles/dsvm-additional-middlewares/tasks/main.yaml index f149e519f..66e186a3f 100644 --- a/roles/dsvm-additional-middlewares/tasks/main.yaml +++ b/roles/dsvm-additional-middlewares/tasks/main.yaml @@ -1,8 +1,15 @@ -- name: Add more middlewares to pipeline +- name: Add domain_remap and etag-quoter to pipeline replace: - path: "/etc/swift/proxy-server.conf" - regexp: "cache listing_formats" - replace: "cache domain_remap etag-quoter listing_formats" + path: "/etc/swift/proxy-server.conf" + regexp: "cache listing_formats" + replace: "cache domain_remap etag-quoter listing_formats" + become: true + +- name: Add s3api and s3token to pipeline + replace: + path: "/etc/swift/proxy-server.conf" + regexp: "authtoken keystoneauth tempauth" + replace: "authtoken s3api s3token keystoneauth tempauth" become: true - name: Set domain_remap domain @@ -29,6 +36,30 @@ value: true become: true +- name: Configure s3api force_swift_request_proxy_log + ini_file: + path: /etc/swift/proxy-server.conf + section: filter:s3api + option: force_swift_request_proxy_log + value: true + become: true + +- name: Configure s3token auth_uri + ini_file: + path: /etc/swift/proxy-server.conf + section: filter:s3token + option: auth_uri + value: http://localhost/identity/v3 + become: true + +- name: Configure s3token delay_auth_decision + ini_file: + path: /etc/swift/proxy-server.conf + section: filter:s3token + option: delay_auth_decision + value: true + become: true + - name: Copy ring for Policy-1 copy: remote_src: true diff --git a/test/functional/s3api/test_bucket.py b/test/functional/s3api/test_bucket.py index 2197ce823..2beeb8457 100644 --- a/test/functional/s3api/test_bucket.py +++ b/test/functional/s3api/test_bucket.py @@ -42,11 +42,15 @@ class TestS3ApiBucket(S3ApiBaseBoto3): self.assertIn('ETag', obj) self.assertIn('Size', obj) self.assertEqual(obj['StorageClass'], 'STANDARD') - if expect_owner: + if not expect_owner: + self.assertNotIn('Owner', obj) + elif tf.cluster_info['s3api'].get('s3_acl'): self.assertEqual(obj['Owner']['ID'], self.access_key) self.assertEqual(obj['Owner']['DisplayName'], self.access_key) else: - self.assertNotIn('Owner', obj) + self.assertIn('Owner', obj) + self.assertIn('ID', obj['Owner']) + self.assertIn('DisplayName', obj['Owner']) def test_bucket(self): bucket = 'bucket' diff --git a/tools/playbooks/dsvm/pre.yaml b/tools/playbooks/dsvm/pre.yaml index 351e28097..8b544c617 100644 --- a/tools/playbooks/dsvm/pre.yaml +++ b/tools/playbooks/dsvm/pre.yaml @@ -8,3 +8,4 @@ - test-setup - ensure-tox - dsvm-additional-middlewares + - additional-keystone-users |