09a78bfd9d
auth_admin_prefix allows the prepend of a prefix to the URL used for admin tasks. See: https://review.openstack.org/#/c/7156/ for implementation in Keystone. auth_uri allows to specify the public authentication url (Keystone's public endpoint) if it can't be guessed from $auth_host + $auth_protocol Implements blueprint serve-keystone-from-wsgi Change-Id: Ic66727f78406d70b5ab5bc07fcc074477df2303c
129 lines
3.5 KiB
Ruby
129 lines
3.5 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe 'swift::proxy::authtoken' do
|
|
|
|
let :facts do
|
|
{
|
|
:concat_basedir => '/var/lib/puppet/concat',
|
|
}
|
|
end
|
|
|
|
let :pre_condition do
|
|
'
|
|
include concat::setup
|
|
concat { "/etc/swift/proxy-server.conf": }
|
|
'
|
|
end
|
|
|
|
let :fragment_file do
|
|
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/22_swift_authtoken"
|
|
end
|
|
|
|
describe "when using default parameters" do
|
|
it 'should build the fragment with correct parameters' do
|
|
verify_contents(subject, fragment_file,
|
|
[
|
|
'[filter:authtoken]',
|
|
'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory',
|
|
'signing_dir = /etc/swift',
|
|
'auth_host = 127.0.0.1',
|
|
'auth_port = 35357',
|
|
'auth_protocol = http',
|
|
'auth_uri = http://127.0.0.1:5000',
|
|
'admin_tenant_name = services',
|
|
'admin_user = swift',
|
|
'admin_password = password',
|
|
'delay_auth_decision = 1',
|
|
]
|
|
)
|
|
end
|
|
end
|
|
|
|
describe "when overriding admin_token" do
|
|
let :params do
|
|
{
|
|
:admin_token => 'ADMINTOKEN'
|
|
}
|
|
end
|
|
|
|
it 'should build the fragment with correct parameters' do
|
|
verify_contents(subject, fragment_file,
|
|
[
|
|
'[filter:authtoken]',
|
|
'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory',
|
|
'signing_dir = /etc/swift',
|
|
'auth_host = 127.0.0.1',
|
|
'auth_port = 35357',
|
|
'auth_protocol = http',
|
|
'auth_uri = http://127.0.0.1:5000',
|
|
'admin_token = ADMINTOKEN',
|
|
'delay_auth_decision = 1',
|
|
]
|
|
)
|
|
end
|
|
end
|
|
|
|
describe "when overriding parameters" do
|
|
let :params do
|
|
{
|
|
:auth_host => 'some.host',
|
|
:auth_port => '443',
|
|
:auth_protocol => 'https',
|
|
:auth_admin_prefix => '/keystone/admin',
|
|
:admin_tenant_name => 'admin',
|
|
:admin_user => 'swiftuser',
|
|
:admin_password => 'swiftpassword',
|
|
:delay_auth_decision => '0'
|
|
}
|
|
end
|
|
|
|
it 'should build the fragment with correct parameters' do
|
|
verify_contents(subject, fragment_file,
|
|
[
|
|
'[filter:authtoken]',
|
|
'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory',
|
|
'signing_dir = /etc/swift',
|
|
'auth_host = some.host',
|
|
'auth_port = 443',
|
|
'auth_protocol = https',
|
|
'auth_admin_prefix = /keystone/admin',
|
|
'auth_uri = https://some.host:5000',
|
|
'admin_tenant_name = admin',
|
|
'admin_user = swiftuser',
|
|
'admin_password = swiftpassword',
|
|
'delay_auth_decision = 0',
|
|
]
|
|
)
|
|
end
|
|
end
|
|
|
|
describe 'when overriding auth_uri' do
|
|
let :params do
|
|
{ :auth_uri => 'http://public.host/keystone/main' }
|
|
end
|
|
|
|
it { should contain_file(fragment_file).with_content(/auth_uri = http:\/\/public.host\/keystone\/main/)}
|
|
end
|
|
|
|
[
|
|
'keystone',
|
|
'keystone/',
|
|
'/keystone/',
|
|
'/keystone/admin/',
|
|
'keystone/admin/',
|
|
'keystone/admin'
|
|
].each do |auth_admin_prefix|
|
|
describe "when overriding auth_admin_prefix with incorrect value #{auth_admin_prefix}" do
|
|
let :params do
|
|
{ :auth_admin_prefix => auth_admin_prefix }
|
|
end
|
|
|
|
it { expect { should contain_file(fragment_file).with_content(/auth_admin_prefix = #{auth_admin_prefix}/) }.to \
|
|
raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
|
|
end
|
|
end
|
|
|
|
|
|
|
|
end
|