Merge "Deprecate the remaining option for Keystone PKI token"
This commit is contained in:
commit
d02e1351ce
|
@ -34,11 +34,6 @@ class swift::params {
|
||||||
$account_auditor_service_name = 'swift-account-auditor'
|
$account_auditor_service_name = 'swift-account-auditor'
|
||||||
$account_reaper_service_name = 'swift-account-reaper'
|
$account_reaper_service_name = 'swift-account-reaper'
|
||||||
$account_replicator_service_name = 'swift-account-replicator'
|
$account_replicator_service_name = 'swift-account-replicator'
|
||||||
if ($::os_package_type == 'debian') {
|
|
||||||
$signing_dir = '/var/lib/swift'
|
|
||||||
}else{
|
|
||||||
$signing_dir = '/var/cache/swift'
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
'RedHat': {
|
'RedHat': {
|
||||||
$package_name = 'openstack-swift'
|
$package_name = 'openstack-swift'
|
||||||
|
@ -64,7 +59,6 @@ class swift::params {
|
||||||
$account_auditor_service_name = 'openstack-swift-account-auditor'
|
$account_auditor_service_name = 'openstack-swift-account-auditor'
|
||||||
$account_reaper_service_name = 'openstack-swift-account-reaper'
|
$account_reaper_service_name = 'openstack-swift-account-reaper'
|
||||||
$account_replicator_service_name = 'openstack-swift-account-replicator'
|
$account_replicator_service_name = 'openstack-swift-account-replicator'
|
||||||
$signing_dir = '/var/cache/swift'
|
|
||||||
}
|
}
|
||||||
default: {
|
default: {
|
||||||
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \
|
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \
|
||||||
|
|
|
@ -9,10 +9,6 @@
|
||||||
# delegate the authorization decision to downstream WSGI components. Boolean value
|
# delegate the authorization decision to downstream WSGI components. Boolean value
|
||||||
# Defaults to 1
|
# Defaults to 1
|
||||||
#
|
#
|
||||||
# [*signing_dir*]
|
|
||||||
# The cache directory for signing certificates.
|
|
||||||
# Defaults to $::swift::params::signing_dir
|
|
||||||
#
|
|
||||||
# [*cache*]
|
# [*cache*]
|
||||||
# The cache backend to use
|
# The cache backend to use
|
||||||
# Optional. Defaults to 'swift.cache'
|
# Optional. Defaults to 'swift.cache'
|
||||||
|
@ -75,6 +71,12 @@
|
||||||
# true/false
|
# true/false
|
||||||
# Defaults to $::os_service_default.
|
# Defaults to $::os_service_default.
|
||||||
#
|
#
|
||||||
|
# DEPRECATED PARAMETERS
|
||||||
|
#
|
||||||
|
# [*signing_dir*]
|
||||||
|
# The cache directory for signing certificates.
|
||||||
|
# Defaults to undef
|
||||||
|
#
|
||||||
# == Authors
|
# == Authors
|
||||||
#
|
#
|
||||||
# Dan Bode dan@puppetlabs.com
|
# Dan Bode dan@puppetlabs.com
|
||||||
|
@ -85,7 +87,6 @@
|
||||||
#
|
#
|
||||||
class swift::proxy::authtoken(
|
class swift::proxy::authtoken(
|
||||||
$delay_auth_decision = 1,
|
$delay_auth_decision = 1,
|
||||||
$signing_dir = $::swift::params::signing_dir,
|
|
||||||
$cache = 'swift.cache',
|
$cache = 'swift.cache',
|
||||||
$www_authenticate_uri = 'http://127.0.0.1:5000',
|
$www_authenticate_uri = 'http://127.0.0.1:5000',
|
||||||
$auth_url = 'http://127.0.0.1:5000',
|
$auth_url = 'http://127.0.0.1:5000',
|
||||||
|
@ -99,6 +100,8 @@ class swift::proxy::authtoken(
|
||||||
$include_service_catalog = false,
|
$include_service_catalog = false,
|
||||||
$service_token_roles = $::os_service_default,
|
$service_token_roles = $::os_service_default,
|
||||||
$service_token_roles_required = $::os_service_default,
|
$service_token_roles_required = $::os_service_default,
|
||||||
|
# DEPRECATED PARAMETERS
|
||||||
|
$signing_dir = undef
|
||||||
) inherits swift::params {
|
) inherits swift::params {
|
||||||
|
|
||||||
include swift::deps
|
include swift::deps
|
||||||
|
@ -111,22 +114,12 @@ Please set password parameter')
|
||||||
$password_real = $password
|
$password_real = $password
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($::os_package_type != 'debian') {
|
if $signing_dir != undef {
|
||||||
file { $signing_dir:
|
warning('The signing_dir parameter was deprecated and has no effect')
|
||||||
ensure => directory,
|
|
||||||
mode => '0700',
|
|
||||||
owner => 'swift',
|
|
||||||
group => 'swift',
|
|
||||||
selinux_ignore_defaults => true,
|
|
||||||
require => Anchor['swift::config::begin'],
|
|
||||||
before => Anchor['swift::config::end'],
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
swift_proxy_config {
|
swift_proxy_config {
|
||||||
'filter:authtoken/log_name': value => 'swift';
|
'filter:authtoken/log_name': value => 'swift';
|
||||||
'filter:authtoken/signing_dir': value => $signing_dir;
|
|
||||||
'filter:authtoken/paste.filter_factory': value => 'keystonemiddleware.auth_token:filter_factory';
|
'filter:authtoken/paste.filter_factory': value => 'keystonemiddleware.auth_token:filter_factory';
|
||||||
'filter:authtoken/www_authenticate_uri': value => $www_authenticate_uri;
|
'filter:authtoken/www_authenticate_uri': value => $www_authenticate_uri;
|
||||||
'filter:authtoken/auth_url': value => $auth_url;
|
'filter:authtoken/auth_url': value => $auth_url;
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
The ``swift::proxy::authtoken::signing_dir`` parameter has been deprecated
|
||||||
|
and has no effect now.
|
|
@ -2,24 +2,8 @@ require 'spec_helper'
|
||||||
|
|
||||||
describe 'swift::proxy::authtoken' do
|
describe 'swift::proxy::authtoken' do
|
||||||
shared_examples 'swift::proxy::authtoken' do
|
shared_examples 'swift::proxy::authtoken' do
|
||||||
describe 'when using the default signing directory' do
|
|
||||||
let :file_defaults do
|
|
||||||
{
|
|
||||||
:mode => '0700',
|
|
||||||
:owner => 'swift',
|
|
||||||
:group => 'swift',
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
it {is_expected.to contain_file('/var/cache/swift').with(
|
|
||||||
{:ensure => 'directory',
|
|
||||||
:selinux_ignore_defaults => true}.merge(file_defaults)
|
|
||||||
)}
|
|
||||||
end
|
|
||||||
|
|
||||||
describe "when using default parameters" do
|
describe "when using default parameters" do
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value(platform_params[:default_signing_dir]) }
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
|
||||||
|
@ -46,14 +30,12 @@ describe 'swift::proxy::authtoken' do
|
||||||
:region_name => 'region2',
|
:region_name => 'region2',
|
||||||
:cache => 'foo',
|
:cache => 'foo',
|
||||||
:delay_auth_decision => '0',
|
:delay_auth_decision => '0',
|
||||||
:signing_dir => '/home/swift/keystone-signing',
|
|
||||||
:service_token_roles => ['service'],
|
:service_token_roles => ['service'],
|
||||||
:service_token_roles_required => true,
|
:service_token_roles_required => true,
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/home/swift/keystone-signing') }
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
|
||||||
|
@ -110,19 +92,6 @@ describe 'swift::proxy::authtoken' do
|
||||||
facts.merge(OSDefaults.get_facts())
|
facts.merge(OSDefaults.get_facts())
|
||||||
end
|
end
|
||||||
|
|
||||||
let(:platform_params) do
|
|
||||||
case facts[:osfamily]
|
|
||||||
when 'Debian'
|
|
||||||
if facts[:os_package_type] == 'debian'
|
|
||||||
{ :default_signing_dir => '/var/lib/swift' }
|
|
||||||
else
|
|
||||||
{ :default_signing_dir => '/var/cache/swift' }
|
|
||||||
end
|
|
||||||
when 'RedHat'
|
|
||||||
{ :default_signing_dir => '/var/cache/swift' }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
it_configures 'swift::proxy::authtoken'
|
it_configures 'swift::proxy::authtoken'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue