openstack/puppet-swift
Code Issues Proposed changes
Files
da01dd7bd0cf15863c39ea5e7e108efea60c27d0
puppet-swift/manifests/proxy/tempauth.pp
Christian Schwede da01dd7bd0 Fix middleware order of proxy pipeline and add missing modules 
This patch fixes the order of the middlewares defined in the Swift proxy
server pipeline.

Sources for the order:
https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample#L91-L99
http://docs.openstack.org/developer/swift/middleware.html#
https://github.com/openstack/swift3/blob/master/etc/proxy-server.conf-sample#L9
https://github.com/openstack/ceilometermiddleware/blob/master/ceilometermiddleware/swift.py#L21-L22

These are all values in order:

 10 catch_errors
 20 gatekeeper
 30 healthcheck
 40 (reserved for proxy_logging, see below)
 50 cache
 60 container_sync
 70 swift3
 80 s3token
 90 ratelimit
100 crossdomain
110 bulk
120 tempurl
130 formpost
140 copy
150 tempauth
160 swauth
170 authtoken
180 keystone
190 staticweb
200 copy
210 account_quotas
220 container_quotas
230 slo
240 dlo
250 versioned_writes
260 ceilometer
270 proxy-logging
280 proxy-server

The copy and versioned_writes middlewares have been added too.

The proxy_logging should be added a second time at position 40, but the
actual value is 270 to have the final proxy-logging just before the
proxy-server.

Also renamed the suffix 'swauth' in the 'tempauth' manifest to be
'tempauth'; 'swauth' is used in a different manifest.

Closes-Bug: 1618514
Change-Id: I99433720e32dc3557b809c8d42ce3d5981c199c3
2016-09-01 14:51:28 +02:00

115 lines
2.8 KiB
Puppet
Raw Blame History

# == class: swift::proxy::tempauth
# This class manages tempauth middleware
#
# [*reseller_prefix*]
# The naming scope for the auth service. Swift storage accounts and
# auth tokens will begin with this prefix.
# Optional. Defaults to 'undef'
# Example: 'AUTH'.
#
# [*auth_prefix*]
# The HTTP request path prefix for the auth service. Swift itself
# reserves anything beginning with the letter v.
# Optional. Defaults to 'undef'
# Example: '/auth/'
#
# [*token_life*]
# The number of seconds a token is valid.
# Optional. Integer value. Defaults to 'undef'.
# Example: 81600
#
# [*allow_overrides*]
# Allows middleware higher in the WSGI pipeline to override auth
# processing
# Optional. Boolean. Defaults to 'undef'
# Example: true
#
# [*storage_url_scheme*]
# Scheme to return with storage urls: http, https, or default
# Optional. Possible values: http, https or default. Defaults to 'undef'
#
# [*account_user_list*]
# List all the accounts/users you want in an array of hash format.
# 'user' and 'account' should not include '_' (TODO).
# Defaults to:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# }
# ]
#
# Example of two account/user:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# },
# {
# 'user' => 'foo',
# 'account' => 'bar',
# 'key' => 'pass',
# 'groups' => [],
# },
# ]
#
# it will gerenate these lines
# user_admin_admin = admin .admin .reseller_admin
# user_bar_foo = pass
#
# == Authors
#
# Guilherme Maluf Balzana <guimalufb@gmail.com>
#
class swift::proxy::tempauth (
$account_user_list = [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
],
$reseller_prefix = undef,
$auth_prefix = undef,
$token_life = undef,
$allow_overrides = undef,
$storage_url_scheme = undef,
) {
include ::swift::deps
validate_array($account_user_list)
if ($reseller_prefix) {
validate_string($reseller_prefix)
}
if ($token_life) {
validate_integer($token_life)
}
if ($auth_prefix) {
validate_re($auth_prefix,'\/(.*)+\/')
}
if ($allow_overrides) {
validate_bool($allow_overrides)
}
if ($storage_url_scheme) {
validate_re($storage_url_scheme, ['http','https','default'])
}
concat::fragment { 'swift-proxy-tempauth':
target => '/etc/swift/proxy-server.conf',
content => template('swift/proxy/tempauth.conf.erb'),
order => '150',
}
}
View Git Blame Copy Permalink