From a273a85ecea50a9f8c636320dea5e7532062cd5a Mon Sep 17 00:00:00 2001 From: Jake Yip Date: Mon, 15 Jun 2020 14:09:24 +1000 Subject: [PATCH] Set file from dos to unix mode Also fix permissions Change-Id: I387bfe413443eecc35fa8f1943f2469cb5a65e59 (cherry picked from commit 2b52b869a8b0c1e3ce4391c313186d8d8432b91a) --- manifests/keystone/authtoken.pp | 504 ++++++++++++++++---------------- 1 file changed, 252 insertions(+), 252 deletions(-) mode change 100755 => 100644 manifests/keystone/authtoken.pp diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp old mode 100755 new mode 100644 index 86648eb..d600ece --- a/manifests/keystone/authtoken.pp +++ b/manifests/keystone/authtoken.pp @@ -1,252 +1,252 @@ -# class: magnum::keystone::authtoken -# -# Configure the keystone_authtoken section in the configuration file -# -# === Parameters -# -# [*username*] -# (Optional) The name of the service user -# Defaults to 'magnum' -# -# [*password*] -# (Required) Password to create for the service user -# Defaults to $::os_service_default -# -# [*auth_url*] -# (Optional) The URL to use for authentication. -# Defaults to 'http://localhost:5000' -# -# [*project_name*] -# (Optional) Service project name -# Defaults to 'services' -# -# [*user_domain_name*] -# (Optional) Name of domain for $username -# Defaults to 'Default' -# -# [*project_domain_name*] -# (Optional) Name of domain for $project_name -# Defaults to 'Default' -# -# [*insecure*] -# (Optional) If true, explicitly allow TLS without checking server cert -# against any certificate authorities. WARNING: not recommended. Use with -# caution. -# Defaults to $::os_service_default -# -# [*auth_section*] -# (Optional) Config Section from which to load plugin specific options -# Defaults to $::os_service_default. -# -# [*auth_type*] -# (Optional) Authentication type to load -# Defaults to 'password' -# -# [*www_authenticate_uri*] -# (Optional) Complete public Identity API endpoint. -# Defaults to 'http://localhost:5000' -# -# [*auth_version*] -# (Optional) API version of the admin Identity API endpoint. -# Defaults to $::os_service_default. -# -# [*cache*] -# (Optional) Env key for the swift cache. -# Defaults to $::os_service_default. -# -# [*cafile*] -# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs -# connections. -# Defaults to $::os_service_default. -# -# [*certfile*] -# (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. -# -# [*delay_auth_decision*] -# (Optional) Do not handle authorization requests within the middleware, but -# delegate the authorization decision to downstream WSGI components. Boolean -# value -# Defaults to $::os_service_default. -# -# [*enforce_token_bind*] -# (Optional) Used to control the use and type of token binding. Can be set -# to: "disabled" to not check token binding. "permissive" (default) to -# validate binding information if the bind type is of a form known to the -# server and ignore it if not. "strict" like "permissive" but if the bind -# type is unknown the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a binding method that -# must be present in tokens. String value. -# Defaults to $::os_service_default. -# -# [*http_connect_timeout*] -# (Optional) Request timeout value for communicating with Identity API server. -# Defaults to $::os_service_default. -# -# [*http_request_max_retries*] -# (Optional) How many times are we trying to reconnect when communicating -# with Identity API Server. Integer value -# Defaults to $::os_service_default. -# -# [*include_service_catalog*] -# (Optional) Indicate whether to set the X-Service-Catalog header. If False, -# middleware will not ask for service catalog on token validation and will not -# set the X-Service-Catalog header. Boolean value. -# Defaults to $::os_service_default. -# -# [*keyfile*] -# (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. -# -# [*memcache_pool_conn_get_timeout*] -# (Optional) Number of seconds that an operation will wait to get a memcached -# client connection from the pool. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_pool_dead_retry*] -# (Optional) Number of seconds memcached server is considered dead before it -# is tried again. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_pool_maxsize*] -# (Optional) Maximum total number of open connections to every memcached -# server. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_pool_socket_timeout*] -# (Optional) Number of seconds a connection to memcached is held unused in -# the pool before it is closed. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_pool_unused_timeout*] -# (Optional) Number of seconds a connection to memcached is held unused in -# the pool before it is closed. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_secret_key*] -# (Optional, mandatory if memcache_security_strategy is defined) This string -# is used for key derivation. -# Defaults to $::os_service_default. -# -# [*memcache_security_strategy*] -# (Optional) If defined, indicate whether token data should be authenticated -# or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) -# in the cache. If ENCRYPT, token data is encrypted and authenticated in the -# cache. If the value is not one of these options or empty, auth_token will -# raise an exception on initialization. -# Defaults to $::os_service_default. -# -# [*memcache_use_advanced_pool*] -# (Optional) Use the advanced (eventlet safe) memcached client pool. The -# advanced pool will only work under python 2.x Boolean value -# Defaults to $::os_service_default. -# -# [*memcached_servers*] -# (Optional) Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached in-process. -# Defaults to $::os_service_default. -# -# [*manage_memcache_package*] -# (Optional) Whether to install the python-memcache package. -# Defaults to false. -# -# [*region_name*] -# (Optional) The region in which the identity server can be found. -# Defaults to $::os_service_default. -# -# [*token_cache_time*] -# (Optional) In order to prevent excessive effort spent validating tokens, -# the middleware caches previously-seen tokens for a configurable duration -# (in seconds). Set to -1 to disable caching completely. Integer value -# Defaults to $::os_service_default. -# -# [*service_token_roles_required*] -# (optional) backwards compatibility to ensure that the service tokens are -# compared against a list of possible roles for validity -# true/false -# Defaults to $::os_service_default. -# -class magnum::keystone::authtoken( - $username = 'magnum', - $password = $::os_service_default, - $auth_url = 'http://localhost:5000', - $project_name = 'services', - $user_domain_name = 'Default', - $project_domain_name = 'Default', - $insecure = $::os_service_default, - $auth_section = $::os_service_default, - $auth_type = 'password', - $www_authenticate_uri = 'http://localhost:5000', - $auth_version = $::os_service_default, - $cache = $::os_service_default, - $cafile = $::os_service_default, - $certfile = $::os_service_default, - $delay_auth_decision = $::os_service_default, - $enforce_token_bind = $::os_service_default, - $http_connect_timeout = $::os_service_default, - $http_request_max_retries = $::os_service_default, - $include_service_catalog = $::os_service_default, - $keyfile = $::os_service_default, - $memcache_pool_conn_get_timeout = $::os_service_default, - $memcache_pool_dead_retry = $::os_service_default, - $memcache_pool_maxsize = $::os_service_default, - $memcache_pool_socket_timeout = $::os_service_default, - $memcache_pool_unused_timeout = $::os_service_default, - $memcache_secret_key = $::os_service_default, - $memcache_security_strategy = $::os_service_default, - $memcache_use_advanced_pool = $::os_service_default, - $memcached_servers = $::os_service_default, - $manage_memcache_package = false, - $region_name = $::os_service_default, - $token_cache_time = $::os_service_default, - $service_token_roles_required = $::os_service_default, -) { - - include magnum::deps - - if is_service_default($password) { - fail('Please set password for magnum service user') - } - - keystone::resource::authtoken { 'magnum_config': - username => $username, - password => $password, - project_name => $project_name, - auth_url => $auth_url, - www_authenticate_uri => $www_authenticate_uri, - auth_version => $auth_version, - auth_type => $auth_type, - auth_section => $auth_section, - user_domain_name => $user_domain_name, - project_domain_name => $project_domain_name, - insecure => $insecure, - cache => $cache, - cafile => $cafile, - certfile => $certfile, - delay_auth_decision => $delay_auth_decision, - enforce_token_bind => $enforce_token_bind, - http_connect_timeout => $http_connect_timeout, - http_request_max_retries => $http_request_max_retries, - include_service_catalog => $include_service_catalog, - keyfile => $keyfile, - memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout, - memcache_pool_dead_retry => $memcache_pool_dead_retry, - memcache_pool_maxsize => $memcache_pool_maxsize, - memcache_pool_socket_timeout => $memcache_pool_socket_timeout, - memcache_secret_key => $memcache_secret_key, - memcache_security_strategy => $memcache_security_strategy, - memcache_use_advanced_pool => $memcache_use_advanced_pool, - memcache_pool_unused_timeout => $memcache_pool_unused_timeout, - memcached_servers => $memcached_servers, - manage_memcache_package => $manage_memcache_package, - region_name => $region_name, - token_cache_time => $token_cache_time, - service_token_roles_required => $service_token_roles_required, - } - magnum_config { - 'keystone_auth/cafile' : value => $cafile; - 'keystone_auth/keyfile' : value => $keyfile; - 'keystone_auth/certfile' : value => $certfile; - 'keystone_auth/insecure' : value => $insecure; - } -} +# class: magnum::keystone::authtoken +# +# Configure the keystone_authtoken section in the configuration file +# +# === Parameters +# +# [*username*] +# (Optional) The name of the service user +# Defaults to 'magnum' +# +# [*password*] +# (Required) Password to create for the service user +# Defaults to $::os_service_default +# +# [*auth_url*] +# (Optional) The URL to use for authentication. +# Defaults to 'http://localhost:5000' +# +# [*project_name*] +# (Optional) Service project name +# Defaults to 'services' +# +# [*user_domain_name*] +# (Optional) Name of domain for $username +# Defaults to 'Default' +# +# [*project_domain_name*] +# (Optional) Name of domain for $project_name +# Defaults to 'Default' +# +# [*insecure*] +# (Optional) If true, explicitly allow TLS without checking server cert +# against any certificate authorities. WARNING: not recommended. Use with +# caution. +# Defaults to $::os_service_default +# +# [*auth_section*] +# (Optional) Config Section from which to load plugin specific options +# Defaults to $::os_service_default. +# +# [*auth_type*] +# (Optional) Authentication type to load +# Defaults to 'password' +# +# [*www_authenticate_uri*] +# (Optional) Complete public Identity API endpoint. +# Defaults to 'http://localhost:5000' +# +# [*auth_version*] +# (Optional) API version of the admin Identity API endpoint. +# Defaults to $::os_service_default. +# +# [*cache*] +# (Optional) Env key for the swift cache. +# Defaults to $::os_service_default. +# +# [*cafile*] +# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. +# Defaults to $::os_service_default. +# +# [*certfile*] +# (Optional) Required if identity server requires client certificate +# Defaults to $::os_service_default. +# +# [*delay_auth_decision*] +# (Optional) Do not handle authorization requests within the middleware, but +# delegate the authorization decision to downstream WSGI components. Boolean +# value +# Defaults to $::os_service_default. +# +# [*enforce_token_bind*] +# (Optional) Used to control the use and type of token binding. Can be set +# to: "disabled" to not check token binding. "permissive" (default) to +# validate binding information if the bind type is of a form known to the +# server and ignore it if not. "strict" like "permissive" but if the bind +# type is unknown the token will be rejected. "required" any form of token +# binding is needed to be allowed. Finally the name of a binding method that +# must be present in tokens. String value. +# Defaults to $::os_service_default. +# +# [*http_connect_timeout*] +# (Optional) Request timeout value for communicating with Identity API server. +# Defaults to $::os_service_default. +# +# [*http_request_max_retries*] +# (Optional) How many times are we trying to reconnect when communicating +# with Identity API Server. Integer value +# Defaults to $::os_service_default. +# +# [*include_service_catalog*] +# (Optional) Indicate whether to set the X-Service-Catalog header. If False, +# middleware will not ask for service catalog on token validation and will not +# set the X-Service-Catalog header. Boolean value. +# Defaults to $::os_service_default. +# +# [*keyfile*] +# (Optional) Required if identity server requires client certificate +# Defaults to $::os_service_default. +# +# [*memcache_pool_conn_get_timeout*] +# (Optional) Number of seconds that an operation will wait to get a memcached +# client connection from the pool. Integer value +# Defaults to $::os_service_default. +# +# [*memcache_pool_dead_retry*] +# (Optional) Number of seconds memcached server is considered dead before it +# is tried again. Integer value +# Defaults to $::os_service_default. +# +# [*memcache_pool_maxsize*] +# (Optional) Maximum total number of open connections to every memcached +# server. Integer value +# Defaults to $::os_service_default. +# +# [*memcache_pool_socket_timeout*] +# (Optional) Number of seconds a connection to memcached is held unused in +# the pool before it is closed. Integer value +# Defaults to $::os_service_default. +# +# [*memcache_pool_unused_timeout*] +# (Optional) Number of seconds a connection to memcached is held unused in +# the pool before it is closed. Integer value +# Defaults to $::os_service_default. +# +# [*memcache_secret_key*] +# (Optional, mandatory if memcache_security_strategy is defined) This string +# is used for key derivation. +# Defaults to $::os_service_default. +# +# [*memcache_security_strategy*] +# (Optional) If defined, indicate whether token data should be authenticated +# or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) +# in the cache. If ENCRYPT, token data is encrypted and authenticated in the +# cache. If the value is not one of these options or empty, auth_token will +# raise an exception on initialization. +# Defaults to $::os_service_default. +# +# [*memcache_use_advanced_pool*] +# (Optional) Use the advanced (eventlet safe) memcached client pool. The +# advanced pool will only work under python 2.x Boolean value +# Defaults to $::os_service_default. +# +# [*memcached_servers*] +# (Optional) Optionally specify a list of memcached server(s) to use for +# caching. If left undefined, tokens will instead be cached in-process. +# Defaults to $::os_service_default. +# +# [*manage_memcache_package*] +# (Optional) Whether to install the python-memcache package. +# Defaults to false. +# +# [*region_name*] +# (Optional) The region in which the identity server can be found. +# Defaults to $::os_service_default. +# +# [*token_cache_time*] +# (Optional) In order to prevent excessive effort spent validating tokens, +# the middleware caches previously-seen tokens for a configurable duration +# (in seconds). Set to -1 to disable caching completely. Integer value +# Defaults to $::os_service_default. +# +# [*service_token_roles_required*] +# (optional) backwards compatibility to ensure that the service tokens are +# compared against a list of possible roles for validity +# true/false +# Defaults to $::os_service_default. +# +class magnum::keystone::authtoken( + $username = 'magnum', + $password = $::os_service_default, + $auth_url = 'http://localhost:5000', + $project_name = 'services', + $user_domain_name = 'Default', + $project_domain_name = 'Default', + $insecure = $::os_service_default, + $auth_section = $::os_service_default, + $auth_type = 'password', + $www_authenticate_uri = 'http://localhost:5000', + $auth_version = $::os_service_default, + $cache = $::os_service_default, + $cafile = $::os_service_default, + $certfile = $::os_service_default, + $delay_auth_decision = $::os_service_default, + $enforce_token_bind = $::os_service_default, + $http_connect_timeout = $::os_service_default, + $http_request_max_retries = $::os_service_default, + $include_service_catalog = $::os_service_default, + $keyfile = $::os_service_default, + $memcache_pool_conn_get_timeout = $::os_service_default, + $memcache_pool_dead_retry = $::os_service_default, + $memcache_pool_maxsize = $::os_service_default, + $memcache_pool_socket_timeout = $::os_service_default, + $memcache_pool_unused_timeout = $::os_service_default, + $memcache_secret_key = $::os_service_default, + $memcache_security_strategy = $::os_service_default, + $memcache_use_advanced_pool = $::os_service_default, + $memcached_servers = $::os_service_default, + $manage_memcache_package = false, + $region_name = $::os_service_default, + $token_cache_time = $::os_service_default, + $service_token_roles_required = $::os_service_default, +) { + + include magnum::deps + + if is_service_default($password) { + fail('Please set password for magnum service user') + } + + keystone::resource::authtoken { 'magnum_config': + username => $username, + password => $password, + project_name => $project_name, + auth_url => $auth_url, + www_authenticate_uri => $www_authenticate_uri, + auth_version => $auth_version, + auth_type => $auth_type, + auth_section => $auth_section, + user_domain_name => $user_domain_name, + project_domain_name => $project_domain_name, + insecure => $insecure, + cache => $cache, + cafile => $cafile, + certfile => $certfile, + delay_auth_decision => $delay_auth_decision, + enforce_token_bind => $enforce_token_bind, + http_connect_timeout => $http_connect_timeout, + http_request_max_retries => $http_request_max_retries, + include_service_catalog => $include_service_catalog, + keyfile => $keyfile, + memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout, + memcache_pool_dead_retry => $memcache_pool_dead_retry, + memcache_pool_maxsize => $memcache_pool_maxsize, + memcache_pool_socket_timeout => $memcache_pool_socket_timeout, + memcache_secret_key => $memcache_secret_key, + memcache_security_strategy => $memcache_security_strategy, + memcache_use_advanced_pool => $memcache_use_advanced_pool, + memcache_pool_unused_timeout => $memcache_pool_unused_timeout, + memcached_servers => $memcached_servers, + manage_memcache_package => $manage_memcache_package, + region_name => $region_name, + token_cache_time => $token_cache_time, + service_token_roles_required => $service_token_roles_required, + } + magnum_config { + 'keystone_auth/cafile' : value => $cafile; + 'keystone_auth/keyfile' : value => $keyfile; + 'keystone_auth/certfile' : value => $certfile; + 'keystone_auth/insecure' : value => $insecure; + } +}