Merge "Add auth_admin_prefix and custom auth_uri params"

manifests/proxy/authtoken.pp

@@ -21,6 +21,12 @@
 #    Defaults to 3557.
 #  [auth_protocol] Protocol to use to communicate with keystone. Optional.
 #    Defaults to https.
+#  [auth_admin_prefix] path part of the auth url. Optional.
+#    This allows admin auth URIs like http://host/keystone/admin/v2.0.
+#    Defaults to false for empty. It defined, should be a string with a leading '/' and no trailing '/'.
+#  [auth_uri] The public auth url to redirect unauthenticated requests.
+#    Defaults to false to be expanded to '${auth_protocol}://${auth_host}:5000'.
+#    Should be set to your public keystone endpoint (without version).
 #
 # == Authors
 #
@@ -38,13 +44,23 @@ class swift::proxy::authtoken(
   $auth_host           = '127.0.0.1',
   $auth_port           = '35357',
   $auth_protocol       = 'http',
+  $auth_admin_prefix   = false,
+  $auth_uri            = false,
   $delay_auth_decision = 1,
   $admin_token         = false
 ) {
 
-  $auth_uri = "${auth_protocol}://${auth_host}:5000"
+  if $auth_uri {
+    $auth_uri_real = $auth_uri
+  } else {
+    $auth_uri_real = "${auth_protocol}://${auth_host}:5000"
+  }
   $fragment_title    = regsubst($name, '/', '_', 'G')
 
+  if $auth_admin_prefix {
+    validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+  }
+
   concat::fragment { "swift_authtoken":
     target  => '/etc/swift/proxy-server.conf',
     content => template('swift/proxy/authtoken.conf.erb'),

spec/classes/swift_proxy_authtoken_spec.rb

@@ -39,15 +39,90 @@ describe 'swift::proxy::authtoken' do
     end
   end
 
-  describe "when override parameters" do
+  describe "when overriding admin_token" do
     let :params do
       {
         :admin_token => 'ADMINTOKEN'
       }
     end
 
-    it { should contain_file(fragment_file).with_content(/admin_token = ADMINTOKEN/) }
+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:authtoken]',
+          'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory',
+          'signing_dir = /etc/swift',
+          'auth_host = 127.0.0.1',
+          'auth_port = 35357',
+          'auth_protocol = http',
+          'auth_uri = http://127.0.0.1:5000',
+          'admin_token = ADMINTOKEN',
+          'delay_auth_decision = 1',
+        ]
+      )
+    end
+  end
+
+  describe "when overriding parameters" do
+    let :params do
+      {
+        :auth_host           => 'some.host',
+        :auth_port           => '443',
+        :auth_protocol       => 'https',
+        :auth_admin_prefix   => '/keystone/admin',
+        :admin_tenant_name   => 'admin',
+        :admin_user          => 'swiftuser',
+        :admin_password      => 'swiftpassword',
+        :delay_auth_decision => '0'
+      }
+    end
+
+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:authtoken]',
+          'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory',
+          'signing_dir = /etc/swift',
+          'auth_host = some.host',
+          'auth_port = 443',
+          'auth_protocol = https',
+          'auth_admin_prefix = /keystone/admin',
+          'auth_uri = https://some.host:5000',
+          'admin_tenant_name = admin',
+          'admin_user = swiftuser',
+          'admin_password = swiftpassword',
+          'delay_auth_decision = 0',
+        ]
+      )
+    end
+  end
+
+  describe 'when overriding auth_uri' do
+    let :params do
+      { :auth_uri => 'http://public.host/keystone/main' }
+    end
+
+    it { should contain_file(fragment_file).with_content(/auth_uri = http:\/\/public.host\/keystone\/main/)}
+  end
+
+  [
+    'keystone',
+    'keystone/',
+    '/keystone/',
+    '/keystone/admin/',
+    'keystone/admin/',
+    'keystone/admin'
+  ].each do |auth_admin_prefix|
+    describe "when overriding auth_admin_prefix with incorrect value #{auth_admin_prefix}" do
+      let :params do
+        { :auth_admin_prefix => auth_admin_prefix }
+      end
+
+      it { expect { should contain_file(fragment_file).with_content(/auth_admin_prefix = #{auth_admin_prefix}/) }.to \
+        raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
+    end
   end
 
 
+
 end

templates/proxy/authtoken.conf.erb

@@ -4,7 +4,10 @@ signing_dir = /etc/swift
 auth_host = <%= auth_host %>
 auth_port = <%= auth_port %>
 auth_protocol = <%= auth_protocol %>
-auth_uri = <%= auth_uri %>
+<% if auth_admin_prefix -%>
+auth_admin_prefix = <%= auth_admin_prefix %>
+<% end -%>
+auth_uri = <%= auth_uri_real %>
 # if its defined
 <% if admin_token -%>
 admin_token = <%= admin_token %>