Landscape Charm

Merge lp:~danilo/landscape-charm/openid-configuration into lp:~landscape/landscape-charm/trunk

  1. openid-configuration
  2. Merge into trunk
Proposed by Данило Шеган
Status: Merged
Approved by: Данило Шеган
Approved revision: 241
Merged at revision: 239
Proposed branch: lp:~danilo/landscape-charm/openid-configuration
Merge into: lp:~landscape/landscape-charm/trunk
Diff against target: 245 lines (+96/-9)
9 files modified
config.yaml (+10/-0)
hooks/lib/relations/landscape.py (+2/-0)
hooks/lib/relations/tests/test_landscape.py (+6/-4)
hooks/lib/services.py (+1/-0)
hooks/lib/tests/sample.py (+5/-0)
hooks/lib/tests/test_services.py (+33/-1)
hooks/lib/tests/test_templates.py (+31/-2)
templates/service.conf (+6/-0)
tests/01-begin.py (+2/-2)
To merge this branch: bzr merge lp:~danilo/landscape-charm/openid-configuration
Reviewer Review Type Date Requested Status
Benji York (community) Approve
Free Ekanayaka (community) Approve
🤖 Landscape Builder test results Approve
Review via email: mp+254077@code.launchpad.net

Commit message

Allow OpenID to be configured with the Landscape charm.

We introduce two options in the config.yaml that set appropriate openid-provider-url and openid-logout-url in service.conf [landscape] section (needed for our hosted deployments).
When they are not provided, OpenID is not configured.

Drive-by fix to make secret-token a required key as well in the landscape config.

Description of the change

Allow OpenID to be configured with the Landscape charm.

We introduce two options in the config.yaml that set appropriate openid-provider-url and openid-logout-url in service.conf [landscape] section (needed for our hosted deployments).
When they are not provided, OpenID is not configured.

Drive-by fix to make secret-token a required key as well in the landscape config.

To test, you can use juju-deployer with the following config:

  https://pastebin.canonical.com/128312/

Save it as landscape.yaml and run with

  juju-deployer -vdW -w180 -c landscape.yaml landscape

To post a comment you must log in.
Revision history for this message
Free Ekanayaka (free.ekanayaka) wrote :

Why do we need to use the leader context? The config is the same for all units.

review: Needs Information
Revision history for this message
🤖 Landscape Builder (landscape-builder) wrote :
Download full text (4.0 KiB)

Command: make ci-test
Result: Fail
Revno: 239
Branch: lp:~danilo/landscape-charm/openid-configuration
Jenkins: https://ci.lscape.net/job/latch-test/328/
-------------------------------------------
./dev/ubuntu-deps
Reading package lists...
Building dependency tree...
Reading state information...
software-properties-common is already the newest version.
The following package was automatically installed and is no longer required:
  os-prober
Use 'apt-get autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
gpg: keyring `/tmp/tmpvspjif3w/secring.gpg' created
gpg: keyring `/tmp/tmpvspjif3w/pubring.gpg' created
gpg: requesting key C8068B11 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpvspjif3w/trustdb.gpg: trustdb created
gpg: key C8068B11: public key "Launchpad Ensemble PPA" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
Ign http://security.ubuntu.com trusty-security InRelease
Hit http://security.ubuntu.com trusty-security Release.gpg
Ign http://ppa.launchpad.net trusty InRelease
Ign http://archive.ubuntu.com trusty InRelease
Hit http://security.ubuntu.com trusty-security Release
Ign http://archive.ubuntu.com trusty-updates InRelease
Ign http://ppa.launchpad.net trusty InRelease
Hit http://archive.ubuntu.com trusty Release.gpg
Hit http://archive.ubuntu.com trusty-updates Release.gpg
Hit http://archive.ubuntu.com trusty Release
Hit http://ppa.launchpad.net trusty Release.gpg
Hit http://security.ubuntu.com trusty-security/main Sources
Hit http://archive.ubuntu.com trusty-updates Release
Hit http://ppa.launchpad.net trusty Release.gpg
Hit http://security.ubuntu.com trusty-security/universe Sources
Hit http://security.ubuntu.com trusty-security/main amd64 Packages
Hit http://security.ubuntu.com trusty-security/universe amd64 Packages
Hit http://archive.ubuntu.com trusty/main Sources
Get:1 http://security.ubuntu.com trusty-security/main Translation-en [126 kB]
Hit http://archive.ubuntu.com trusty/universe Sources
Hit http://archive.ubuntu.com trusty/main amd64 Packages
Hit http://archive.ubuntu.com trusty/universe amd64 Packages
Hit http://archive.ubuntu.com trusty/main Translation-en
Hit http://archive.ubuntu.com trusty/universe Translation-en
Hit http://archive.ubuntu.com trusty-updates/main Sources
Hit http://archive.ubuntu.com trusty-updates/universe Sources
Hit http://archive.ubuntu.com trusty-updates/main amd64 Packages
Hit http://archive.ubuntu.com trusty-updates/universe amd64 Packages
Hit http://archive.ubuntu.com trusty-updates/main Translation-en
Hit http://security.ubuntu.com trusty-security/universe Translation-en
Hit http://ppa.launchpad.net trusty Release
Hit http://ppa.launchpad.net trusty Release
Hit http://ppa.launchpad.net trusty/main amd64 Packages
Hit http://archive.ubuntu.com trusty-updates/universe Translation-en
Ign http://archive.ubuntu.com trusty/main Translation-en_US
Ign http://archive.ubuntu.com trusty/universe Translation-en_US
Hit http://ppa.launchpad.net trusty/main Translation-en
Hit http://ppa.launchpad.net trusty/main amd64 Packages
Hit http://ppa.launchpad.net trusty/main Translation-en
Ign https://private-ppa.launchpad.net trusty InRelease...

Read more...

review: Needs Fixing (test results)
Revision history for this message
Данило Шеган (danilo) wrote :

Ok, I've moved to passing in the entire config as part of required_data. Please re-review.

Revision history for this message
🤖 Landscape Builder (landscape-builder) wrote :

Command: make ci-test
Result: Success
Revno: 241
Branch: lp:~danilo/landscape-charm/openid-configuration
Jenkins: https://ci.lscape.net/job/latch-test/333/

review: Approve (test results)
Revision history for this message
Free Ekanayaka (free.ekanayaka) wrote :

Thanks Danilo, looks good to me. +1

review: Approve
Revision history for this message
Benji York (benji) wrote :

This branch looks good.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2015-03-19 15:40:25 +0000
3+++ config.yaml 2015-03-26 09:04:07 +0000
4@@ -14,6 +14,16 @@
5 description: License file for LDS.
6 type: string
7 default:
8+ openid-provider-url:
9+ default:
10+ type: string
11+ description: |
12+ OpenID provider URL to use for authentication to Landscape.
13+ openid-logout-url:
14+ default:
15+ type: string
16+ description: |
17+ OpenID provider URL to use to log out of Landscape.
18 admin-name:
19 description: |
20 Name of the account administrator. If this, admin-email and
21
22=== modified file 'hooks/lib/relations/landscape.py'
23--- hooks/lib/relations/landscape.py 2015-03-11 13:33:16 +0000
24+++ hooks/lib/relations/landscape.py 2015-03-26 09:04:07 +0000
25@@ -18,6 +18,7 @@
26 interface = "landscape-ha"
27 required_keys = [
28 "database-password", # Password for the 'landscape' database user.
29+ "secret-token", # Landscape-wide secret token.
30 ]
31
32 def __init__(self, leader_context):
33@@ -39,6 +40,7 @@
34 interface = "landscape-ha"
35 required_keys = [
36 "database-password", # Password for the 'landscape' database user.
37+ "secret-token", # Landscape-wide secret token.
38 ]
39
40 def __init__(self, leader_context):
41
42=== modified file 'hooks/lib/relations/tests/test_landscape.py'
43--- hooks/lib/relations/tests/test_landscape.py 2015-03-11 10:00:30 +0000
44+++ hooks/lib/relations/tests/test_landscape.py 2015-03-26 09:04:07 +0000
45@@ -19,8 +19,9 @@
46 be set on the cluster relation in order for the relation to be
47 considered ready.
48 """
49- self.assertEqual(
50- ["database-password"], LandscapeRequirer.required_keys)
51+ self.assertItemsEqual(
52+ ["database-password", "secret-token"],
53+ LandscapeRequirer.required_keys)
54
55 def test_is_leader(self):
56 """
57@@ -85,8 +86,9 @@
58 The L{LandscapeProvider} class defines all keys that are required to
59 be set before we actually modify the relation.
60 """
61- self.assertEqual(
62- ["database-password"], LandscapeRequirer.required_keys)
63+ self.assertItemsEqual(
64+ ["database-password", "secret-token"],
65+ LandscapeRequirer.required_keys)
66
67 def test_provide_data(self):
68 """
69
70=== modified file 'hooks/lib/services.py'
71--- hooks/lib/services.py 2015-03-02 12:39:25 +0000
72+++ hooks/lib/services.py 2015-03-26 09:04:07 +0000
73@@ -49,6 +49,7 @@
74 LandscapeRequirer(leader_context),
75 PostgreSQLRequirer(),
76 RabbitMQRequirer(),
77+ {"config": hookenv.config()},
78 ],
79 "data_ready": [
80 render_template(
81
82=== modified file 'hooks/lib/tests/sample.py'
83--- hooks/lib/tests/sample.py 2015-03-10 12:04:11 +0000
84+++ hooks/lib/tests/sample.py 2015-03-26 09:04:07 +0000
85@@ -17,3 +17,8 @@
86 "hostname": "10.0.3.170",
87 "password": "guessme",
88 }
89+
90+SAMPLE_CONFIG_OPENID_DATA = {
91+ "openid-provider-url": "http://openid-host/",
92+ "openid-logout-url": "http://openid-host/logout",
93+}
94
95=== modified file 'hooks/lib/tests/test_services.py'
96--- hooks/lib/tests/test_services.py 2015-03-11 13:33:16 +0000
97+++ hooks/lib/tests/test_services.py 2015-03-26 09:04:07 +0000
98@@ -3,7 +3,8 @@
99 from lib.tests.helpers import HookenvTest
100 from lib.tests.stubs import ClusterStub, HostStub, SubprocessStub
101 from lib.tests.sample import (
102- SAMPLE_DB_UNIT_DATA, SAMPLE_LEADER_CONTEXT_DATA, SAMPLE_AMQP_UNIT_DATA)
103+ SAMPLE_DB_UNIT_DATA, SAMPLE_LEADER_CONTEXT_DATA, SAMPLE_AMQP_UNIT_DATA,
104+ SAMPLE_CONFIG_OPENID_DATA)
105 from lib.services import ServicesHook, SERVICE_CONF, DEFAULT_FILE
106
107
108@@ -91,6 +92,7 @@
109 "db": [SAMPLE_DB_UNIT_DATA],
110 "leader": SAMPLE_LEADER_CONTEXT_DATA,
111 "amqp": [SAMPLE_AMQP_UNIT_DATA],
112+ "config": {},
113 }
114
115 self.assertEqual(
116@@ -105,6 +107,36 @@
117 self.assertEqual(
118 ["/usr/bin/lsctl", "restart"], call2[0])
119
120+ def test_ready_with_openid_configuration(self):
121+ """
122+ OpenID configuration is passed in to service.conf generation if
123+ it is set in the hook configuration.
124+ """
125+ self.hookenv.relations = {
126+ "db": {
127+ "db:1": {
128+ "postgresql/0": SAMPLE_DB_UNIT_DATA,
129+ },
130+ },
131+ "amqp": {
132+ "amqp:1": {
133+ "rabbitmq-server/0": SAMPLE_AMQP_UNIT_DATA,
134+ },
135+ },
136+ }
137+ self.hookenv.config().update(SAMPLE_CONFIG_OPENID_DATA)
138+ self.hook()
139+ context = {
140+ "db": [SAMPLE_DB_UNIT_DATA],
141+ "leader": SAMPLE_LEADER_CONTEXT_DATA,
142+ "amqp": [SAMPLE_AMQP_UNIT_DATA],
143+ "config": SAMPLE_CONFIG_OPENID_DATA,
144+ }
145+
146+ self.assertEqual(
147+ ("service.conf", SERVICE_CONF, context, "landscape", "root", 416),
148+ self.renders[0])
149+
150 def test_remote_leader_not_ready(self):
151 """
152 If we're not the leader unit and we didn't yet get relation data from
153
154=== modified file 'hooks/lib/tests/test_templates.py'
155--- hooks/lib/tests/test_templates.py 2015-03-12 09:44:58 +0000
156+++ hooks/lib/tests/test_templates.py 2015-03-26 09:04:07 +0000
157@@ -11,14 +11,17 @@
158
159 template_filename = "service.conf"
160
161- def test_render_stores(self):
162+ def test_render(self):
163 """
164- The service.conf template renders data about PostgreSQL configuration.
165+ The service.conf template renders data about generic Landscape
166+ configuration which includes PostgreSQL configuration, AMQP
167+ configuration, secret token and no OpenID settings by default.
168 """
169 context = {
170 "db": [SAMPLE_DB_UNIT_DATA],
171 "amqp": [SAMPLE_AMQP_UNIT_DATA],
172 "leader": SAMPLE_LEADER_CONTEXT_DATA,
173+ "config": {},
174 }
175 buffer = StringIO(self.template.render(context))
176 config = ConfigParser()
177@@ -31,3 +34,29 @@
178 self.assertEqual("guessme", config.get("broker", "password"))
179 self.assertEqual(
180 "landscape-token", config.get("landscape", "secret-token"))
181+ self.assertFalse(config.has_option("landscape", "openid-provider-url"))
182+ self.assertFalse(config.has_option("landscape", "openid-logout-url"))
183+
184+ def test_render_with_openid(self):
185+ """
186+ When OpenID configuration is present in the leader context,
187+ openid-related options are set.
188+ """
189+ context = {
190+ "db": [SAMPLE_DB_UNIT_DATA],
191+ "amqp": [SAMPLE_AMQP_UNIT_DATA],
192+ "leader": SAMPLE_LEADER_CONTEXT_DATA,
193+ "config": {
194+ "openid-provider-url": "http://openid-host/",
195+ "openid-logout-url": "http://openid-host/logout",
196+ },
197+ }
198+ buffer = StringIO(self.template.render(context))
199+ config = ConfigParser()
200+ config.readfp(buffer)
201+ self.assertEqual(
202+ "http://openid-host/",
203+ config.get("landscape", "openid-provider-url"))
204+ self.assertEqual(
205+ "http://openid-host/logout",
206+ config.get("landscape", "openid-logout-url"))
207
208=== modified file 'templates/service.conf'
209--- templates/service.conf 2015-03-12 09:44:58 +0000
210+++ templates/service.conf 2015-03-26 09:04:07 +0000
211@@ -38,6 +38,12 @@
212 reprepro-binary = /opt/canonical/landscape/scripts/reprepro-wrapper.sh
213 repository-path = /var/lib/landscape/landscape-repository
214 secret-token = {{ leader["secret-token"] }}
215+{% if config["openid-provider-url"] %}
216+openid-provider-url = {{ config["openid-provider-url"] }}
217+{% endif %}
218+{% if config["openid-logout-url"] %}
219+openid-logout-url = {{ config["openid-logout-url"] }}
220+{% endif %}
221
222 [api]
223 stores = main account-1 resource-1 package
224
225=== modified file 'tests/01-begin.py'
226--- tests/01-begin.py 2015-03-19 20:14:18 +0000
227+++ tests/01-begin.py 2015-03-26 09:04:07 +0000
228@@ -83,7 +83,7 @@
229 frontend = find_address(juju_status(), "haproxy")
230
231 # Make sure the app server is up.
232- # Note: In order to work on a new server or a server with the
233+ # Note: In order to work on a new server or a server with the
234 # first admin user already created, this phrase should match
235 # the new-standalone-user form, the login form, and not
236 # the maintenance page.
237@@ -229,7 +229,7 @@
238 Specifically that it is reachable and that it presents the new
239 user form.
240
241- Note: In order to work on a new server or a server with the
242+ Note: In order to work on a new server or a server with the
243 first admin user already created, this phrase should match
244 the new-standalone-user form, the login form, and not
245 the maintenance page.

Subscribers

People subscribed via source and target branches