Add system/project reader roles parameters

Change-Id: I34640f6245ad94d32c0a8eba46bf5ffc5e2efb81

manifests/proxy/keystone.pp

@@ -20,23 +20,39 @@
 #    (Optional)
 #    Defaults to Undef.
 #
+#  [*project_reader_roles*]
+#    Project reader roles are similar to account owners, but are not
+#    allowed to write any data.
+#    (Optional)
+#    Default to $::os_service_default
+#
+#  [*system_reader_roles*]
+#    System reader roles are similar to reseller_admin_roles, but are not
+#    allowed to write any data.
+#    (Optional)
+#    Default to $::os_service_default
+#
 # == Authors
 #
 #  Dan Bode dan@puppetlabs.com
 #  Francois Charlier fcharlier@ploup.net
 #
 class swift::proxy::keystone(
-  $operator_roles      = ['admin', 'SwiftOperator'],
+  $operator_roles       = ['admin', 'SwiftOperator'],
-  $reseller_prefix     = 'AUTH_',
+  $reseller_prefix      = 'AUTH_',
-  $reseller_admin_role = undef,
+  $reseller_admin_role  = undef,
+  $project_reader_roles = $::os_service_default,
+  $system_reader_roles  = $::os_service_default,
 ) {
 
   include swift::deps
 
   swift_proxy_config {
-    'filter:keystone/use':                 value => 'egg:swift#keystoneauth';
+    'filter:keystone/use':                  value => 'egg:swift#keystoneauth';
-    'filter:keystone/operator_roles':      value => join(any2array($operator_roles), ', ');
+    'filter:keystone/operator_roles':       value => join(any2array($operator_roles), ', ');
-    'filter:keystone/reseller_prefix':     value => $reseller_prefix;
+    'filter:keystone/reseller_prefix':      value => $reseller_prefix;
-    'filter:keystone/reseller_admin_role': value => $reseller_admin_role;
+    'filter:keystone/reseller_admin_role':  value => $reseller_admin_role;
+    'filter:keystone/project_reader_roles': value => join(any2array($project_reader_roles), ', ');
+    'filter:keystone/system_reader_roles':  value => join(any2array($system_reader_roles), ', ');
   }
 }

releasenotes/notes/swift-add-role-parameters-0caf7caa8bf6a931.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Adds new parameters to set system and project reader role configs in Swift.

spec/classes/swift_proxy_keystone_spec.rb

@@ -7,19 +7,25 @@ describe 'swift::proxy::keystone' do
     describe 'with defaults' do
       it { is_expected.to contain_swift_proxy_config('filter:keystone/operator_roles').with_value('admin, SwiftOperator') }
       it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_prefix').with_value('AUTH_') }
+      it { is_expected.to contain_swift_proxy_config('filter:keystone/project_reader_roles').with_value('<SERVICE DEFAULT>') }
+      it { is_expected.to contain_swift_proxy_config('filter:keystone/system_reader_roles').with_value('<SERVICE DEFAULT>') }
     end
 
     describe 'with parameter overrides' do
       let :params do
         {
-          :operator_roles      => 'foo',
+          :operator_roles       => 'foo',
-          :reseller_prefix     => 'SWIFT_',
+          :reseller_prefix      => 'SWIFT_',
-          :reseller_admin_role => 'ResellerAdmin'
+          :reseller_admin_role  => 'ResellerAdmin',
+          :project_reader_roles => ['SwiftProjectReader'],
+          :system_reader_roles  => ['SwiftSystemReader'],
         }
 
         it { is_expected.to contain_swift_proxy_config('filter:keystone/operator_roles').with_value('foo') }
         it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_prefix').with_value('SWIFT_') }
         it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_admin_role').with_value('ResellerAdmin') }
+        it { is_expected.to contain_swift_proxy_config('filter:keystone/project_reader_roles').with_value('SwiftProjectReader') }
+        it { is_expected.to contain_swift_proxy_config('filter:keystone/system_reader_roles').with_value('SwiftSystemReader') }
       end
     end
   end