Drop default password
The default password was deprecated some time ago[1].
[1] 2df992faf3
Change-Id: I517fc45081015156e71cd0c77fd2992876e1a22e
This commit is contained in:
parent
4d8816e804
commit
e46f3b4af3
@ -2,6 +2,9 @@
|
|||||||
#
|
#
|
||||||
# == Parameters
|
# == Parameters
|
||||||
#
|
#
|
||||||
|
# [*password*]
|
||||||
|
# (Required) String. The password to go with the Keystone username.
|
||||||
|
#
|
||||||
# [*api_class*]
|
# [*api_class*]
|
||||||
# (Required) String. The api_class tells Castellan which key manager to
|
# (Required) String. The api_class tells Castellan which key manager to
|
||||||
# use to access the external key management system. The default value that
|
# use to access the external key management system. The default value that
|
||||||
@ -19,9 +22,6 @@
|
|||||||
# from the KMS. The username shall be set to match an existing user.
|
# from the KMS. The username shall be set to match an existing user.
|
||||||
# Defaults to swift.
|
# Defaults to swift.
|
||||||
#
|
#
|
||||||
# [*password*]
|
|
||||||
# (Required) String. The password to go with the Keystone username.
|
|
||||||
#
|
|
||||||
# [*project_name*]
|
# [*project_name*]
|
||||||
# (Optional) String. The Keystone project name. For security reasons,
|
# (Optional) String. The Keystone project name. For security reasons,
|
||||||
# it is recommended to set the project_name to a project separate from the
|
# it is recommended to set the project_name to a project separate from the
|
||||||
@ -69,10 +69,10 @@
|
|||||||
# Thiago da Silva thiago@redhat.com
|
# Thiago da Silva thiago@redhat.com
|
||||||
#
|
#
|
||||||
class swift::keymaster(
|
class swift::keymaster(
|
||||||
|
String[1] $password,
|
||||||
$api_class = 'barbican',
|
$api_class = 'barbican',
|
||||||
$key_id = undef,
|
$key_id = undef,
|
||||||
$username = 'swift',
|
$username = 'swift',
|
||||||
$password = undef,
|
|
||||||
$project_name = 'services',
|
$project_name = 'services',
|
||||||
$project_id = undef,
|
$project_id = undef,
|
||||||
$auth_endpoint = undef,
|
$auth_endpoint = undef,
|
||||||
@ -85,10 +85,6 @@ class swift::keymaster(
|
|||||||
|
|
||||||
include swift::deps
|
include swift::deps
|
||||||
|
|
||||||
if $password == undef {
|
|
||||||
warning('password parameter is missing')
|
|
||||||
}
|
|
||||||
|
|
||||||
swift_keymaster_config {
|
swift_keymaster_config {
|
||||||
'kms_keymaster/api_class': value => $api_class;
|
'kms_keymaster/api_class': value => $api_class;
|
||||||
'kms_keymaster/key_id': value => $key_id;
|
'kms_keymaster/key_id': value => $key_id;
|
||||||
|
@ -7,14 +7,14 @@
|
|||||||
#
|
#
|
||||||
# === Parameters:
|
# === Parameters:
|
||||||
#
|
#
|
||||||
|
# [*password*]
|
||||||
|
# String. The user's password.
|
||||||
|
# Required.
|
||||||
|
#
|
||||||
# [*auth_name*]
|
# [*auth_name*]
|
||||||
# String. The name of the user.
|
# String. The name of the user.
|
||||||
# Optional. Defaults to 'swift'.
|
# Optional. Defaults to 'swift'.
|
||||||
#
|
#
|
||||||
# [*password*]
|
|
||||||
# String. The user's password.
|
|
||||||
# Optional. Defaults to 'swift_password'.
|
|
||||||
#
|
|
||||||
# [*tenant*]
|
# [*tenant*]
|
||||||
# (Optional) The tenant to use for the swift service user
|
# (Optional) The tenant to use for the swift service user
|
||||||
# Defaults to 'services'
|
# Defaults to 'services'
|
||||||
@ -108,8 +108,8 @@
|
|||||||
# This url should *not* contain any trailing '/'.
|
# This url should *not* contain any trailing '/'.
|
||||||
#
|
#
|
||||||
class swift::keystone::auth(
|
class swift::keystone::auth(
|
||||||
|
String[1] $password,
|
||||||
$auth_name = 'swift',
|
$auth_name = 'swift',
|
||||||
$password = undef,
|
|
||||||
$tenant = 'services',
|
$tenant = 'services',
|
||||||
$roles = ['admin'],
|
$roles = ['admin'],
|
||||||
$system_scope = 'all',
|
$system_scope = 'all',
|
||||||
@ -137,14 +137,6 @@ class swift::keystone::auth(
|
|||||||
|
|
||||||
include swift::deps
|
include swift::deps
|
||||||
|
|
||||||
if $password == undef {
|
|
||||||
warning('Usage of the default password is deprecated and will be removed in a future release. \
|
|
||||||
Please set password parameter')
|
|
||||||
$password_real = 'swift_password'
|
|
||||||
} else {
|
|
||||||
$password_real = $password
|
|
||||||
}
|
|
||||||
|
|
||||||
if $service_name == $service_name_s3 {
|
if $service_name == $service_name_s3 {
|
||||||
fail('swift::keystone::auth parameters service_name and service_name_s3 must be different.')
|
fail('swift::keystone::auth parameters service_name and service_name_s3 must be different.')
|
||||||
}
|
}
|
||||||
@ -165,7 +157,7 @@ Please set password parameter')
|
|||||||
service_description => $service_description,
|
service_description => $service_description,
|
||||||
region => $region,
|
region => $region,
|
||||||
auth_name => $auth_name,
|
auth_name => $auth_name,
|
||||||
password => $password_real,
|
password => $password,
|
||||||
email => $email,
|
email => $email,
|
||||||
tenant => $tenant,
|
tenant => $tenant,
|
||||||
roles => $roles,
|
roles => $roles,
|
||||||
|
@ -4,6 +4,9 @@
|
|||||||
#
|
#
|
||||||
# == Parameters
|
# == Parameters
|
||||||
#
|
#
|
||||||
|
# [*password*]
|
||||||
|
# (Required) The password for the user
|
||||||
|
#
|
||||||
# [*delay_auth_decision*]
|
# [*delay_auth_decision*]
|
||||||
# (Optional) Do not handle authorization requests within the middleware, but
|
# (Optional) Do not handle authorization requests within the middleware, but
|
||||||
# delegate the authorization decision to downstream WSGI components. Boolean value
|
# delegate the authorization decision to downstream WSGI components. Boolean value
|
||||||
@ -33,10 +36,6 @@
|
|||||||
# (Optional) id of domain for $username
|
# (Optional) id of domain for $username
|
||||||
# Defaults to 'default'
|
# Defaults to 'default'
|
||||||
#
|
#
|
||||||
# [*password*]
|
|
||||||
# (Optional) The password for the user
|
|
||||||
# Defaults to 'password'
|
|
||||||
#
|
|
||||||
# [*project_name*]
|
# [*project_name*]
|
||||||
# (Optional) Service project name
|
# (Optional) Service project name
|
||||||
# Defaults to 'services'
|
# Defaults to 'services'
|
||||||
@ -94,6 +93,7 @@
|
|||||||
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
|
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
|
||||||
#
|
#
|
||||||
class swift::proxy::authtoken(
|
class swift::proxy::authtoken(
|
||||||
|
String[1] $password,
|
||||||
$delay_auth_decision = 1,
|
$delay_auth_decision = 1,
|
||||||
$cache = 'swift.cache',
|
$cache = 'swift.cache',
|
||||||
$www_authenticate_uri = 'http://127.0.0.1:5000',
|
$www_authenticate_uri = 'http://127.0.0.1:5000',
|
||||||
@ -101,7 +101,6 @@ class swift::proxy::authtoken(
|
|||||||
$auth_type = 'password',
|
$auth_type = 'password',
|
||||||
$username = 'swift',
|
$username = 'swift',
|
||||||
$user_domain_id = 'default',
|
$user_domain_id = 'default',
|
||||||
$password = undef,
|
|
||||||
$project_name = 'services',
|
$project_name = 'services',
|
||||||
$project_domain_id = 'default',
|
$project_domain_id = 'default',
|
||||||
$system_scope = $facts['os_service_default'],
|
$system_scope = $facts['os_service_default'],
|
||||||
@ -115,14 +114,6 @@ class swift::proxy::authtoken(
|
|||||||
|
|
||||||
include swift::deps
|
include swift::deps
|
||||||
|
|
||||||
if $password == undef {
|
|
||||||
warning('Usage of the default password is deprecated and will be removed in a future release. \
|
|
||||||
Please set password parameter')
|
|
||||||
$password_real = 'password'
|
|
||||||
} else {
|
|
||||||
$password_real = $password
|
|
||||||
}
|
|
||||||
|
|
||||||
if is_service_default($system_scope) {
|
if is_service_default($system_scope) {
|
||||||
$project_name_real = $project_name
|
$project_name_real = $project_name
|
||||||
$project_domain_id_real = $project_domain_id
|
$project_domain_id_real = $project_domain_id
|
||||||
@ -139,7 +130,7 @@ Please set password parameter')
|
|||||||
'filter:authtoken/auth_type': value => $auth_type;
|
'filter:authtoken/auth_type': value => $auth_type;
|
||||||
'filter:authtoken/username': value => $username;
|
'filter:authtoken/username': value => $username;
|
||||||
'filter:authtoken/user_domain_id': value => $user_domain_id;
|
'filter:authtoken/user_domain_id': value => $user_domain_id;
|
||||||
'filter:authtoken/password': value => $password_real, secret => true;
|
'filter:authtoken/password': value => $password, secret => true;
|
||||||
'filter:authtoken/project_name': value => $project_name_real;
|
'filter:authtoken/project_name': value => $project_name_real;
|
||||||
'filter:authtoken/project_domain_id': value => $project_domain_id_real;
|
'filter:authtoken/project_domain_id': value => $project_domain_id_real;
|
||||||
'filter:authtoken/system_scope': value => $system_scope;
|
'filter:authtoken/system_scope': value => $system_scope;
|
||||||
|
@ -7,6 +7,9 @@
|
|||||||
#
|
#
|
||||||
# == Parameters
|
# == Parameters
|
||||||
#
|
#
|
||||||
|
# [*password*]
|
||||||
|
# (Required) The password for the user
|
||||||
|
#
|
||||||
# [*default_transport_url*]
|
# [*default_transport_url*]
|
||||||
# (optional) A URL representing the messaging driver to use and its full
|
# (optional) A URL representing the messaging driver to use and its full
|
||||||
# configuration. Transport URLs take the form:
|
# configuration. Transport URLs take the form:
|
||||||
@ -65,10 +68,6 @@
|
|||||||
# (Optional) name of domain for $username
|
# (Optional) name of domain for $username
|
||||||
# Defaults to 'default'
|
# Defaults to 'default'
|
||||||
#
|
#
|
||||||
# [*password*]
|
|
||||||
# (Optional) The password for the user
|
|
||||||
# Defaults to 'password'
|
|
||||||
#
|
|
||||||
# [*region_name*]
|
# [*region_name*]
|
||||||
# (Optional) The region in which the identity server can be found.
|
# (Optional) The region in which the identity server can be found.
|
||||||
# Defaults to $facts['os_service_default'].
|
# Defaults to $facts['os_service_default'].
|
||||||
@ -162,6 +161,7 @@
|
|||||||
# Copyright 2013 eNovance licensing@enovance.com
|
# Copyright 2013 eNovance licensing@enovance.com
|
||||||
#
|
#
|
||||||
class swift::proxy::ceilometer(
|
class swift::proxy::ceilometer(
|
||||||
|
String[1] $password,
|
||||||
$default_transport_url = undef,
|
$default_transport_url = undef,
|
||||||
$driver = $facts['os_service_default'],
|
$driver = $facts['os_service_default'],
|
||||||
$topic = undef,
|
$topic = undef,
|
||||||
@ -176,7 +176,6 @@ class swift::proxy::ceilometer(
|
|||||||
$system_scope = $facts['os_service_default'],
|
$system_scope = $facts['os_service_default'],
|
||||||
$username = 'swift',
|
$username = 'swift',
|
||||||
$user_domain_name = 'Default',
|
$user_domain_name = 'Default',
|
||||||
$password = undef,
|
|
||||||
$region_name = $facts['os_service_default'],
|
$region_name = $facts['os_service_default'],
|
||||||
$notification_ssl_ca_file = $facts['os_service_default'],
|
$notification_ssl_ca_file = $facts['os_service_default'],
|
||||||
$notification_ssl_cert_file = $facts['os_service_default'],
|
$notification_ssl_cert_file = $facts['os_service_default'],
|
||||||
@ -199,14 +198,6 @@ class swift::proxy::ceilometer(
|
|||||||
|
|
||||||
Package['python-ceilometermiddleware'] ~> Service<| title == 'swift-proxy-server' |>
|
Package['python-ceilometermiddleware'] ~> Service<| title == 'swift-proxy-server' |>
|
||||||
|
|
||||||
if $password == undef {
|
|
||||||
warning('Usage of the default password is deprecated and will be removed in a future release. \
|
|
||||||
Please set password parameter')
|
|
||||||
$password_real = 'password'
|
|
||||||
} else {
|
|
||||||
$password_real = $password
|
|
||||||
}
|
|
||||||
|
|
||||||
if is_service_default($system_scope) {
|
if is_service_default($system_scope) {
|
||||||
$project_name_real = $project_name
|
$project_name_real = $project_name
|
||||||
$project_domain_name_real = $project_domain_name
|
$project_domain_name_real = $project_domain_name
|
||||||
@ -230,7 +221,7 @@ Please set password parameter')
|
|||||||
'filter:ceilometer/system_scope': value => $system_scope;
|
'filter:ceilometer/system_scope': value => $system_scope;
|
||||||
'filter:ceilometer/username': value => $username;
|
'filter:ceilometer/username': value => $username;
|
||||||
'filter:ceilometer/user_domain_name': value => $user_domain_name;
|
'filter:ceilometer/user_domain_name': value => $user_domain_name;
|
||||||
'filter:ceilometer/password': value => $password_real, secret => true;
|
'filter:ceilometer/password': value => $password, secret => true;
|
||||||
'filter:ceilometer/region_name': value => $region_name;
|
'filter:ceilometer/region_name': value => $region_name;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,6 +4,11 @@
|
|||||||
#
|
#
|
||||||
# === Parameters
|
# === Parameters
|
||||||
#
|
#
|
||||||
|
# [*password*]
|
||||||
|
# (Required) Keystone credentials used for secret caching
|
||||||
|
# The password for the user
|
||||||
|
# Defaults to password
|
||||||
|
#
|
||||||
# [*auth_uri*]
|
# [*auth_uri*]
|
||||||
# (optional) The Keystone server uri
|
# (optional) The Keystone server uri
|
||||||
# Defaults to http://127.0.0.1:5000
|
# Defaults to http://127.0.0.1:5000
|
||||||
@ -50,11 +55,6 @@
|
|||||||
# id of domain for $username
|
# id of domain for $username
|
||||||
# Defaults to default
|
# Defaults to default
|
||||||
#
|
#
|
||||||
# [*password*]
|
|
||||||
# (Optional) Keystone credentials used for secret caching
|
|
||||||
# The password for the user
|
|
||||||
# Defaults to password
|
|
||||||
#
|
|
||||||
# [*project_name*]
|
# [*project_name*]
|
||||||
# (Optional) Keystone credentials used for secret caching
|
# (Optional) Keystone credentials used for secret caching
|
||||||
# Service project name
|
# Service project name
|
||||||
@ -82,6 +82,7 @@
|
|||||||
# Copyright 2012 eNovance licensing@enovance.com
|
# Copyright 2012 eNovance licensing@enovance.com
|
||||||
#
|
#
|
||||||
class swift::proxy::s3token(
|
class swift::proxy::s3token(
|
||||||
|
String[1] $password,
|
||||||
$auth_uri = 'http://127.0.0.1:5000',
|
$auth_uri = 'http://127.0.0.1:5000',
|
||||||
$reseller_prefix = 'AUTH_',
|
$reseller_prefix = 'AUTH_',
|
||||||
$delay_auth_decision = false,
|
$delay_auth_decision = false,
|
||||||
@ -91,7 +92,6 @@ class swift::proxy::s3token(
|
|||||||
$auth_type = 'password',
|
$auth_type = 'password',
|
||||||
$username = 'swift',
|
$username = 'swift',
|
||||||
$user_domain_id = 'default',
|
$user_domain_id = 'default',
|
||||||
$password = undef,
|
|
||||||
$project_name = 'services',
|
$project_name = 'services',
|
||||||
$project_domain_id = 'default',
|
$project_domain_id = 'default',
|
||||||
$system_scope = $facts['os_service_default'],
|
$system_scope = $facts['os_service_default'],
|
||||||
@ -99,14 +99,6 @@ class swift::proxy::s3token(
|
|||||||
|
|
||||||
include swift::deps
|
include swift::deps
|
||||||
|
|
||||||
if $password == undef {
|
|
||||||
warning('Usage of the default password is deprecated and will be removed in a future release. \
|
|
||||||
Please set password parameter')
|
|
||||||
$password_real = 'password'
|
|
||||||
} else {
|
|
||||||
$password_real = $password
|
|
||||||
}
|
|
||||||
|
|
||||||
if is_service_default($system_scope) {
|
if is_service_default($system_scope) {
|
||||||
$project_name_real = $project_name
|
$project_name_real = $project_name
|
||||||
$project_domain_id_real = $project_domain_id
|
$project_domain_id_real = $project_domain_id
|
||||||
@ -126,7 +118,7 @@ Please set password parameter')
|
|||||||
'filter:s3token/auth_type': value => $auth_type;
|
'filter:s3token/auth_type': value => $auth_type;
|
||||||
'filter:s3token/username': value => $username;
|
'filter:s3token/username': value => $username;
|
||||||
'filter:s3token/user_domain_id': value => $user_domain_id;
|
'filter:s3token/user_domain_id': value => $user_domain_id;
|
||||||
'filter:s3token/password': value => $password_real, secret => true;
|
'filter:s3token/password': value => $password, secret => true;
|
||||||
'filter:s3token/project_name': value => $project_name_real;
|
'filter:s3token/project_name': value => $project_name_real;
|
||||||
'filter:s3token/project_domain_id': value => $project_domain_id_real;
|
'filter:s3token/project_domain_id': value => $project_domain_id_real;
|
||||||
'filter:s3token/system_scope': value => $system_scope;
|
'filter:s3token/system_scope': value => $system_scope;
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The default password value has been removed and now the ``password``
|
||||||
|
parameters are required.
|
@ -2,10 +2,17 @@ require 'spec_helper'
|
|||||||
|
|
||||||
describe 'swift::keymaster' do
|
describe 'swift::keymaster' do
|
||||||
shared_examples 'swift::keymaster' do
|
shared_examples 'swift::keymaster' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:password => 'swiftpassword'
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
context "when using default parameters" do
|
context "when using default parameters" do
|
||||||
it 'configures keymaster options' do
|
it 'configures keymaster options' do
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/api_class').with_value('barbican')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/api_class').with_value('barbican')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/username').with_value('swift')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/username').with_value('swift')
|
||||||
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/password').with_value('swiftpassword').with_secret(true)
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_id').with_value('default')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_id').with_value('default')
|
||||||
@ -14,21 +21,19 @@ describe 'swift::keymaster' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe "when overriding default parameters" do
|
describe "when overriding default parameters" do
|
||||||
let :params do
|
before :each do
|
||||||
{
|
params.merge!({
|
||||||
:api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
|
:api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
|
||||||
:key_id => 'dummy_key_id',
|
:key_id => 'dummy_key_id',
|
||||||
:password => 'fake_password',
|
|
||||||
:auth_endpoint => 'http://127.0.0.1:5000',
|
:auth_endpoint => 'http://127.0.0.1:5000',
|
||||||
:project_name => 'barbican_swift_service',
|
:project_name => 'barbican_swift_service',
|
||||||
:meta_version_to_write => 3,
|
:meta_version_to_write => 3,
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'configures keymaster options' do
|
it 'configures keymaster options' do
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/api_class').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/api_class').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/key_id').with_value('dummy_key_id')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/key_id').with_value('dummy_key_id')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/password').with_value('fake_password').with_secret(true)
|
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('3')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('3')
|
||||||
|
@ -2,6 +2,12 @@ require 'spec_helper'
|
|||||||
|
|
||||||
describe 'swift::proxy::authtoken' do
|
describe 'swift::proxy::authtoken' do
|
||||||
shared_examples 'swift::proxy::authtoken' do
|
shared_examples 'swift::proxy::authtoken' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:password => 'swiftpassword',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
describe "when using default parameters" do
|
describe "when using default parameters" do
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
|
||||||
@ -10,7 +16,7 @@ describe 'swift::proxy::authtoken' do
|
|||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_type').with_value('password') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_type').with_value('password') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/username').with_value('swift') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/username').with_value('swift') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/user_domain_id').with_value('default') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/user_domain_id').with_value('default') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/password').with_value('password').with_secret(true) }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/password').with_value('swiftpassword').with_secret(true) }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('services') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('services') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_domain_id').with_value('default') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_domain_id').with_value('default') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/system_scope').with_value('<SERVICE DEFAULT>') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/system_scope').with_value('<SERVICE DEFAULT>') }
|
||||||
@ -25,8 +31,8 @@ describe 'swift::proxy::authtoken' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe "when overriding parameters" do
|
describe "when overriding parameters" do
|
||||||
let :params do
|
before :each do
|
||||||
{
|
params.merge!({
|
||||||
:username => 'swiftuser',
|
:username => 'swiftuser',
|
||||||
:password => 'swiftpassword',
|
:password => 'swiftpassword',
|
||||||
:project_name => 'admin',
|
:project_name => 'admin',
|
||||||
@ -37,7 +43,7 @@ describe 'swift::proxy::authtoken' do
|
|||||||
:service_token_roles_required => true,
|
:service_token_roles_required => true,
|
||||||
:service_type => 'identity',
|
:service_type => 'identity',
|
||||||
:interface => 'internal',
|
:interface => 'internal',
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
|
||||||
@ -62,29 +68,31 @@ describe 'swift::proxy::authtoken' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe 'when overriding www_authenticate_uri' do
|
describe 'when overriding www_authenticate_uri' do
|
||||||
let :params do
|
before :each do
|
||||||
{ :www_authenticate_uri => 'http://public.host/keystone/main' }
|
params.merge!({
|
||||||
|
:www_authenticate_uri => 'http://public.host/keystone/main'
|
||||||
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://public.host/keystone/main') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://public.host/keystone/main') }
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "when auth_url is set" do
|
describe "when auth_url is set" do
|
||||||
let :params do
|
before :each do
|
||||||
{
|
params.merge!({
|
||||||
:auth_url => 'https://foo.bar:5000/'
|
:auth_url => 'https://foo.bar:5000/'
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('https://foo.bar:5000/') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('https://foo.bar:5000/') }
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "when both www_authenticate_uri and auth_url are set" do
|
describe "when both www_authenticate_uri and auth_url are set" do
|
||||||
let :params do
|
before :each do
|
||||||
{
|
params.merge!({
|
||||||
:www_authenticate_uri => 'https://foo.bar:5000/v3/',
|
:www_authenticate_uri => 'https://foo.bar:5000/v3/',
|
||||||
:auth_url => 'https://foo.bar:5000/'
|
:auth_url => 'https://foo.bar:5000/'
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('https://foo.bar:5000/v3/') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('https://foo.bar:5000/v3/') }
|
||||||
@ -92,10 +100,10 @@ describe 'swift::proxy::authtoken' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe 'when system_scope is set' do
|
describe 'when system_scope is set' do
|
||||||
let :params do
|
before :each do
|
||||||
{
|
params.merge!({
|
||||||
:system_scope => 'all'
|
:system_scope => 'all'
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('<SERVICE DEFAULT>') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('<SERVICE DEFAULT>') }
|
||||||
|
@ -9,14 +9,21 @@ describe 'swift::proxy::ceilometer' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
shared_examples 'swift::proxy::ceilometer' do
|
shared_examples 'swift::proxy::ceilometer' do
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:password => 'swiftpassword'
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
describe "when using default parameters" do
|
describe "when using default parameters" do
|
||||||
let :params do
|
before :each do
|
||||||
{
|
params.merge!({
|
||||||
:default_transport_url => 'rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit',
|
:default_transport_url => 'rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit',
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/password').with_value('password').with_secret(true) }
|
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/password').with_value('swiftpassword').with_secret(true) }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
|
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit').with_secret(true) }
|
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit').with_secret(true) }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('false') }
|
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('false') }
|
||||||
@ -29,8 +36,9 @@ describe 'swift::proxy::ceilometer' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe "when overriding default parameters with rabbit driver" do
|
describe "when overriding default parameters with rabbit driver" do
|
||||||
let :params do
|
before :each do
|
||||||
{ :default_transport_url => 'rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit',
|
params.merge!({
|
||||||
|
:default_transport_url => 'rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit',
|
||||||
:driver => 'messagingv2',
|
:driver => 'messagingv2',
|
||||||
:topic => 'notifications',
|
:topic => 'notifications',
|
||||||
:control_exchange => 'swift',
|
:control_exchange => 'swift',
|
||||||
@ -42,9 +50,8 @@ describe 'swift::proxy::ceilometer' do
|
|||||||
:user_domain_name => 'Default',
|
:user_domain_name => 'Default',
|
||||||
:project_name => 'services',
|
:project_name => 'services',
|
||||||
:username => 'swift',
|
:username => 'swift',
|
||||||
:password => 'mypassword',
|
|
||||||
:region_name => 'region2'
|
:region_name => 'region2'
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with single rabbit host' do
|
context 'with single rabbit host' do
|
||||||
@ -62,7 +69,6 @@ describe 'swift::proxy::ceilometer' do
|
|||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/system_scope').with_value('<SERVICE DEFAULT>') }
|
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/system_scope').with_value('<SERVICE DEFAULT>') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/username').with_value('swift') }
|
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/username').with_value('swift') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/user_domain_name').with_value('Default') }
|
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/user_domain_name').with_value('Default') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/password').with_value('mypassword').with_secret(true) }
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/region_name').with_value('region2') }
|
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/region_name').with_value('region2') }
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -116,11 +122,11 @@ describe 'swift::proxy::ceilometer' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
describe 'when system_scope is set' do
|
describe 'when system_scope is set' do
|
||||||
let :params do
|
before :each do
|
||||||
{
|
params.merge!({
|
||||||
:default_transport_url => 'rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit',
|
:default_transport_url => 'rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit',
|
||||||
:system_scope => 'all'
|
:system_scope => 'all'
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/project_name').with_value('<SERVICE DEFAULT>') }
|
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/project_name').with_value('<SERVICE DEFAULT>') }
|
||||||
|
@ -2,6 +2,12 @@ require 'spec_helper'
|
|||||||
|
|
||||||
describe 'swift::proxy::s3token' do
|
describe 'swift::proxy::s3token' do
|
||||||
shared_examples 'swift::proxy::s3token' do
|
shared_examples 'swift::proxy::s3token' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:password => 'swiftpassword'
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
describe "when using default parameters" do
|
describe "when using default parameters" do
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/use').with_value('egg:swift#s3token') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/use').with_value('egg:swift#s3token') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_uri').with_value('http://127.0.0.1:5000') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_uri').with_value('http://127.0.0.1:5000') }
|
||||||
@ -13,15 +19,15 @@ describe 'swift::proxy::s3token' do
|
|||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_type').with_value('password') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_type').with_value('password') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/username').with_value('swift') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/username').with_value('swift') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/user_domain_id').with_value('default') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/user_domain_id').with_value('default') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/password').with_value('password').with_secret(true) }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/password').with_value('swiftpassword').with_secret(true) }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_name').with_value('services') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_name').with_value('services') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_domain_id').with_value('default') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_domain_id').with_value('default') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/system_scope').with_value('<SERVICE DEFAULT>') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/system_scope').with_value('<SERVICE DEFAULT>') }
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "when overriding default parameters" do
|
describe "when overriding default parameters" do
|
||||||
let :params do
|
before :each do
|
||||||
{
|
params.merge!({
|
||||||
:auth_uri => 'http://192.168.24.11:5000',
|
:auth_uri => 'http://192.168.24.11:5000',
|
||||||
:reseller_prefix => 'SWIFT_',
|
:reseller_prefix => 'SWIFT_',
|
||||||
:delay_auth_decision => true,
|
:delay_auth_decision => true,
|
||||||
@ -30,11 +36,10 @@ describe 'swift::proxy::s3token' do
|
|||||||
:auth_url => 'http://192.168.24.11:5000',
|
:auth_url => 'http://192.168.24.11:5000',
|
||||||
:auth_type => 'password',
|
:auth_type => 'password',
|
||||||
:username => 'swift',
|
:username => 'swift',
|
||||||
:password => 'swift',
|
|
||||||
:project_name => 'admin',
|
:project_name => 'admin',
|
||||||
:project_domain_id => '12345',
|
:project_domain_id => '12345',
|
||||||
:user_domain_id => '12345'
|
:user_domain_id => '12345'
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_uri').with_value('http://192.168.24.11:5000') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_uri').with_value('http://192.168.24.11:5000') }
|
||||||
@ -46,17 +51,17 @@ describe 'swift::proxy::s3token' do
|
|||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_type').with_value('password') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_type').with_value('password') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/username').with_value('swift') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/username').with_value('swift') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/user_domain_id').with_value('12345') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/user_domain_id').with_value('12345') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/password').with_value('swift').with_secret(true) }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/password').with_value('swiftpassword').with_secret(true) }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_name').with_value('admin') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_name').with_value('admin') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_domain_id').with_value('12345') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_domain_id').with_value('12345') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/system_scope').with_value('<SERVICE DEFAULT>') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/system_scope').with_value('<SERVICE DEFAULT>') }
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'when system_scope is set' do
|
describe 'when system_scope is set' do
|
||||||
let :params do
|
before :each do
|
||||||
{
|
params.merge!({
|
||||||
:system_scope => 'all'
|
:system_scope => 'all'
|
||||||
}
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_name').with_value('<SERVICE DEFAULT>') }
|
it { is_expected.to contain_swift_proxy_config('filter:s3token/project_name').with_value('<SERVICE DEFAULT>') }
|
||||||
|
Loading…
Reference in New Issue
Block a user