diff --git a/manifests/proxy/keystone.pp b/manifests/proxy/keystone.pp index 45256baf..790fcb31 100644 --- a/manifests/proxy/keystone.pp +++ b/manifests/proxy/keystone.pp @@ -20,23 +20,39 @@ # (Optional) # Defaults to Undef. # +# [*project_reader_roles*] +# Project reader roles are similar to account owners, but are not +# allowed to write any data. +# (Optional) +# Default to $::os_service_default +# +# [*system_reader_roles*] +# System reader roles are similar to reseller_admin_roles, but are not +# allowed to write any data. +# (Optional) +# Default to $::os_service_default +# # == Authors # # Dan Bode dan@puppetlabs.com # Francois Charlier fcharlier@ploup.net # class swift::proxy::keystone( - $operator_roles = ['admin', 'SwiftOperator'], - $reseller_prefix = 'AUTH_', - $reseller_admin_role = undef, + $operator_roles = ['admin', 'SwiftOperator'], + $reseller_prefix = 'AUTH_', + $reseller_admin_role = undef, + $project_reader_roles = $::os_service_default, + $system_reader_roles = $::os_service_default, ) { include swift::deps swift_proxy_config { - 'filter:keystone/use': value => 'egg:swift#keystoneauth'; - 'filter:keystone/operator_roles': value => join(any2array($operator_roles), ', '); - 'filter:keystone/reseller_prefix': value => $reseller_prefix; - 'filter:keystone/reseller_admin_role': value => $reseller_admin_role; + 'filter:keystone/use': value => 'egg:swift#keystoneauth'; + 'filter:keystone/operator_roles': value => join(any2array($operator_roles), ', '); + 'filter:keystone/reseller_prefix': value => $reseller_prefix; + 'filter:keystone/reseller_admin_role': value => $reseller_admin_role; + 'filter:keystone/project_reader_roles': value => join(any2array($project_reader_roles), ', '); + 'filter:keystone/system_reader_roles': value => join(any2array($system_reader_roles), ', '); } } diff --git a/releasenotes/notes/swift-add-role-parameters-0caf7caa8bf6a931.yaml b/releasenotes/notes/swift-add-role-parameters-0caf7caa8bf6a931.yaml new file mode 100644 index 00000000..3ea0ceff --- /dev/null +++ b/releasenotes/notes/swift-add-role-parameters-0caf7caa8bf6a931.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Adds new parameters to set system and project reader role configs in Swift. diff --git a/spec/classes/swift_proxy_keystone_spec.rb b/spec/classes/swift_proxy_keystone_spec.rb index 6c336531..e56a9ca7 100644 --- a/spec/classes/swift_proxy_keystone_spec.rb +++ b/spec/classes/swift_proxy_keystone_spec.rb @@ -7,19 +7,25 @@ describe 'swift::proxy::keystone' do describe 'with defaults' do it { is_expected.to contain_swift_proxy_config('filter:keystone/operator_roles').with_value('admin, SwiftOperator') } it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_prefix').with_value('AUTH_') } + it { is_expected.to contain_swift_proxy_config('filter:keystone/project_reader_roles').with_value('') } + it { is_expected.to contain_swift_proxy_config('filter:keystone/system_reader_roles').with_value('') } end describe 'with parameter overrides' do let :params do { - :operator_roles => 'foo', - :reseller_prefix => 'SWIFT_', - :reseller_admin_role => 'ResellerAdmin' + :operator_roles => 'foo', + :reseller_prefix => 'SWIFT_', + :reseller_admin_role => 'ResellerAdmin', + :project_reader_roles => ['SwiftProjectReader'], + :system_reader_roles => ['SwiftSystemReader'], } it { is_expected.to contain_swift_proxy_config('filter:keystone/operator_roles').with_value('foo') } it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_prefix').with_value('SWIFT_') } it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_admin_role').with_value('ResellerAdmin') } + it { is_expected.to contain_swift_proxy_config('filter:keystone/project_reader_roles').with_value('SwiftProjectReader') } + it { is_expected.to contain_swift_proxy_config('filter:keystone/system_reader_roles').with_value('SwiftSystemReader') } end end end