From 35ccdfc17572a68348573a8e8b05748a1e0111e1 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Tue, 2 Apr 2013 17:18:59 +0000 Subject: [PATCH] Remove credentials for glance S3 testing. Some glance "unit" tests connect to a remote S3 account, but this is not in the spirit of proper unit testing and it's unclear whether the tests are even run any longer. Also, it would be best not to have credentials for remote services sitting on Jenkins unit test slaves as they're accessible to any other tests and could be trivially exposed. Change-Id: I2cf76f9a77efc08598e803d3413bb719e84bfe6a Reviewed-on: https://review.openstack.org/25921 Reviewed-by: Clark Boylan Reviewed-by: James E. Blair Reviewed-by: Monty Taylor Reviewed-by: Mark Washenberger Approved: Jeremy Stanley Reviewed-by: Jeremy Stanley Tested-by: Jenkins --- manifests/site.pp | 28 +++++------ .../openstack_project/manifests/glancetest.pp | 32 ------------ .../templates/glance_s3.conf.erb | 49 ------------------- 3 files changed, 12 insertions(+), 97 deletions(-) delete mode 100644 modules/openstack_project/manifests/glancetest.pp delete mode 100644 modules/openstack_project/templates/glance_s3.conf.erb diff --git a/manifests/site.pp b/manifests/site.pp index 09cffb88ad..3fd7f930d8 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -290,10 +290,9 @@ node /^quantal.*\.slave\.openstack\.org$/ { certname => 'quantal.slave.openstack.org', sysadmins => hiera('sysadmins'), } - class { 'openstack_project::glancetest': - s3_store_access_key => hiera('s3_store_access_key'), - s3_store_secret_key => hiera('s3_store_secret_key'), - s3_store_bucket => hiera('s3_store_bucket'), + file { '/home/jenkins/.config/glance': + ensure => absent, + recurse => true, } include jenkins::cgroups include ulimit @@ -311,10 +310,9 @@ node /^precise.*\.slave\.openstack\.org$/ { certname => 'precise.slave.openstack.org', sysadmins => hiera('sysadmins'), } - class { 'openstack_project::glancetest': - s3_store_access_key => hiera('s3_store_access_key'), - s3_store_secret_key => hiera('s3_store_secret_key'), - s3_store_bucket => hiera('s3_store_bucket'), + file { '/home/jenkins/.config/glance': + ensure => absent, + recurse => true, } include jenkins::cgroups include ulimit @@ -332,10 +330,9 @@ node /^oneiric.*\.slave\.openstack\.org$/ { certname => 'oneiric.slave.openstack.org', sysadmins => hiera('sysadmins'), } - class { 'openstack_project::glancetest': - s3_store_access_key => hiera('s3_store_access_key'), - s3_store_secret_key => hiera('s3_store_secret_key'), - s3_store_bucket => hiera('s3_store_bucket'), + file { '/home/jenkins/.config/glance': + ensure => absent, + recurse => true, } include jenkins::cgroups include ulimit @@ -354,10 +351,9 @@ node /^rhel6.*\.slave\.openstack\.org$/ { certname => 'rhel6.slave.openstack.org', sysadmins => hiera('sysadmins'), } - class { 'openstack_project::glancetest': - s3_store_access_key => hiera('s3_store_access_key'), - s3_store_secret_key => hiera('s3_store_secret_key'), - s3_store_bucket => hiera('s3_store_bucket'), + file { '/home/jenkins/.config/glance': + ensure => absent, + recurse => true, } include jenkins::cgroups include ulimit diff --git a/modules/openstack_project/manifests/glancetest.pp b/modules/openstack_project/manifests/glancetest.pp deleted file mode 100644 index 518901280b..0000000000 --- a/modules/openstack_project/manifests/glancetest.pp +++ /dev/null @@ -1,32 +0,0 @@ -# == Class: openstack_project::glancetest -# -class openstack_project::glancetest( - $s3_store_access_key = '', - $s3_store_secret_key = '', - $s3_store_bucket = '', - $s3_store_host = 's3.amazonaws.com', -) { - - file { 'jenkinsglanceconfigdir': - ensure => directory, - name => '/home/jenkins/.config/glance', - owner => 'jenkins', - group => 'jenkins', - mode => '0700', - require => Class['::jenkins::jenkinsuser'], - } - - file { 'glances3conf': - ensure => present, - name => '/home/jenkins/.config/glance/s3.conf', - owner => 'jenkins', - group => 'jenkins', - mode => '0400', - require => File['jenkinsglanceconfigdir'], - content => template('openstack_project/glance_s3.conf.erb'), - } - - file { '/home/jenkins/.config/glance/swift.conf': - ensure => absent, - } -} diff --git a/modules/openstack_project/templates/glance_s3.conf.erb b/modules/openstack_project/templates/glance_s3.conf.erb deleted file mode 100644 index 0f159b1ece..0000000000 --- a/modules/openstack_project/templates/glance_s3.conf.erb +++ /dev/null @@ -1,49 +0,0 @@ -[DEFAULT] -# Which backend store should Glance use by default is not specified -# in a request to add a new image to Glance? Default: 'file' -# Available choices are 'file', 'swift', and 's3' -default_store = s3 - -# ============ S3 Store Options ============================= - -# Address where the S3 authentication service lives -s3_store_host = <%= s3_store_host %> - -# User to authenticate against the S3 authentication service -s3_store_access_key = <%= s3_store_access_key %> - -# Auth key for the user authenticating against the -# S3 authentication service -s3_store_secret_key = <%= s3_store_secret_key %> - -# Container within the account that the account should use -# for storing images in S3. Note that S3 has a flat namespace, -# so you need a unique bucket name for your glance images. An -# easy way to do this is append your AWS access key to "glance". -# S3 buckets in AWS *must* be lowercased, so remember to lowercase -# your AWS access key if you use it in your bucket name below! -s3_store_bucket = <%= s3_store_bucket %> - -# Do we create the bucket if it does not exist? -s3_store_create_bucket_on_put = True - -[pipeline:glance-api] -pipeline = versionnegotiation context apiv1app - -[pipeline:versions] -pipeline = versionsapp - -[app:versionsapp] -paste.app_factory = glance.api.versions:app_factory - -[app:apiv1app] -paste.app_factory = glance.api.v1:app_factory - -[filter:versionnegotiation] -paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory - -[filter:imagecache] -paste.filter_factory = glance.api.middleware.image_cache:filter_factory - -[filter:context] -paste.filter_factory = glance.common.context:filter_factory