Skip to content

Feature/swift and keystone #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Lykos153 wants to merge 14 commits into
base: master
Choose a base branch
from
Open

Feature/swift and keystone #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
11af770
rgw: Extend the API object specs for Swift and Keystone integration
sebastianriese Feb 7, 2022
b6ab1c9
rgw: Adapt rgw to the new go-ceph version
sebastianriese Mar 4, 2022
e576700
rgw: Expand the reconcile loop for the Swift and Keystone integration
sebastianriese Mar 4, 2022
7c0e613
rgw: Add unit tests for the Swift user management
sebastianriese Mar 4, 2022
145e0a5
WIP: Integration tests for swift and keystone
sebastianriese Nov 7, 2022
20fca88
add verbose error message if config cannot be generated
jklippel Dec 4, 2023
befab6c
add meaningful error messages
jklippel Dec 4, 2023
82e4a4a
fix reading of secret values
jklippel Dec 5, 2023
51cd6b5
remove no longer existing config option
jklippel Dec 11, 2023
d4073e1
add debug messages on failed option sets
jklippel Dec 11, 2023
eb55100
explicitly use api version 3
jklippel Dec 11, 2023
834c8ae
Fix errors in design document
Lykos153 Dec 4, 2023
2f2a75f
Add env var to pass extra args to minikube
Lykos153 Dec 4, 2023
b2db79d
Fix outdated link to docs
Lykos153 Dec 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions deploy/charts/rook-ceph/templates/resources.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10053,6 +10053,34 @@ spec:
items:
type: string
type: array
auth:
description: The authentication configuration
nullable: true
properties:
keystone:
description: KeystoneSpec represents the Keystone authentication configuration of a Ceph Object Store Gateway
nullable: true
properties:
acceptedRoles:
items:
type: string
type: array
implicitTenants:
type: string
revocationInterval:
type: integer
serviceUserSecretName:
type: string
tokenCacheSize:
type: integer
url:
type: string
required:
- acceptedRoles
- serviceUserSecretName
- url
type: object
type: object
dataPool:
description: The data pool settings
nullable: true
Expand Down Expand Up @@ -11294,6 +11322,31 @@ spec:
preservePoolsOnDelete:
description: Preserve pools on object store deletion
type: boolean
protocols:
description: The protocol specification
nullable: true
properties:
s3:
description: The spec for S3
nullable: true
properties:
authUseKeystone:
type: boolean
enabled:
type: boolean
type: object
swift:
description: The spec for S3
nullable: true
properties:
accountInUrl:
type: boolean
urlPrefix:
type: string
versioningEnabled:
type: boolean
type: object
type: object
security:
description: Security represents security settings
nullable: true
Expand Down Expand Up @@ -11619,6 +11672,19 @@ spec:
store:
description: The store the user will be created in
type: string
subUsers:
items:
properties:
access:
type: string
name:
type: string
required:
- access
- name
type: object
nullable: true
type: array
type: object
status:
description: ObjectStoreUserStatus represents the status Ceph Object Store Gateway User
Expand Down
66 changes: 66 additions & 0 deletions deploy/examples/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10044,6 +10044,34 @@ spec:
items:
type: string
type: array
auth:
description: The authentication configuration
nullable: true
properties:
keystone:
description: KeystoneSpec represents the Keystone authentication configuration of a Ceph Object Store Gateway
nullable: true
properties:
acceptedRoles:
items:
type: string
type: array
implicitTenants:
type: string
revocationInterval:
type: integer
serviceUserSecretName:
type: string
tokenCacheSize:
type: integer
url:
type: string
required:
- acceptedRoles
- serviceUserSecretName
- url
type: object
type: object
dataPool:
description: The data pool settings
nullable: true
Expand Down Expand Up @@ -11285,6 +11313,31 @@ spec:
preservePoolsOnDelete:
description: Preserve pools on object store deletion
type: boolean
protocols:
description: The protocol specification
nullable: true
properties:
s3:
description: The spec for S3
nullable: true
properties:
authUseKeystone:
type: boolean
enabled:
type: boolean
type: object
swift:
description: The spec for S3
nullable: true
properties:
accountInUrl:
type: boolean
urlPrefix:
type: string
versioningEnabled:
type: boolean
type: object
type: object
security:
description: Security represents security settings
nullable: true
Expand Down Expand Up @@ -11609,6 +11662,19 @@ spec:
store:
description: The store the user will be created in
type: string
subUsers:
items:
properties:
access:
type: string
name:
type: string
required:
- access
- name
type: object
nullable: true
type: array
type: object
status:
description: ObjectStoreUserStatus represents the status Ceph Object Store Gateway User
Expand Down
10 changes: 5 additions & 5 deletions design/ceph/object/swift-and-keystone-integration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,11 @@ Annotations:
options](https://docs.ceph.com/en/octopus/radosgw/config-ref/#keystone-settings),
the corresponding RGW option is formed by prefixing it with
`rgw_keystone_` and replacing upper case letters by their lower case
letter followed by an underscore. E.g. `tokenCacheSize` maps to
letter preceded by an underscore. E.g. `tokenCacheSize` maps to
`rgw_keystone_token_cache_size`.
* `[2]` These settings are required in the `keystone` section if
present.
* `[1]` The name of the secret containing the credentials for the
* `[3]` The name of the secret containing the credentials for the
service user account used by RGW. It has to be in the same namespace
as the object store resource.

Expand Down Expand Up @@ -173,12 +173,12 @@ Annotations:
options](https://docs.ceph.com/en/octopus/radosgw/config-ref/#swift-settings),
the corresponding RGW option is formed by prefixing it with
`rgw_swift_` and replacing upper case letters by their lower case
letter followed by an underscore. E.g. `urlPrefix` maps to
letter preceded by an underscore. E.g. `urlPrefix` maps to
`rgw_swift_url_prefix`. They are optional. If not given, the defaults
of the corresponding RGW option apply.

The access to the Swift API is granted by creating a subuser of an RGW
user. While commonly the access is granted via projects
Access to the Swift API is granted by creating a subuser of an RGW
user. While commonly access is granted via projects
mapped from Keystone, explicit creation of subusers is supported by
extending the `cephobjectstoreuser` resource with a new optional section
`spec.subUsers`:
Expand Down
101 changes: 101 additions & 0 deletions pkg/apis/ceph.rook.io/v1/spec_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,3 +92,104 @@ storage:

assert.Equal(t, expectedSpec, clusterSpec)
}

func newTrue() *bool {
t := true
return &t
}

func newFalse() *bool {
t := false
return &t
}

func newInt(val int) *int {
return &val
}

func newString(val string) *string {
return &val
}

func TestObjectStoreSpecMarhsalSwiftAndKeystone(t *testing.T) {
// Assert that the new ObjectStoreSpec fields specified in <design/ceph/object/swift-and-keystone-integration.md> are correctly parsed
specYaml := []byte(`
auth:
keystone:
url: https://keystone:5000/
acceptedRoles: ["_member_", "service", "admin"]
implicitTenants: swift
tokenCacheSize: 1000
revocationInterval: 1200
serviceUserSecretName: rgw-service-user
protocols:
swift:
accountInUrl: true
urlPrefix: /example
versioningEnabled: false
s3:
enabled: false
authUseKeystone: true
`)
rawJSON, err := yaml.ToJSON(specYaml)
assert.Nil(t, err)
fmt.Printf("rawJSON: %s\n", string(rawJSON))

// unmarshal the JSON into a strongly typed storage spec object
var objectStoreSpec ObjectStoreSpec
err = json.Unmarshal(rawJSON, &objectStoreSpec)
assert.Nil(t, err)

// the unmarshalled storage spec should equal the expected spec below
expectedSpec := ObjectStoreSpec{
Auth: AuthSpec{
Keystone: &KeystoneSpec{
Url: "https://keystone:5000/",
AcceptedRoles: []string{"_member_", "service", "admin"},
ImplicitTenants: "swift",
TokenCacheSize: newInt(1000),
RevocationInterval: newInt(1200),
ServiceUserSecretName: "rgw-service-user",
},
},
Protocols: ProtocolSpec{
S3: &S3Spec{
Enabled: newFalse(),
AuthUseKeystone: newTrue(),
},
Swift: &SwiftSpec{
AccountInUrl: newTrue(),
UrlPrefix: newString("/example"),
VersioningEnabled: newFalse(),
},
},
}

assert.Equal(t, expectedSpec, objectStoreSpec)
}

func TestObjectStoreUserSpecMarhsalSubuser(t *testing.T) {
// Assert that the new ObjectStoreUserSpec fields specified in <design/ceph/object/swift-and-keystone-integration.md> parse
specYaml := []byte(`
subUsers:
- name: swift
access: full
`)
rawJSON, err := yaml.ToJSON(specYaml)
assert.Nil(t, err)
fmt.Printf("rawJSON: %s\n", string(rawJSON))

// unmarshal the JSON into a strongly typed storage spec object
var objectStoreUserSpec ObjectStoreUserSpec
err = json.Unmarshal(rawJSON, &objectStoreUserSpec)
assert.Nil(t, err)

// the unmarshalled storage spec should equal the expected spec below
expectedSpec := ObjectStoreUserSpec{
Subusers: []SubuserSpec{
{Name: "swift", Access: "full"},
},
}

assert.Equal(t, expectedSpec, objectStoreUserSpec)
}
Loading