openstack
/
puppet-swift
Code Issues Proposed changes

Merge "Deprecate the remaining option for Keystone PKI token"

This commit is contained in:
Zuul 2020-06-11 16:34:46 +00:00 committed by Gerrit Code Review
parent 91a9151aeb 424b861a57
commit d02e1351ce
4 changed files with 15 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
manifests/params.pp
View File

@ -34,11 +34,6 @@ class swift::params {
$account_auditor_service_name = 'swift-account-auditor'
$account_reaper_service_name = 'swift-account-reaper'
$account_replicator_service_name = 'swift-account-replicator'
if ($::os_package_type == 'debian') {
$signing_dir = '/var/lib/swift'
}else{
$signing_dir = '/var/cache/swift'
}
}
'RedHat': {
$package_name = 'openstack-swift'
@ -64,7 +59,6 @@ class swift::params {
$account_auditor_service_name = 'openstack-swift-account-auditor'
$account_reaper_service_name = 'openstack-swift-account-reaper'
$account_replicator_service_name = 'openstack-swift-account-replicator'
$signing_dir = '/var/cache/swift'
}
default: {
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \

27
manifests/proxy/authtoken.pp
View File

@ -9,10 +9,6 @@
# delegate the authorization decision to downstream WSGI components. Boolean value
# Defaults to 1
#
# [*signing_dir*]
# The cache directory for signing certificates.
# Defaults to $::swift::params::signing_dir
#
# [*cache*]
# The cache backend to use
# Optional. Defaults to 'swift.cache'
@ -75,6 +71,12 @@
# true/false
# Defaults to $::os_service_default.
#
# DEPRECATED PARAMETERS
#
# [*signing_dir*]
# The cache directory for signing certificates.
# Defaults to undef
#
# == Authors
#
# Dan Bode dan@puppetlabs.com
@ -85,7 +87,6 @@
#
class swift::proxy::authtoken(
$delay_auth_decision = 1,
$signing_dir = $::swift::params::signing_dir,
$cache = 'swift.cache',
$www_authenticate_uri = 'http://127.0.0.1:5000',
$auth_url = 'http://127.0.0.1:5000',
@ -99,6 +100,8 @@ class swift::proxy::authtoken(
$include_service_catalog = false,
$service_token_roles = $::os_service_default,
$service_token_roles_required = $::os_service_default,
# DEPRECATED PARAMETERS
$signing_dir = undef
) inherits swift::params {
include swift::deps
@ -111,22 +114,12 @@ Please set password parameter')
$password_real = $password
}
if ($::os_package_type != 'debian') {
file { $signing_dir:
ensure => directory,
mode => '0700',
owner => 'swift',
group => 'swift',
selinux_ignore_defaults => true,
require => Anchor['swift::config::begin'],
before => Anchor['swift::config::end'],
}
if $signing_dir != undef {
warning('The signing_dir parameter was deprecated and has no effect')
}
swift_proxy_config {
'filter:authtoken/log_name': value => 'swift';
'filter:authtoken/signing_dir': value => $signing_dir;
'filter:authtoken/paste.filter_factory': value => 'keystonemiddleware.auth_token:filter_factory';
'filter:authtoken/www_authenticate_uri': value => $www_authenticate_uri;
'filter:authtoken/auth_url': value => $auth_url;

5
releasenotes/notes/deprecate-keystone-pki-opts-c5e390dfbbf6f4d8.yaml Normal file
View File

@ -0,0 +1,5 @@
---
deprecations:
- |
The ``swift::proxy::authtoken::signing_dir`` parameter has been deprecated
and has no effect now.

31
spec/classes/swift_proxy_authtoken_spec.rb
View File

@ -2,24 +2,8 @@ require 'spec_helper'
describe 'swift::proxy::authtoken' do
shared_examples 'swift::proxy::authtoken' do
describe 'when using the default signing directory' do
let :file_defaults do
{
:mode => '0700',
:owner => 'swift',
:group => 'swift',
}
end
it {is_expected.to contain_file('/var/cache/swift').with(
{:ensure => 'directory',
:selinux_ignore_defaults => true}.merge(file_defaults)
)}
end
describe "when using default parameters" do
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value(platform_params[:default_signing_dir]) }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
@ -46,14 +30,12 @@ describe 'swift::proxy::authtoken' do
:region_name => 'region2',
:cache => 'foo',
:delay_auth_decision => '0',
:signing_dir => '/home/swift/keystone-signing',
:service_token_roles => ['service'],
:service_token_roles_required => true,
}
end
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/home/swift/keystone-signing') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
@ -110,19 +92,6 @@ describe 'swift::proxy::authtoken' do
facts.merge(OSDefaults.get_facts())
end
let(:platform_params) do
case facts[:osfamily]
when 'Debian'
if facts[:os_package_type] == 'debian'
{ :default_signing_dir => '/var/lib/swift' }
else
{ :default_signing_dir => '/var/cache/swift' }
end
when 'RedHat'
{ :default_signing_dir => '/var/cache/swift' }
end
end
it_configures 'swift::proxy::authtoken'
end
end