Reimplement keystone pipeline

This commit removes the keystone::client::authtoken class from the swift::proxy::keystone class. This has been done to map the classes more cleanly to the pipeline specication.
2012-06-04 11:59:24 -07:00 · 2012-06-04 11:59:24 -07:00 · d831ec1c45
commit d831ec1c45
parent 18365a7c43
2 changed files with 77 additions and 19 deletions
--- a/manifests/proxy/authtoken.pp
+++ b/manifests/proxy/authtoken.pp
@ -0,0 +1,56 @@
+#
+# This class can be used to manage keystone's authtoken middleware
+# for swift proxy
+#
+# == Parameters
+#  [admin_token] Keystone admin token that can serve as a shared secret
+#    for authenticating. If this is choosen if is used instead of a user,tenant,password.
+#    Optional. Defaults to false.
+#  [admin_user] User used to authenticate service.
+#    Optional. Defaults to admin
+#  [admin_tenant_name] Tenant used to authenticate service.
+#    Optional. Defaults to openstack.
+#  [admin_password] Password used with user to authenticate service.
+#    Optional. Defaults to ChangeMe.
+#  [delay_decision] Set to 1 to support token-less access (anonymous access,
+#    tempurl, …)
+#    Optional, Defaults to 0
+#  [auth_host] Host providing the keystone service API endpoint. Optional.
+#    Defaults to 127.0.0.1
+#  [auth_port] Port where keystone service is listening. Optional.
+#    Defaults to 3557.
+#  [auth_protocol] Protocol to use to communicate with keystone. Optional.
+#    Defaults to https.
+#
+# == Authors
+#
+#   Dan Bode dan@puppetlabs.com
+#
+# == Copyright
+#
+# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
+#
+
+class swift::proxy::authtoken(
+  $admin_token         = undef,
+  $admin_user          = undef,
+  $admin_tenant_name   = undef,
+  $admin_password      = undef,
+  $delay_auth_decision = undef,
+  $auth_host           = undef,
+  $auth_port           = undef,
+  $auth_protocol       = undef,
+) {
+
+  keystone::client::authtoken { '/etc/swift/proxy-server.conf':
+    admin_token         => $admin_token,
+    admin_user          => $admin_user,
+    admin_tenant_name   => $admin_tenant_name,
+    admin_password      => $admin_password,
+    delay_auth_decision => $delay_auth_decision,
+    auth_host           => $auth_host,
+    auth_port           => $auth_port,
+    auth_protocol       => $auth_protocol
+  }
+
+}
--- a/manifests/proxy/keystone.pp
+++ b/manifests/proxy/keystone.pp
@ -1,32 +1,34 @@
+#
+# This class can be sed to manage keystone middleware for swift proxy
+#
+# == Parameters
+#  [operator_roles] a list of keystone roles a user must have to gain
+#    access to Swift.
+#    Optional. Dfeaults to ['admin', 'SwiftOperator']
+#    Must be an array of strings
+#  [is_admin] Set to true to allow users to set ACLs on their account.
+#    Optional. Defaults to true.
+#  [cache] the cache backend to use
+#    Optional. Defaults to 'swift.cache'
+#
+# == Authors
+#
+#  Dan Bode dan@puppetlabs.com
+#  François Charlier fcharlier@ploup.net
+#
+
 class swift::proxy::keystone(
-  $admin_token         = undef,
-  $admin_user          = undef,
-  $admin_tenant_name   = undef,
-  $admin_password      = undef,
-  $delay_auth_decision = undef,
-  $auth_host           = undef,
-  $auth_port           = undef,
-  $auth_protocol       = undef,
  $operator_roles      = ['admin', 'SwiftOperator'],
  $is_admin            = true,
  $cache               = 'swift.cache'
 ) {

+  require 'keystone::python'
+
  concat::fragment { 'swift_keystone':
    target  => '/etc/swift/proxy-server.conf',
    content => template('swift/proxy/keystone.conf.erb'),
    order   => '79',
  }

-  keystone::client::authtoken { '/etc/swift/proxy-server.conf':
-    admin_token         => $admin_token,
-    admin_user          => $admin_user,
-    admin_tenant_name   => $admin_tenant_name,
-    admin_password      => $admin_password,
-    delay_auth_decision => $delay_auth_decision,
-    auth_host           => $auth_host,
-    auth_port           => $auth_port,
-    auth_protocol       => $auth_protocol
-  }
-
 }