Merge "Create swift operator keystone roles" into stable/havana

Author: Jenkins

manifests/keystone/auth.pp

@@ -1,3 +1,22 @@
+# == Class: swift::keystone::auth
+#
+# This class creates keystone users, services, endpoints, and roles
+# for swift services.
+#
+# The user is given the admin role in the services tenant.
+#
+# === Parameters
+# [*auth_user*]
+#  String. The name of the user.
+#  Optional. Defaults to 'swift'.
+#
+# [*password*]
+#  String. The user's password.
+#  Optional. Defaults to 'swift_password'.
+#
+# [*operator_roles*]
+#  Array of strings. List of roles Swift considers as admin.
+#
 class swift::keystone::auth(
   $auth_name         = 'swift',
   $password          = 'swift_password',
@@ -6,6 +25,7 @@
   $tenant            = 'services',
   $email             = 'swift@localhost',
   $region            = 'RegionOne',
+  $operator_roles    = ['admin', 'SwiftOperator'],
   $public_protocol   = 'http',
   $public_address    = undef,
   $public_port       = undef,
@@ -73,5 +93,9 @@
     admin_url    => "http://${real_admin_address}:${port}",
     internal_url => "http://${real_internal_address}:${port}",
   }
+  if $operator_roles {
+    #Roles like "admin" may be defined elsewhere, so use ensure_resource
+    ensure_resource('keystone_role', $operator_roles, { 'ensure' => 'present' })
+  }
 
 }

manifests/proxy/keystone.pp

@@ -4,8 +4,10 @@
 # == Parameters
 #  [operator_roles] a list of keystone roles a user must have to gain
 #    access to Swift.
-#    Optional. Dfeaults to ['admin', 'SwiftOperator']
+#    Optional. Defaults to ['admin', 'SwiftOperator']
 #    Must be an array of strings
+#    Swift operator roles must be defined in swift::keystone::auth because
+#    keystone API access is usually not available on Swift proxy nodes.
 #  [is_admin] Set to true to allow users to set ACLs on their account.
 #    Optional. Defaults to true.
 #

spec/classes/swift_keystone_auth_spec.rb

@@ -40,6 +40,10 @@
       :admin_url    => 'http://127.0.0.1:8080',
       :internal_url => 'http://127.0.0.1:8080'
     ) }
+
+    ['admin', 'SwiftOperator'].each do |role_name|
+      it { should contain_keystone_role(role_name).with_ensure('present') }
+    end
   end
 
   describe 'when overriding public_port, public address, admin_address and internal_address' do
@@ -133,4 +137,17 @@
 
   end
 
+  describe 'when overriding operator_roles' do
+
+    let :params do
+      {
+        :operator_roles => 'foo',
+      }
+    end
+
+    it { should contain_keystone_role('foo').with(
+      :ensure       => 'present'
+    ) }
+
+  end
 end