diff options
author | Joshua Hesketh <josh@nitrotech.org> | 2014-05-15 06:39:14 -0700 |
---|---|---|
committer | Joshua Hesketh <josh@nitrotech.org> | 2014-05-15 13:11:22 -0700 |
commit | c496750d93ab525a42f05f7c38c717e4cdefaa9f (patch) | |
tree | fee6497a0ea4c84e758b739cbc124fb175b703e4 | |
parent | b95d38bf367a53234451a9c0ed0dae73ff56ab6c (diff) | |
download | zuul-c496750d93ab525a42f05f7c38c717e4cdefaa9f.tar.gz |
Provide swift credentials without requiring a connection
To generate the hmac details for the swift FormPost middleware
you do not need to actually connect to swift if you know the
URL key and storage path.
Change the configuration to reflect this and only connect if
required.
Change-Id: Iad5008ca2707ef5310b172fe3b6844e51bee2372
-rw-r--r-- | doc/source/zuul.rst | 27 | ||||
-rw-r--r-- | zuul/lib/swift.py | 26 |
2 files changed, 36 insertions, 17 deletions
diff --git a/doc/source/zuul.rst b/doc/source/zuul.rst index ef6259c4e..fec719878 100644 --- a/doc/source/zuul.rst +++ b/doc/source/zuul.rst @@ -185,9 +185,27 @@ To send (optional) swift upload instructions this section must be present. Multiple destinations can be defined in the :ref:`jobs` section of the layout. -**authurl** - The (keystone) Auth URL for swift +**X-Account-Meta-Temp-Url-Key** (optional) + This is the key used to sign the HMAC message. If you do not set a + key Zuul will generate one automatically. + +**Send-Temp-Url-Key** (optional) + Zuul can send the X-Account-Meta-Temp-Url-Key to swift for you if + you have set up the appropriate credentials in ``authurl`` below. + This isn't necessary if you know and have set your + X-Account-Meta-Temp-Url-Key. + ``default: true`` + +**X-Storage-Url** (optional) + The storage URL is the destination to upload files into. If you do + not set this the ``authurl`` credentials are used to fetch the url + from swift. + +**authurl** (optional) + The (keystone) Auth URL for swift. ``For example, https://identity.api.rackspacecloud.com/v2.0/`` + This is required if you have Send-Temp-Url-Key set to ``True`` or + if you have not supplied the X-Storage-Url. Any of the `swiftclient connection parameters`_ can also be defined here by the same name. Including the os_options by their key name ( @@ -195,11 +213,6 @@ here by the same name. Including the os_options by their key name ( .. _swiftclient connection parameters: http://docs.openstack.org/developer/python-swiftclient/swiftclient.html#module-swiftclient.client -**X-Account-Meta-Temp-Url-Key** (optional) - This is the key used to sign the HMAC message. zuul will send the - key to swift for you so you only need to define it here. If you do - not set a key zuul will generate one automatically. - **region_name** (optional) The region name holding the swift container ``For example, SYD`` diff --git a/zuul/lib/swift.py b/zuul/lib/swift.py index 2cbd05e86..c5d540c77 100644 --- a/zuul/lib/swift.py +++ b/zuul/lib/swift.py @@ -39,16 +39,29 @@ class Swift(object): ) self.storage_url = '' + if self.config.has_option('swift', 'X-Storage-Url'): + self.storage_url = self.config.get('swift', 'X-Storage-Url') try: - self.connect() + if self.config.has_section('swift'): + if (not self.config.has_option('swift', 'Send-Temp-Url-Key') + or self.config.getboolean('swift', 'Send-Temp-Url-Key')): + self.connect() + + # Tell swift of our key + headers = {} + headers['X-Account-Meta-Temp-Url-Key'] = self.secure_key + self.connection.post_account(headers) + + if not self.config.has_option('swift', 'X-Storage-Url'): + self.connect() + self.storage_url = self.connection.get_auth()[0] except Exception as e: self.log.warning("Unable to set up swift. Signed storage URL is " "likely to be wrong. %s" % e) def connect(self): - if self.config.has_section('swift'): - # required + if not self.connection: authurl = self.config.get('swift', 'authurl') user = (self.config.get('swift', 'user') @@ -105,13 +118,6 @@ class Swift(object): auth_version=auth_version, cacert=cacert, insecure=insecure, ssl_compression=ssl_compression) - # Tell swift of our key - headers = {} - headers['X-Account-Meta-Temp-Url-Key'] = self.secure_key - self.connection.post_account(headers) - - self.storage_url, self.auth_token = self.connection.get_auth() - def generate_form_post_middleware_params(self, destination_prefix='', **kwargs): """Generate the FormPost middleware params for the given settings""" |