puppet-swift/manifests/keystone/auth.pp
ZhongShengping c90740b753 Remove deprecated parameters for keystone::auth
Change-Id: I5e27308082e69417d14a70a58cc8b738c1f94b3c
2017-08-24 11:47:23 +08:00

170 lines
5.5 KiB
Puppet

# == Class: swift::keystone::auth
#
# This class creates keystone users, services, endpoints, and roles
# for swift services.
#
# The user is given the admin role in the services tenant.
#
# === Parameters:
#
# [*auth_name*]
# String. The name of the user.
# Optional. Defaults to 'swift'.
#
# [*password*]
# String. The user's password.
# Optional. Defaults to 'swift_password'.
#
# [*tenant*]
# (Optional) The tenant to use for the swift service user
# Defaults to 'services'
#
# [*email*]
# (Optional) The email address for the swift service user
# Defaults to 'swift@localhost'
#
# [*region*]
# (Optional) The region in which to place the endpoints
# Defaults to 'RegionOne'
#
# [*operator_roles*]
# (Optional) Array of strings. List of roles Swift considers as admin.
# Defaults to '['admin', 'SwiftOperator']'
#
# [*configure_endpoint*]
# (optional) Whether to create the endpoint.
# Defaults to true
#
# [*configure_s3_endpoint*]
# (optional) Whether to create the S3 endpoint.
# Defaults to true
#
# [*configure_user*]
# (Optional) Whether to create the service user.
# Defaults to 'true'.
#
# [*configure_user_role*]
# (Optional) Whether to configure the admin role for the service user.
# Defaults to 'true'.
#
# [*service_name*]
# (optional) Name of the service.
# Defaults to 'swift'
#
# [*service_name_s3*]
# (optional) Name of the s3 service.
# Defaults to 'swift_s3'
#
# [*service_description*]
# (optional) Description for keystone service.
# Defaults to 'Openstack Object-Store Service'.
#
# [*service_description_s3*]
# (optional) Description for keystone s3 service.
# Defaults to 'Openstack S3 Service'.
#
# [*public_url*]
# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s')
# This url should *not* contain any trailing '/'.
#
# [*admin_url*]
# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8080')
# This url should *not* contain any trailing '/'.
#
# [*internal_url*]
# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s')
# This url should *not* contain any trailing '/'.
#
# [*public_url_s3*]
# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8080')
# This url should *not* contain any trailing '/'.
#
# [*admin_url_s3*]
# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8080')
# This url should *not* contain any trailing '/'.
#
# [*internal_url_s3*]
# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8080')
# This url should *not* contain any trailing '/'.
#
class swift::keystone::auth(
$auth_name = 'swift',
$password = 'swift_password',
$tenant = 'services',
$email = 'swift@localhost',
$region = 'RegionOne',
$operator_roles = ['admin', 'SwiftOperator'],
$service_name = 'swift',
$service_name_s3 = 'swift_s3',
$service_description = 'Openstack Object-Store Service',
$service_description_s3 = 'Openstack S3 Service',
$configure_endpoint = true,
$configure_s3_endpoint = true,
$configure_user = true,
$configure_user_role = true,
$public_url = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
$admin_url = 'http://127.0.0.1:8080',
$internal_url = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
$public_url_s3 = 'http://127.0.0.1:8080',
$admin_url_s3 = 'http://127.0.0.1:8080',
$internal_url_s3 = 'http://127.0.0.1:8080',
) {
include ::swift::deps
if $service_name == $service_name_s3 {
fail('swift::keystone::auth parameters service_name and service_name_s3 must be different.')
}
# Establish that keystone auth and endpoints are properly setup before
# managing any type of swift related service.
if $configure_endpoint {
Keystone_endpoint["${region}/${service_name}::object-store"] -> Swift::Service<||>
}
if $configure_s3_endpoint {
Keystone_endpoint["${region}/${service_name_s3}::s3"] -> Swift::Service<||>
}
keystone::resource::service_identity { 'swift':
configure_endpoint => $configure_endpoint,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
service_name => $service_name,
service_type => 'object-store',
service_description => $service_description,
region => $region,
auth_name => $auth_name,
password => $password,
email => $email,
tenant => $tenant,
public_url => $public_url,
admin_url => $admin_url,
internal_url => $internal_url,
}
keystone::resource::service_identity { 'swift_s3':
configure_user => false,
configure_user_role => false,
configure_endpoint => $configure_s3_endpoint,
configure_service => $configure_s3_endpoint,
service_name => $service_name_s3,
service_type => 's3',
service_description => $service_description_s3,
region => $region,
public_url => $public_url_s3,
admin_url => $admin_url_s3,
internal_url => $internal_url_s3,
}
if $operator_roles {
#Roles like "admin" may be defined elsewhere, so use ensure_resource
ensure_resource('keystone_role', $operator_roles, { 'ensure' => 'present' })
}
# Backward compatibility
if $configure_user {
Keystone_user[$auth_name] -> Keystone_user_role["${auth_name}@${tenant}"]
}
}