Add support for identity_uri.

This patch adds the ability to set a new identity_uri parameter.
It also deprecates the old auth_host, auth_port, auth_protocol,
and auth_admin_prefix parameters. Logic is in place so that
users of the deprecated settings should have a smooth upgrade
process and get deprecation warnings until they adopt the
new settings.

Change-Id: Ideefb4d824cbd5b4b83f9eb773a75e536e3458fb
This commit is contained in:
Dan Prince 2015-03-12 10:28:23 -04:00 committed by Gael Chamoulaud
parent a5c52d2a2d
commit 119ff9c3e0
3 changed files with 80 additions and 7 deletions
manifests/proxy
spec/classes
templates/proxy

@ -45,15 +45,17 @@ class swift::proxy::authtoken(
$admin_user = 'swift', $admin_user = 'swift',
$admin_tenant_name = 'services', $admin_tenant_name = 'services',
$admin_password = 'password', $admin_password = 'password',
$auth_uri = false,
$identity_uri = false,
$delay_auth_decision = 1,
$admin_token = false,
$signing_dir = '/var/cache/swift',
$cache = 'swift.cache',
# DEPRECATED PARAMETERS
$auth_host = '127.0.0.1', $auth_host = '127.0.0.1',
$auth_port = '35357', $auth_port = '35357',
$auth_protocol = 'http', $auth_protocol = 'http',
$auth_admin_prefix = false, $auth_admin_prefix = false,
$auth_uri = false,
$delay_auth_decision = 1,
$admin_token = false,
$signing_dir = '/var/cache/swift',
$cache = 'swift.cache'
) { ) {
if $auth_uri { if $auth_uri {
@ -63,8 +65,21 @@ class swift::proxy::authtoken(
} }
$fragment_title = regsubst($name, '/', '_', 'G') $fragment_title = regsubst($name, '/', '_', 'G')
if $auth_admin_prefix { # if both auth_uri and identity_uri are set we skip these deprecated warnings
validate_re($auth_admin_prefix, '^(/.+[^/])?$') if !$auth_uri or !$identity_uri {
if $auth_host {
warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
}
if $auth_port {
warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
}
if $auth_protocol {
warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
}
if $auth_admin_prefix {
warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
}
} }
file { $signing_dir: file { $signing_dir:

@ -145,6 +145,58 @@ describe 'swift::proxy::authtoken' do
end end
end end
describe "when identity_uri is set" do
let :params do
{
:identity_uri => 'https://foo.bar:35357/'
}
end
it 'should build the fragment with correct parameters' do
verify_contents(subject, fragment_file,
[
'[filter:authtoken]',
'log_name = swift',
'signing_dir = /var/cache/swift',
'paste.filter_factory = keystonemiddleware.auth_token:filter_factory',
'auth_host = 127.0.0.1',
'auth_port = 35357',
'auth_protocol = http',
'auth_uri = http://127.0.0.1:5000',
'identity_uri = https://foo.bar:35357/',
'delay_auth_decision = 1',
'cache = swift.cache',
'include_service_catalog = False'
]
)
end
end
describe "when both auth_uri and identity_uri are set" do
let :params do
{
:auth_uri => 'https://foo.bar:5000/v2.0/',
:identity_uri => 'https://foo.bar:35357/'
}
end
it 'should build the fragment with correct parameters' do
verify_contents(subject, fragment_file,
[
'[filter:authtoken]',
'log_name = swift',
'signing_dir = /var/cache/swift',
'paste.filter_factory = keystonemiddleware.auth_token:filter_factory',
'auth_uri = https://foo.bar:5000/v2.0/',
'identity_uri = https://foo.bar:35357/',
'delay_auth_decision = 1',
'cache = swift.cache',
'include_service_catalog = False'
]
)
end
end
end end

@ -2,13 +2,19 @@
log_name = swift log_name = swift
signing_dir = <%= @signing_dir %> signing_dir = <%= @signing_dir %>
paste.filter_factory = keystonemiddleware.auth_token:filter_factory paste.filter_factory = keystonemiddleware.auth_token:filter_factory
<% if not @identity_uri or not @auth_uri then -%>
auth_host = <%= @auth_host %> auth_host = <%= @auth_host %>
auth_port = <%= @auth_port %> auth_port = <%= @auth_port %>
auth_protocol = <%= @auth_protocol %> auth_protocol = <%= @auth_protocol %>
<% if @auth_admin_prefix -%> <% if @auth_admin_prefix -%>
auth_admin_prefix = <%= @auth_admin_prefix %> auth_admin_prefix = <%= @auth_admin_prefix %>
<% end -%> <% end -%>
<% end -%>
auth_uri = <%= @auth_uri_real %> auth_uri = <%= @auth_uri_real %>
<% if @identity_uri -%>
identity_uri = <%= @identity_uri %>
<% end -%>
# if its defined # if its defined
<% if @admin_token -%> <% if @admin_token -%>
admin_token = <%= @admin_token %> admin_token = <%= @admin_token %>