openstack
/
puppet-swift
Code Issues Proposed changes

Add tempauth middleware options 

Tempauth middleware template included only example entries

This commit provides most options to configure tempauth middleware,
especialy an array of accounts/users hash which defines the authenticated
list available by tempauth

It's add by default the admin account/user
  user_admin_admin = admin .admin .reseller_admin

Change-Id: Ib67d7deeeb2f98a464d18813ae4569c28a04472a
This commit is contained in:
Guilherme Maluf 2015-07-28 16:55:48 -03:00
parent da4a0dd2ae
commit 62ba90a475
4 changed files with 250 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
manifests/proxy/tempauth.pp
View File

@ -1,6 +1,107 @@
# == class: swift::proxy::tempauth
# This class manage tempauth middleware
#
class swift::proxy::tempauth() {
# [*reseller_prefix*]
# The naming scope for the auth service. Swift storage accounts and
# auth tokens will begin with this prefix.
# Optional. Defaults to 'undef'
# Example: 'AUTH'.
#
# [*auth_prefix*]
# The HTTP request path prefix for the auth service. Swift itself
# reserves anything beginning with the letter v.
# Optional. Defaults to 'undef'
# Example: '/auth/'
#
# [*token_life*]
# The number of seconds a token is valid.
# Optional. Integer value. Defaults to 'undef'.
# Example: 81600
#
# [*allow_overrides*]
# Allows middleware higher in the WSGI pipeline to override auth
# processing
# Optional. Boolean. Defaults to 'undef'
# Example: true
#
# [*storage_url_scheme*]
# Scheme to return with storage urls: http, https, or default
# Optional. Possible values: http, https or default. Defaults to 'undef'
#
# [*account_user_list*]
# List all the accounts/users you want in an array of hash format.
# 'user' and 'account' should not include '_' (TODO).
# Defaults to:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# }
# ]
#
# Example of two account/user:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# },
# {
# 'user' => 'foo',
# 'account' => 'bar',
# 'key' => 'pass',
# 'groups' => [],
# },
# ]
#
# it will gerenate these lines
# user_admin_admin = admin .admin .reseller_admin
# user_bar_foo = pass
#
# == Authors
#
# Guilherme Maluf Balzana <guimalufb@gmail.com>
#
class swift::proxy::tempauth (
$account_user_list = [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
],
$reseller_prefix = undef,
$auth_prefix = undef,
$token_life = undef,
$allow_overrides = undef,
$storage_url_scheme = undef,
) {
validate_array($account_user_list)
if ($reseller_prefix) {
validate_string($reseller_prefix)
}
if ($token_life) {
validate_integer($token_life)
}
if ($auth_prefix) {
validate_re($auth_prefix,'\/(.*)+\/')
}
if ($allow_overrides) {
validate_bool($allow_overrides)
}
if ($storage_url_scheme) {
validate_re($storage_url_scheme, ['http','https','default'])
}
concat::fragment { 'swift-proxy-swauth':
target => '/etc/swift/proxy-server.conf',

103
spec/classes/swift_proxy_tempauth_spec.rb Normal file
View File

@ -0,0 +1,103 @@
require 'spec_helper'
describe 'swift::proxy::tempauth' do
let :default_params do {
'account_user_list' => [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
]
}
end
let :params do default_params end
let :pre_condition do
'class { "concat::setup": }
concat { "/etc/swift/proxy-server.conf": }'
end
let :fragment_file do
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/01_swift-proxy-swauth"
end
it { is_expected.to contain_file(fragment_file).with_content(/[filter:tempauth]/) }
it { is_expected.to contain_file(fragment_file).with_content(/use = egg:swift#tempauth/) }
it { is_expected.to_not contain_file(fragment_file).with_content(/reseller_prefix/) }
it { is_expected.to_not contain_file(fragment_file).with_content(/token_life/) }
it { is_expected.to_not contain_file(fragment_file).with_content(/auth_prefix/) }
it { is_expected.to_not contain_file(fragment_file).with_content(/storage_url_scheme/) }
it { is_expected.to contain_file(fragment_file).with_content(
/user_admin_admin = admin \.admin \.reseller_admin/
) }
context 'declaring two users' do
let :params do {
'account_user_list' => [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
{
'user' => 'foo',
'account' => 'bar',
'key' => 'pass',
'groups' => [ 'reseller_admin' ],
},
]
} end
it { is_expected.to contain_file(fragment_file).with_content(
/user_admin_admin = admin \.admin \.reseller_admin/
) }
it { is_expected.to contain_file(fragment_file).with_content(
/user_bar_foo = pass \.reseller_admin/
) }
end
context 'when group is empty' do
let :params do {
'account_user_list' => [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [],
},
]
} end
it { is_expected.to contain_file(fragment_file).with_content(
/user_admin_admin = admin $/
) }
end
context 'when undef params are set' do
let :params do {
'reseller_prefix' => 'auth',
'token_life' => 81600,
'auth_prefix' => '/auth/',
'storage_url_scheme' => 'http',
}.merge(default_params)
end
it { is_expected.to contain_file(fragment_file).with_content(/reseller_prefix = AUTH/) }
it { is_expected.to contain_file(fragment_file).with_content(/token_life = 81600/) }
it { is_expected.to contain_file(fragment_file).with_content(/auth_prefix = \/auth\//) }
it { is_expected.to contain_file(fragment_file).with_content(/storage_url_scheme = http/) }
describe "invalid params" do
['account_user_list', 'token_life', 'auth_prefix', 'storage_url_scheme'].each do |param|
let :params do { param => 'foobar' }.merge(default_params) end
it "invalid #{param} should fail" do
expect { catalogue }.to raise_error(Puppet::Error)
end
end
end
end
end

20
templates/proxy/tempauth.conf.erb
View File

@ -1,8 +1,18 @@
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
<% if @reseller_prefix -%>
reseller_prefix = <%= @reseller_prefix.upcase %>
<%end -%>
<% if @token_life -%>
token_life = <%= @token_life %>
<%end -%>
<% if @auth_prefix -%>
auth_prefix = <%= @auth_prefix %>
<%end -%>
<% if @storage_url_scheme -%>
storage_url_scheme = <%= @storage_url_scheme %>
<%end -%>
<% @account_user_list.each do |user| %>
user_<%= user['account'] %>_<%= user['user'] %> = <%= user['key'] %> <%= user['groups'].map { |g| '.' + g }.join(' ') %>
<% end %>

31
tests/all.pp
View File

@ -59,4 +59,33 @@ class { '::swift::proxy':
account_autocreate => true,
require => Class['swift::ringbuilder'],
}
class { ['::swift::proxy::healthcheck', '::swift::proxy::cache', '::swift::proxy::tempauth']: }
class { ['::swift::proxy::healthcheck', '::swift::proxy::cache']: }
class { '::swift::proxy::tempauth':
account_user_list => [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
{
'user' => 'tester',
'account' => 'test',
'key' => 'testing',
'groups' => ['admin'],
},
{
'user' => 'tester2',
'account' => 'test2',
'key' => 'testing2',
'groups' => ['admin'],
},
{
'user' => 'tester',
'account' => 'test',
'key' => 'testing3',
'groups' => [],
},
]
}