swift-dsvm: Enable s3api

Depends-On: https://review.opendev.org/#/c/571021/ Change-Id: I3ac3288cd61b745ce7dbf2bded8eade026d0418f
dosaboy · May 22, 2020 · bb9b032 · bb9b032
1 parent 9581254
commit bb9b032
Show file tree

Hide file tree

Showing 4 changed files with 103 additions and 6 deletions.
diff --git a/roles/additional-keystone-users/tasks/main.yaml b/roles/additional-keystone-users/tasks/main.yaml
@@ -0,0 +1,61 @@
+- name: Set S3 endpoint
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_storage_url
+    value: http://localhost:8080
+  become: true
+
+- name: Create primary S3 user
+  shell: >
+    openstack --os-auth-url http://localhost/identity
+    --os-project-domain-id default --os-project-name admin
+    --os-user-domain-id default --os-username admin
+    --os-password secretadmin
+    credential create --type ec2 --project swiftprojecttest1 swiftusertest1
+    '{"access": "s3-user1", "secret": "s3-secret1"}'
+- name: Add primary S3 user to test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_access_key
+    value: s3-user1
+  become: true
+- name: Add primary S3 user secret to test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_secret_key
+    value: s3-secret1
+  become: true
+
+- name: Clear secondary S3 user from test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_access_key2
+    value: ""
+  become: true
+
+- name: Create restricted S3 user
+  shell: >
+    openstack --os-auth-url http://localhost/identity
+    --os-project-domain-id default --os-project-name admin
+    --os-user-domain-id default --os-username admin
+    --os-password secretadmin
+    credential create --type ec2 --project swiftprojecttest1 swiftusertest3
+    '{"access": "s3-user3", "secret": "s3-secret3"}'
+- name: Add restricted S3 user to test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_access_key3
+    value: s3-user3
+  become: true
+- name: Add restricted S3 user secret to test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_secret_key3
+    value: s3-secret3
+  become: true
diff --git a/roles/dsvm-additional-middlewares/tasks/main.yaml b/roles/dsvm-additional-middlewares/tasks/main.yaml
@@ -1,8 +1,15 @@
-- name: Add more middlewares to pipeline
+- name: Add domain_remap and etag-quoter to pipeline
   replace:
-      path: "/etc/swift/proxy-server.conf"
-      regexp: "cache listing_formats"
-      replace: "cache domain_remap etag-quoter listing_formats"
+    path: "/etc/swift/proxy-server.conf"
+    regexp: "cache listing_formats"
+    replace: "cache domain_remap etag-quoter listing_formats"
+  become: true
+
+- name: Add s3api and s3token to pipeline
+  replace:
+    path: "/etc/swift/proxy-server.conf"
+    regexp: "authtoken keystoneauth tempauth"
+    replace: "authtoken s3api s3token keystoneauth tempauth"
   become: true
 
 - name: Set domain_remap domain
@@ -29,6 +36,30 @@
     value: true
   become: true
 
+- name: Configure s3api force_swift_request_proxy_log
+  ini_file:
+    path: /etc/swift/proxy-server.conf
+    section: filter:s3api
+    option: force_swift_request_proxy_log
+    value: true
+  become: true
+
+- name: Configure s3token auth_uri
+  ini_file:
+    path: /etc/swift/proxy-server.conf
+    section: filter:s3token
+    option: auth_uri
+    value: http://localhost/identity/v3
+  become: true
+
+- name: Configure s3token delay_auth_decision
+  ini_file:
+    path: /etc/swift/proxy-server.conf
+    section: filter:s3token
+    option: delay_auth_decision
+    value: true
+  become: true
+
 - name: Copy ring for Policy-1
   copy:
     remote_src: true

diff --git a/test/functional/s3api/test_bucket.py b/test/functional/s3api/test_bucket.py
@@ -42,11 +42,15 @@ def _validate_object_listing(self, resp_objects, req_objects,
             self.assertIn('ETag', obj)
             self.assertIn('Size', obj)
             self.assertEqual(obj['StorageClass'], 'STANDARD')
-            if expect_owner:
+            if not expect_owner:
+                self.assertNotIn('Owner', obj)
+            elif tf.cluster_info['s3api'].get('s3_acl'):
                 self.assertEqual(obj['Owner']['ID'], self.access_key)
                 self.assertEqual(obj['Owner']['DisplayName'], self.access_key)
             else:
-                self.assertNotIn('Owner', obj)
+                self.assertIn('Owner', obj)
+                self.assertIn('ID', obj['Owner'])
+                self.assertIn('DisplayName', obj['Owner'])
 
     def test_bucket(self):
         bucket = 'bucket'

diff --git a/tools/playbooks/dsvm/pre.yaml b/tools/playbooks/dsvm/pre.yaml
@@ -8,3 +8,4 @@
     - test-setup
     - ensure-tox
     - dsvm-additional-middlewares
+    - additional-keystone-users