Merge "Create swift operator keystone roles"
This commit is contained in:
commit
5b450c8e25
@ -1,3 +1,22 @@
|
|||||||
|
# == Class: swift::keystone::auth
|
||||||
|
#
|
||||||
|
# This class creates keystone users, services, endpoints, and roles
|
||||||
|
# for swift services.
|
||||||
|
#
|
||||||
|
# The user is given the admin role in the services tenant.
|
||||||
|
#
|
||||||
|
# === Parameters
|
||||||
|
# [*auth_user*]
|
||||||
|
# String. The name of the user.
|
||||||
|
# Optional. Defaults to 'swift'.
|
||||||
|
#
|
||||||
|
# [*password*]
|
||||||
|
# String. The user's password.
|
||||||
|
# Optional. Defaults to 'swift_password'.
|
||||||
|
#
|
||||||
|
# [*operator_roles*]
|
||||||
|
# Array of strings. List of roles Swift considers as admin.
|
||||||
|
#
|
||||||
class swift::keystone::auth(
|
class swift::keystone::auth(
|
||||||
$auth_name = 'swift',
|
$auth_name = 'swift',
|
||||||
$password = 'swift_password',
|
$password = 'swift_password',
|
||||||
@ -6,6 +25,7 @@ class swift::keystone::auth(
|
|||||||
$tenant = 'services',
|
$tenant = 'services',
|
||||||
$email = 'swift@localhost',
|
$email = 'swift@localhost',
|
||||||
$region = 'RegionOne',
|
$region = 'RegionOne',
|
||||||
|
$operator_roles = ['admin', 'SwiftOperator'],
|
||||||
$public_protocol = 'http',
|
$public_protocol = 'http',
|
||||||
$public_address = undef,
|
$public_address = undef,
|
||||||
$public_port = undef,
|
$public_port = undef,
|
||||||
@ -73,5 +93,9 @@ if $address != '127.0.0.1' {
|
|||||||
admin_url => "http://${real_admin_address}:${port}",
|
admin_url => "http://${real_admin_address}:${port}",
|
||||||
internal_url => "http://${real_internal_address}:${port}",
|
internal_url => "http://${real_internal_address}:${port}",
|
||||||
}
|
}
|
||||||
|
if $operator_roles {
|
||||||
|
#Roles like "admin" may be defined elsewhere, so use ensure_resource
|
||||||
|
ensure_resource('keystone_role', $operator_roles, { 'ensure' => 'present' })
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -4,8 +4,10 @@
|
|||||||
# == Parameters
|
# == Parameters
|
||||||
# [operator_roles] a list of keystone roles a user must have to gain
|
# [operator_roles] a list of keystone roles a user must have to gain
|
||||||
# access to Swift.
|
# access to Swift.
|
||||||
# Optional. Dfeaults to ['admin', 'SwiftOperator']
|
# Optional. Defaults to ['admin', 'SwiftOperator']
|
||||||
# Must be an array of strings
|
# Must be an array of strings
|
||||||
|
# Swift operator roles must be defined in swift::keystone::auth because
|
||||||
|
# keystone API access is usually not available on Swift proxy nodes.
|
||||||
# [is_admin] Set to true to allow users to set ACLs on their account.
|
# [is_admin] Set to true to allow users to set ACLs on their account.
|
||||||
# Optional. Defaults to true.
|
# Optional. Defaults to true.
|
||||||
#
|
#
|
||||||
|
@ -40,6 +40,10 @@ describe 'swift::keystone::auth' do
|
|||||||
:admin_url => 'http://127.0.0.1:8080',
|
:admin_url => 'http://127.0.0.1:8080',
|
||||||
:internal_url => 'http://127.0.0.1:8080'
|
:internal_url => 'http://127.0.0.1:8080'
|
||||||
) }
|
) }
|
||||||
|
|
||||||
|
['admin', 'SwiftOperator'].each do |role_name|
|
||||||
|
it { should contain_keystone_role(role_name).with_ensure('present') }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'when overriding public_port, public address, admin_address and internal_address' do
|
describe 'when overriding public_port, public address, admin_address and internal_address' do
|
||||||
@ -133,4 +137,17 @@ describe 'swift::keystone::auth' do
|
|||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'when overriding operator_roles' do
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:operator_roles => 'foo',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_keystone_role('foo').with(
|
||||||
|
:ensure => 'present'
|
||||||
|
) }
|
||||||
|
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user