Merge "Deprecate the remaining option for Keystone PKI token"
This commit is contained in:
commit
d02e1351ce
|
@ -34,11 +34,6 @@ class swift::params {
|
|||
$account_auditor_service_name = 'swift-account-auditor'
|
||||
$account_reaper_service_name = 'swift-account-reaper'
|
||||
$account_replicator_service_name = 'swift-account-replicator'
|
||||
if ($::os_package_type == 'debian') {
|
||||
$signing_dir = '/var/lib/swift'
|
||||
}else{
|
||||
$signing_dir = '/var/cache/swift'
|
||||
}
|
||||
}
|
||||
'RedHat': {
|
||||
$package_name = 'openstack-swift'
|
||||
|
@ -64,7 +59,6 @@ class swift::params {
|
|||
$account_auditor_service_name = 'openstack-swift-account-auditor'
|
||||
$account_reaper_service_name = 'openstack-swift-account-reaper'
|
||||
$account_replicator_service_name = 'openstack-swift-account-replicator'
|
||||
$signing_dir = '/var/cache/swift'
|
||||
}
|
||||
default: {
|
||||
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \
|
||||
|
|
|
@ -9,10 +9,6 @@
|
|||
# delegate the authorization decision to downstream WSGI components. Boolean value
|
||||
# Defaults to 1
|
||||
#
|
||||
# [*signing_dir*]
|
||||
# The cache directory for signing certificates.
|
||||
# Defaults to $::swift::params::signing_dir
|
||||
#
|
||||
# [*cache*]
|
||||
# The cache backend to use
|
||||
# Optional. Defaults to 'swift.cache'
|
||||
|
@ -75,6 +71,12 @@
|
|||
# true/false
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*signing_dir*]
|
||||
# The cache directory for signing certificates.
|
||||
# Defaults to undef
|
||||
#
|
||||
# == Authors
|
||||
#
|
||||
# Dan Bode dan@puppetlabs.com
|
||||
|
@ -85,7 +87,6 @@
|
|||
#
|
||||
class swift::proxy::authtoken(
|
||||
$delay_auth_decision = 1,
|
||||
$signing_dir = $::swift::params::signing_dir,
|
||||
$cache = 'swift.cache',
|
||||
$www_authenticate_uri = 'http://127.0.0.1:5000',
|
||||
$auth_url = 'http://127.0.0.1:5000',
|
||||
|
@ -99,6 +100,8 @@ class swift::proxy::authtoken(
|
|||
$include_service_catalog = false,
|
||||
$service_token_roles = $::os_service_default,
|
||||
$service_token_roles_required = $::os_service_default,
|
||||
# DEPRECATED PARAMETERS
|
||||
$signing_dir = undef
|
||||
) inherits swift::params {
|
||||
|
||||
include swift::deps
|
||||
|
@ -111,22 +114,12 @@ Please set password parameter')
|
|||
$password_real = $password
|
||||
}
|
||||
|
||||
if ($::os_package_type != 'debian') {
|
||||
file { $signing_dir:
|
||||
ensure => directory,
|
||||
mode => '0700',
|
||||
owner => 'swift',
|
||||
group => 'swift',
|
||||
selinux_ignore_defaults => true,
|
||||
require => Anchor['swift::config::begin'],
|
||||
before => Anchor['swift::config::end'],
|
||||
if $signing_dir != undef {
|
||||
warning('The signing_dir parameter was deprecated and has no effect')
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
swift_proxy_config {
|
||||
'filter:authtoken/log_name': value => 'swift';
|
||||
'filter:authtoken/signing_dir': value => $signing_dir;
|
||||
'filter:authtoken/paste.filter_factory': value => 'keystonemiddleware.auth_token:filter_factory';
|
||||
'filter:authtoken/www_authenticate_uri': value => $www_authenticate_uri;
|
||||
'filter:authtoken/auth_url': value => $auth_url;
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
deprecations:
|
||||
- |
|
||||
The ``swift::proxy::authtoken::signing_dir`` parameter has been deprecated
|
||||
and has no effect now.
|
|
@ -2,24 +2,8 @@ require 'spec_helper'
|
|||
|
||||
describe 'swift::proxy::authtoken' do
|
||||
shared_examples 'swift::proxy::authtoken' do
|
||||
describe 'when using the default signing directory' do
|
||||
let :file_defaults do
|
||||
{
|
||||
:mode => '0700',
|
||||
:owner => 'swift',
|
||||
:group => 'swift',
|
||||
}
|
||||
end
|
||||
|
||||
it {is_expected.to contain_file('/var/cache/swift').with(
|
||||
{:ensure => 'directory',
|
||||
:selinux_ignore_defaults => true}.merge(file_defaults)
|
||||
)}
|
||||
end
|
||||
|
||||
describe "when using default parameters" do
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value(platform_params[:default_signing_dir]) }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
|
||||
|
@ -46,14 +30,12 @@ describe 'swift::proxy::authtoken' do
|
|||
:region_name => 'region2',
|
||||
:cache => 'foo',
|
||||
:delay_auth_decision => '0',
|
||||
:signing_dir => '/home/swift/keystone-signing',
|
||||
:service_token_roles => ['service'],
|
||||
:service_token_roles_required => true,
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/home/swift/keystone-signing') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
|
||||
|
@ -110,19 +92,6 @@ describe 'swift::proxy::authtoken' do
|
|||
facts.merge(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
let(:platform_params) do
|
||||
case facts[:osfamily]
|
||||
when 'Debian'
|
||||
if facts[:os_package_type] == 'debian'
|
||||
{ :default_signing_dir => '/var/lib/swift' }
|
||||
else
|
||||
{ :default_signing_dir => '/var/cache/swift' }
|
||||
end
|
||||
when 'RedHat'
|
||||
{ :default_signing_dir => '/var/cache/swift' }
|
||||
end
|
||||
end
|
||||
|
||||
it_configures 'swift::proxy::authtoken'
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue