From 119ff9c3e081281208c9b7da4290e94456b6dfb7 Mon Sep 17 00:00:00 2001 From: Dan Prince <dprince@redhat.com> Date: Thu, 12 Mar 2015 10:28:23 -0400 Subject: [PATCH] Add support for identity_uri. This patch adds the ability to set a new identity_uri parameter. It also deprecates the old auth_host, auth_port, auth_protocol, and auth_admin_prefix parameters. Logic is in place so that users of the deprecated settings should have a smooth upgrade process and get deprecation warnings until they adopt the new settings. Change-Id: Ideefb4d824cbd5b4b83f9eb773a75e536e3458fb --- manifests/proxy/authtoken.pp | 29 +++++++++--- spec/classes/swift_proxy_authtoken_spec.rb | 52 ++++++++++++++++++++++ templates/proxy/authtoken.conf.erb | 6 +++ 3 files changed, 80 insertions(+), 7 deletions(-) diff --git a/manifests/proxy/authtoken.pp b/manifests/proxy/authtoken.pp index 6b9c3c38..27799ad3 100644 --- a/manifests/proxy/authtoken.pp +++ b/manifests/proxy/authtoken.pp @@ -45,15 +45,17 @@ class swift::proxy::authtoken( $admin_user = 'swift', $admin_tenant_name = 'services', $admin_password = 'password', + $auth_uri = false, + $identity_uri = false, + $delay_auth_decision = 1, + $admin_token = false, + $signing_dir = '/var/cache/swift', + $cache = 'swift.cache', + # DEPRECATED PARAMETERS $auth_host = '127.0.0.1', $auth_port = '35357', $auth_protocol = 'http', $auth_admin_prefix = false, - $auth_uri = false, - $delay_auth_decision = 1, - $admin_token = false, - $signing_dir = '/var/cache/swift', - $cache = 'swift.cache' ) { if $auth_uri { @@ -63,8 +65,21 @@ class swift::proxy::authtoken( } $fragment_title = regsubst($name, '/', '_', 'G') - if $auth_admin_prefix { - validate_re($auth_admin_prefix, '^(/.+[^/])?$') + # if both auth_uri and identity_uri are set we skip these deprecated warnings + if !$auth_uri or !$identity_uri { + if $auth_host { + warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.') + } + if $auth_port { + warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.') + } + if $auth_protocol { + warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.') + } + if $auth_admin_prefix { + warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.') + validate_re($auth_admin_prefix, '^(/.+[^/])?$') + } } file { $signing_dir: diff --git a/spec/classes/swift_proxy_authtoken_spec.rb b/spec/classes/swift_proxy_authtoken_spec.rb index dfa047d5..2188f7c3 100644 --- a/spec/classes/swift_proxy_authtoken_spec.rb +++ b/spec/classes/swift_proxy_authtoken_spec.rb @@ -145,6 +145,58 @@ describe 'swift::proxy::authtoken' do end end + describe "when identity_uri is set" do + let :params do + { + :identity_uri => 'https://foo.bar:35357/' + } + end + it 'should build the fragment with correct parameters' do + verify_contents(subject, fragment_file, + [ + '[filter:authtoken]', + 'log_name = swift', + 'signing_dir = /var/cache/swift', + 'paste.filter_factory = keystonemiddleware.auth_token:filter_factory', + 'auth_host = 127.0.0.1', + 'auth_port = 35357', + 'auth_protocol = http', + 'auth_uri = http://127.0.0.1:5000', + 'identity_uri = https://foo.bar:35357/', + 'delay_auth_decision = 1', + 'cache = swift.cache', + 'include_service_catalog = False' + ] + ) + end + end + + + + describe "when both auth_uri and identity_uri are set" do + let :params do + { + :auth_uri => 'https://foo.bar:5000/v2.0/', + :identity_uri => 'https://foo.bar:35357/' + } + end + + it 'should build the fragment with correct parameters' do + verify_contents(subject, fragment_file, + [ + '[filter:authtoken]', + 'log_name = swift', + 'signing_dir = /var/cache/swift', + 'paste.filter_factory = keystonemiddleware.auth_token:filter_factory', + 'auth_uri = https://foo.bar:5000/v2.0/', + 'identity_uri = https://foo.bar:35357/', + 'delay_auth_decision = 1', + 'cache = swift.cache', + 'include_service_catalog = False' + ] + ) + end + end end diff --git a/templates/proxy/authtoken.conf.erb b/templates/proxy/authtoken.conf.erb index 59f23b15..b66c24b5 100644 --- a/templates/proxy/authtoken.conf.erb +++ b/templates/proxy/authtoken.conf.erb @@ -2,13 +2,19 @@ log_name = swift signing_dir = <%= @signing_dir %> paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +<% if not @identity_uri or not @auth_uri then -%> auth_host = <%= @auth_host %> auth_port = <%= @auth_port %> auth_protocol = <%= @auth_protocol %> <% if @auth_admin_prefix -%> auth_admin_prefix = <%= @auth_admin_prefix %> <% end -%> +<% end -%> auth_uri = <%= @auth_uri_real %> +<% if @identity_uri -%> +identity_uri = <%= @identity_uri %> +<% end -%> # if its defined <% if @admin_token -%> admin_token = <%= @admin_token %>