Add support for identity_uri.

This patch adds the ability to set a new identity_uri parameter. It also deprecates the old auth_host, auth_port, auth_protocol, and auth_admin_prefix parameters. Logic is in place so that users of the deprecated settings should have a smooth upgrade process and get deprecation warnings until they adopt the new settings. Change-Id: Ideefb4d824cbd5b4b83f9eb773a75e536e3458fb
2015-03-12 10:28:23 -04:00 · 2015-03-12 10:28:23 -04:00 · 119ff9c3e0
commit 119ff9c3e0
parent a5c52d2a2d
3 changed files with 80 additions and 7 deletions
--- a/manifests/proxy/authtoken.pp
+++ b/manifests/proxy/authtoken.pp
@ -45,15 +45,17 @@ class swift::proxy::authtoken(
  $admin_user          = 'swift',
  $admin_tenant_name   = 'services',
  $admin_password      = 'password',
+  $auth_uri            = false,
+  $identity_uri        = false,
+  $delay_auth_decision = 1,
+  $admin_token         = false,
+  $signing_dir         = '/var/cache/swift',
+  $cache               = 'swift.cache',
+  # DEPRECATED PARAMETERS
  $auth_host           = '127.0.0.1',
  $auth_port           = '35357',
  $auth_protocol       = 'http',
  $auth_admin_prefix   = false,
-  $auth_uri            = false,
-  $delay_auth_decision = 1,
-  $admin_token         = false,
-  $signing_dir         = '/var/cache/swift',
-  $cache               = 'swift.cache'
 ) {

  if $auth_uri {
@ -63,8 +65,21 @@ class swift::proxy::authtoken(
  }
  $fragment_title    = regsubst($name, '/', '_', 'G')

-  if $auth_admin_prefix {
-    validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+  # if both auth_uri and identity_uri are set we skip these deprecated warnings
+  if !$auth_uri or !$identity_uri {
+    if $auth_host {
+      warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
+    }
+    if $auth_port {
+      warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
+    }
+    if $auth_protocol {
+      warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
+    }
+    if $auth_admin_prefix {
+      warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+    }
  }

  file { $signing_dir:
--- a/spec/classes/swift_proxy_authtoken_spec.rb
+++ b/spec/classes/swift_proxy_authtoken_spec.rb
@ -145,6 +145,58 @@ describe 'swift::proxy::authtoken' do
    end
  end

+  describe "when identity_uri is set" do
+    let :params do
+      {
+        :identity_uri => 'https://foo.bar:35357/'
+      }
+    end

+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:authtoken]',
+          'log_name = swift',
+          'signing_dir = /var/cache/swift',
+          'paste.filter_factory = keystonemiddleware.auth_token:filter_factory',
+          'auth_host = 127.0.0.1',
+          'auth_port = 35357',
+          'auth_protocol = http',
+          'auth_uri = http://127.0.0.1:5000',
+          'identity_uri = https://foo.bar:35357/',
+          'delay_auth_decision = 1',
+          'cache = swift.cache',
+          'include_service_catalog = False'
+        ]
+      )
+    end
+  end
+
+
+
+  describe "when both auth_uri and identity_uri are set" do
+    let :params do
+      {
+        :auth_uri => 'https://foo.bar:5000/v2.0/',
+        :identity_uri => 'https://foo.bar:35357/'
+      }
+    end
+
+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:authtoken]',
+          'log_name = swift',
+          'signing_dir = /var/cache/swift',
+          'paste.filter_factory = keystonemiddleware.auth_token:filter_factory',
+          'auth_uri = https://foo.bar:5000/v2.0/',
+          'identity_uri = https://foo.bar:35357/',
+          'delay_auth_decision = 1',
+          'cache = swift.cache',
+          'include_service_catalog = False'
+        ]
+      )
+    end
+  end

 end
--- a/templates/proxy/authtoken.conf.erb
+++ b/templates/proxy/authtoken.conf.erb
@ -2,13 +2,19 @@
 log_name = swift
 signing_dir = <%= @signing_dir %>
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+<% if not @identity_uri or not @auth_uri then -%>
 auth_host = <%= @auth_host %>
 auth_port = <%= @auth_port %>
 auth_protocol = <%= @auth_protocol %>
 <% if @auth_admin_prefix -%>
 auth_admin_prefix = <%= @auth_admin_prefix %>
 <% end -%>
+<% end -%>
 auth_uri = <%= @auth_uri_real %>
+<% if @identity_uri -%>
+identity_uri = <%= @identity_uri %>
+<% end -%>
 # if its defined
 <% if @admin_token -%>
 admin_token = <%= @admin_token %>