Merge "Create swift operator keystone roles"

This commit is contained in:
Jenkins 2013-12-20 22:43:49 +00:00 committed by Gerrit Code Review
commit 5b450c8e25
3 changed files with 44 additions and 1 deletions

View File

@ -1,3 +1,22 @@
# == Class: swift::keystone::auth
#
# This class creates keystone users, services, endpoints, and roles
# for swift services.
#
# The user is given the admin role in the services tenant.
#
# === Parameters
# [*auth_user*]
# String. The name of the user.
# Optional. Defaults to 'swift'.
#
# [*password*]
# String. The user's password.
# Optional. Defaults to 'swift_password'.
#
# [*operator_roles*]
# Array of strings. List of roles Swift considers as admin.
#
class swift::keystone::auth( class swift::keystone::auth(
$auth_name = 'swift', $auth_name = 'swift',
$password = 'swift_password', $password = 'swift_password',
@ -6,6 +25,7 @@ class swift::keystone::auth(
$tenant = 'services', $tenant = 'services',
$email = 'swift@localhost', $email = 'swift@localhost',
$region = 'RegionOne', $region = 'RegionOne',
$operator_roles = ['admin', 'SwiftOperator'],
$public_protocol = 'http', $public_protocol = 'http',
$public_address = undef, $public_address = undef,
$public_port = undef, $public_port = undef,
@ -73,5 +93,9 @@ if $address != '127.0.0.1' {
admin_url => "http://${real_admin_address}:${port}", admin_url => "http://${real_admin_address}:${port}",
internal_url => "http://${real_internal_address}:${port}", internal_url => "http://${real_internal_address}:${port}",
} }
if $operator_roles {
#Roles like "admin" may be defined elsewhere, so use ensure_resource
ensure_resource('keystone_role', $operator_roles, { 'ensure' => 'present' })
}
} }

View File

@ -4,8 +4,10 @@
# == Parameters # == Parameters
# [operator_roles] a list of keystone roles a user must have to gain # [operator_roles] a list of keystone roles a user must have to gain
# access to Swift. # access to Swift.
# Optional. Dfeaults to ['admin', 'SwiftOperator'] # Optional. Defaults to ['admin', 'SwiftOperator']
# Must be an array of strings # Must be an array of strings
# Swift operator roles must be defined in swift::keystone::auth because
# keystone API access is usually not available on Swift proxy nodes.
# [is_admin] Set to true to allow users to set ACLs on their account. # [is_admin] Set to true to allow users to set ACLs on their account.
# Optional. Defaults to true. # Optional. Defaults to true.
# #

View File

@ -40,6 +40,10 @@ describe 'swift::keystone::auth' do
:admin_url => 'http://127.0.0.1:8080', :admin_url => 'http://127.0.0.1:8080',
:internal_url => 'http://127.0.0.1:8080' :internal_url => 'http://127.0.0.1:8080'
) } ) }
['admin', 'SwiftOperator'].each do |role_name|
it { should contain_keystone_role(role_name).with_ensure('present') }
end
end end
describe 'when overriding public_port, public address, admin_address and internal_address' do describe 'when overriding public_port, public address, admin_address and internal_address' do
@ -133,4 +137,17 @@ describe 'swift::keystone::auth' do
end end
describe 'when overriding operator_roles' do
let :params do
{
:operator_roles => 'foo',
}
end
it { should contain_keystone_role('foo').with(
:ensure => 'present'
) }
end
end end