From 89381d5318f7564ffa703065002958e1f25250e7 Mon Sep 17 00:00:00 2001 From: Andy McCrae Date: Mon, 24 Nov 2014 15:38:12 +0000 Subject: [PATCH] Add the option for all users to create containers in Swift * Create "swift_allow_all_users" var - default to False * Adjust swift-proxy-server.conf based on this value * If true add _member_ to allowed users. Fixes #610 --- etc/rpc_deploy/user_variables.yml | 3 +++ .../roles/swift_proxy/templates/proxy-server.conf.j2 | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/etc/rpc_deploy/user_variables.yml b/etc/rpc_deploy/user_variables.yml index 3748eeafef..1664f7eb42 100644 --- a/etc/rpc_deploy/user_variables.yml +++ b/etc/rpc_deploy/user_variables.yml @@ -157,5 +157,8 @@ kibana_password: # Swift Options: swift_service_password: swift_container_mysql_password: +# Once the swift cluster has been setup DO NOT change these hash values! swift_hash_path_suffix: swift_hash_path_prefix: +# This will allow all users to create containers and upload to swift if set to True +swift_allow_all_users: False diff --git a/rpc_deployment/roles/swift_proxy/templates/proxy-server.conf.j2 b/rpc_deployment/roles/swift_proxy/templates/proxy-server.conf.j2 index 039fe56c6d..d33dcb8665 100644 --- a/rpc_deployment/roles/swift_proxy/templates/proxy-server.conf.j2 +++ b/rpc_deployment/roles/swift_proxy/templates/proxy-server.conf.j2 @@ -288,7 +288,11 @@ delay_auth_decision = {{ delay_auth_decision }} use = egg:swift#keystoneauth # Operator roles is the role which user would be allowed to manage a # tenant and be able to create container or give ACL to others. +{% if swift_allow_all_users is defined and swift_allow_all_users == True % +operator_roles = admin, swiftoperator, _member_ +{% else %} operator_roles = admin, swiftoperator +{% endif %} # The reseller admin role has the ability to create and delete accounts reseller_admin_role = reseller_admin