Merge "Adding ability to configure passthrough_whitelist and alias parameters"
diff --git a/README.rst b/README.rst
index 1d4595c..297d432 100644
--- a/README.rst
+++ b/README.rst
@@ -385,7 +385,7 @@
         ...
         networking: contrail
 
-Nova services on compute node with memcached caching:
+Nova services on compute node with memcached caching and security strategy:
 
 .. code-block:: yaml
 
@@ -400,6 +400,10 @@
             port: 11211
           - host: 127.0.0.1
             port: 11211
+          security:
+            enabled: true
+            strategy: ENCRYPT
+            secret_key: secret
 
 Client-side RabbitMQ HA setup:
 
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index e272b50..d3757e7 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -5742,6 +5742,14 @@
 {%- endif %}
 {%- if compute.cache is defined %}
 memcached_servers={%- for member in compute.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+  {%- if compute.cache.get('security', {}).get('enabled', False) %}
+memcache_security_strategy = {{ compute.cache.security.get('strategy', 'ENCRYPT') }}
+    {%- if compute.cache.security.secret_key is not defined or not compute.cache.security.secret_key %}
+    {%- do salt.test.exception('compute.cache.security.secret_key is not defined: Please add secret_key') %}
+    {%- else %}
+memcache_secret_key = {{ compute.cache.security.secret_key }}
+    {%- endif %}
+  {%- endif %}
 {%- endif %}
 # Complete "public" Identity API endpoint. This endpoint should not be an
 # "admin" endpoint, as it should be accessible by all end users. Unauthenticated
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index 4ceefeb..3a434db 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -5749,6 +5749,14 @@
 {%- endif %}
 {%- if controller.cache is defined %}
 memcached_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+  {%- if controller.cache.get('security', {}).get('enabled', False) %}
+memcache_security_strategy = {{ controller.cache.security.get('strategy', 'ENCRYPT') }}
+    {%- if controller.cache.security.secret_key is not defined or not controller.cache.security.secret_key %}
+    {%- do salt.test.exception('controller.cache.security.secret_key is not defined: Please add secret_key') %}
+    {%- else %}
+memcache_secret_key = {{ controller.cache.security.secret_key }}
+    {%- endif %}
+  {%- endif %}
 {%- endif %}
 # Complete "public" Identity API endpoint. This endpoint should not be an
 # "admin" endpoint, as it should be accessible by all end users. Unauthenticated
diff --git a/nova/map.jinja b/nova/map.jinja
index 7aa4d8b..370f517 100644
--- a/nova/map.jinja
+++ b/nova/map.jinja
@@ -112,7 +112,7 @@
 }, merge=pillar.nova.get('controller', {}), base='BaseDefaults') %}
 
 {% set upgrade = pillar.get('nova', {}).get('upgrade', {}) %}
-{% set pin_level = 'auto' %}
+{% set pin_level = pillar.get('nova', {}).get('upgrade', {}).get('old_release','') %}
 
 {% set upgrade_levels = salt['grains.filter_by']({
     'Debian': {
@@ -285,7 +285,7 @@
 {% set compute = salt["grains.filter_by"](compute_defaults, merge=pillar.nova.get("compute", {}), base='BaseDefaults') %}
 
 {%- if pillar.nova.get('upgrade',{}).get('upgrade_enabled',False) %}
-  {% do compute.update(upgrade_levels) %}
+  {% do compute.update({'upgrade_levels': {'compute': 'auto'}}) %}
   {% do controller.update(upgrade_levels) %}
 {%- endif %}
 
diff --git a/tests/pillar/compute_cluster.sls b/tests/pillar/compute_cluster.sls
index c057c09..c3a55e2 100644
--- a/tests/pillar/compute_cluster.sls
+++ b/tests/pillar/compute_cluster.sls
@@ -74,6 +74,10 @@
         port: 11211
       - host: 127.0.2.1
         port: 11211
+      security:
+        enabled: true
+        strategy: ENCRYPT
+        secret_key: secret
     libvirt:
       hw_disk_discard: unmap
       live_migration_tunnelled: False
diff --git a/tests/pillar/compute_cluster_vmware.sls b/tests/pillar/compute_cluster_vmware.sls
index ceaf142..8cf5646 100644
--- a/tests/pillar/compute_cluster_vmware.sls
+++ b/tests/pillar/compute_cluster_vmware.sls
@@ -63,6 +63,10 @@
         port: 11211
       - host: 127.0.2.1
         port: 11211
+      security:
+        enabled: true
+        strategy: ENCRYPT
+        secret_key: secret
     compute_driver: vmwareapi.VMwareVCDriver
     vmware:
       host_username: vmware
diff --git a/tests/pillar/compute_cluster_vmware_queens.sls b/tests/pillar/compute_cluster_vmware_queens.sls
index 1d6b0cf..d508fc1 100644
--- a/tests/pillar/compute_cluster_vmware_queens.sls
+++ b/tests/pillar/compute_cluster_vmware_queens.sls
@@ -63,6 +63,10 @@
         port: 11211
       - host: 127.0.2.1
         port: 11211
+      security:
+        enabled: true
+        strategy: ENCRYPT
+        secret_key: secret
     compute_driver: vmwareapi.VMwareVCDriver
     vmware:
       host_username: vmware
diff --git a/tests/pillar/compute_single.sls b/tests/pillar/compute_single.sls
index 8d752de..b000da7 100644
--- a/tests/pillar/compute_single.sls
+++ b/tests/pillar/compute_single.sls
@@ -60,6 +60,10 @@
       members:
       - host: 127.0.0.1
         port: 11211
+      security:
+        enabled: true
+        strategy: ENCRYPT
+        secret_key: secret
     qemu:
       user: nova
       group: cinder
diff --git a/tests/pillar/compute_single_config_drive_options.sls b/tests/pillar/compute_single_config_drive_options.sls
index 6351252..78cf088 100644
--- a/tests/pillar/compute_single_config_drive_options.sls
+++ b/tests/pillar/compute_single_config_drive_options.sls
@@ -58,6 +58,10 @@
       members:
       - host: 127.0.0.1
         port: 11211
+      security:
+        enabled: true
+        strategy: ENCRYPT
+        secret_key: secret
     config_drive:
       cdrom: True
       format: iso9660
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index eb91fd9..338d63b 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -66,6 +66,10 @@
       members:
       - host: 127.0.0.1
         port: 11211
+      security:
+        enabled: true
+        strategy: ENCRYPT
+        secret_key: secret
     policy:
       'context_is_admin': 'role:admin or role:administrator'
       'compute:create': 'rule:admin_or_owner'