Puppet Class: swift::proxy::tempauth
- Defined in:
- manifests/proxy/tempauth.pp
Overview
class: swift::proxy::tempauth
This class manages tempauth middleware
[*reseller_prefix*]
The naming scope for the auth service. Swift storage accounts and
auth tokens will begin with this prefix.
Optional. Defaults to 'undef'
Example: 'AUTH'.
[*auth_prefix*]
The HTTP request path prefix for the auth service. Swift itself
reserves anything beginning with the letter v.
Optional. Defaults to 'undef'
Example: '/auth/'
[*token_life*]
The number of seconds a token is valid.
Optional. Integer value. Defaults to 'undef'.
Example: 81600
[*allow_overrides*]
Allows middleware higher in the WSGI pipeline to override auth
processing
Optional. Boolean. Defaults to 'undef'
Example: true
[*storage_url_scheme*]
Scheme to return with storage urls: http, https, or default
Optional. Possible values: http, https or default. Defaults to 'undef'
[*account_user_list*]
List all the accounts/users you want in an array of hash format.
'user' and 'account' should not include '_' (TODO).
Defaults to:
account_user_list => [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
}
]
Example of two account/user:
account_user_list => [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
{
'user' => 'foo',
'account' => 'bar',
'key' => 'pass',
'groups' => [],
},
]
it will generate these lines
user_admin_admin = admin .admin .reseller_admin
user_bar_foo = pass
Authors
Guilherme Maluf Balzana <guimalufb@gmail.com>
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
# File 'manifests/proxy/tempauth.pp', line 68
class swift::proxy::tempauth (
$account_user_list = [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
],
$reseller_prefix = undef,
$auth_prefix = undef,
$token_life = undef,
$allow_overrides = undef,
$storage_url_scheme = undef,
) {
include swift::deps
validate_legacy(Array, 'validate_array', $account_user_list)
if ($reseller_prefix) {
validate_legacy(String, 'validate_string', $reseller_prefix)
$reseller_prefix_upcase = upcase($reseller_prefix)
}
if ($token_life) {
validate_legacy(Integer, 'validate_integer', $token_life)
}
if ($auth_prefix) {
validate_legacy(Pattern[/\/(.*)+\//], 'validate_re', $auth_prefix, ['\/(.*)+\/'])
}
if ($allow_overrides) {
validate_legacy(Boolean, 'validate_bool', $allow_overrides)
}
if ($storage_url_scheme) {
validate_legacy(Enum['http', 'https', 'default'], 'validate_re',
$storage_url_scheme, [['http', 'https', 'default']])
}
swift_proxy_config {
'filter:tempauth/use': value => 'egg:swift#tempauth';
'filter:tempauth/reseller_prefix': value => $reseller_prefix_upcase;
'filter:tempauth/token_life': value => $token_life;
'filter:tempauth/auth_prefix': value => $auth_prefix;
'filter:tempauth/storage_url_scheme': value => $storage_url_scheme;
}
# tempauth account_users end up in the following format
# user_<account>_<user> = <key> .<group1> .<groupx>
# ex: user_admin_admin=admin .admin .reseller_admin
# account_data is an array with each element containing a single account string:
# ex [user_<account>_<user>, <key> .<group1> .<groupx>]
if $account_user_list {
$account_data = split(inline_template(
"<% @account_user_list.each do |user| %>\
user_<%= user['account'] %>_<%= user['user'] %>,\
<%= user['key'] %> <%= user['groups'].map { |g| '.' + g }.join(' ') %> ; <% end %>"),';')
# write each temauth account line to file
# TODO replace/simplify with iterators once all supported puppet versions support them.
swift::proxy::tempauth_account { $account_data: }
}
}
|