diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp index 3247f2b1..b6ea0364 100644 --- a/manifests/keystone/auth.pp +++ b/manifests/keystone/auth.pp @@ -1,3 +1,22 @@ +# == Class: swift::keystone::auth +# +# This class creates keystone users, services, endpoints, and roles +# for swift services. +# +# The user is given the admin role in the services tenant. +# +# === Parameters +# [*auth_user*] +# String. The name of the user. +# Optional. Defaults to 'swift'. +# +# [*password*] +# String. The user's password. +# Optional. Defaults to 'swift_password'. +# +# [*operator_roles*] +# Array of strings. List of roles Swift considers as admin. +# class swift::keystone::auth( $auth_name = 'swift', $password = 'swift_password', @@ -6,6 +25,7 @@ class swift::keystone::auth( $tenant = 'services', $email = 'swift@localhost', $region = 'RegionOne', + $operator_roles = ['admin', 'SwiftOperator'], $public_protocol = 'http', $public_address = undef, $public_port = undef, @@ -73,5 +93,9 @@ if $address != '127.0.0.1' { admin_url => "http://${real_admin_address}:${port}", internal_url => "http://${real_internal_address}:${port}", } + if $operator_roles { + #Roles like "admin" may be defined elsewhere, so use ensure_resource + ensure_resource('keystone_role', $operator_roles, { 'ensure' => 'present' }) + } } diff --git a/manifests/proxy/keystone.pp b/manifests/proxy/keystone.pp index 5bb5e973..7b9dca88 100644 --- a/manifests/proxy/keystone.pp +++ b/manifests/proxy/keystone.pp @@ -4,8 +4,10 @@ # == Parameters # [operator_roles] a list of keystone roles a user must have to gain # access to Swift. -# Optional. Dfeaults to ['admin', 'SwiftOperator'] +# Optional. Defaults to ['admin', 'SwiftOperator'] # Must be an array of strings +# Swift operator roles must be defined in swift::keystone::auth because +# keystone API access is usually not available on Swift proxy nodes. # [is_admin] Set to true to allow users to set ACLs on their account. # Optional. Defaults to true. # diff --git a/spec/classes/swift_keystone_auth_spec.rb b/spec/classes/swift_keystone_auth_spec.rb index c03a4729..7f72b563 100644 --- a/spec/classes/swift_keystone_auth_spec.rb +++ b/spec/classes/swift_keystone_auth_spec.rb @@ -40,6 +40,10 @@ describe 'swift::keystone::auth' do :admin_url => 'http://127.0.0.1:8080', :internal_url => 'http://127.0.0.1:8080' ) } + + ['admin', 'SwiftOperator'].each do |role_name| + it { should contain_keystone_role(role_name).with_ensure('present') } + end end describe 'when overriding public_port, public address, admin_address and internal_address' do @@ -133,4 +137,17 @@ describe 'swift::keystone::auth' do end + describe 'when overriding operator_roles' do + + let :params do + { + :operator_roles => 'foo', + } + end + + it { should contain_keystone_role('foo').with( + :ensure => 'present' + ) } + + end end