1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
# == Class: swift::proxy::s3token
#
# Configure swift s3token.
#
# === Parameters
#
# [*auth_uri*]
# (optional) The Keystone server uri
# Defaults to http://127.0.0.1:5000
#
# [*reseller_prefix*]
# Prefix that will be prepended to the project to
# form the account
# Default to 'AUTH_'
#
# [*delay_auth_decision*]
# Enable downstream WSGI components to decide the
# validation of s3-style requests.
# Default to False
#
# [*http_timeout*]
# Connection timeout to be used during communicating
# with Keystone
# Default to $::os_service_default
#
# [*secret_cache_duration*]
# The number of seconds that secrets can be cached.
# Set this to some number greater than zero to enable
# caching, which will help to reduce latency for the
# client and load on Keystone.
# Default to 0
#
# [*auth_url*]
# (Optional) Keystone credentials used for secret caching
# The URL to use for authentication.
# Defaults to 'http://127.0.0.1:5000'
#
# [*auth_type*]
# (Optional) Keystone credentials used for secret caching
# The plugin for authentication
# Defaults to password
#
# [*username*]
# (Optional) Keystone credentials used for secret caching
# The name of the service user
# Defaults to swift
#
# [*user_domain_id*]
# (Optional) Keystone credentials used for secret caching
# id of domain for $username
# Defaults to default
#
# [*password*]
# (Optional) Keystone credentials used for secret caching
# The password for the user
# Defaults to password
#
# [*project_name*]
# (Optional) Keystone credentials used for secret caching
# Service project name
# Defaults to services
#
# [*project_domain_id*]
# (Optional) Keystone credentials used for secret caching
# id of domain for $project_name
# Defaults to default
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# == Dependencies
#
# == Examples
#
# == Authors
#
# Francois Charlier fcharlier@ploup.net
#
# == Copyright
#
# Copyright 2012 eNovance licensing@enovance.com
#
class swift::proxy::s3token(
$auth_uri = 'http://127.0.0.1:5000',
$reseller_prefix = 'AUTH_',
$delay_auth_decision = false,
$http_timeout = $::os_service_default,
$secret_cache_duration = 0,
$auth_url = 'http://127.0.0.1:5000',
$auth_type = 'password',
$username = 'swift',
$user_domain_id = 'default',
$password = undef,
$project_name = 'services',
$project_domain_id = 'default',
$system_scope = $::os_service_default,
) {
include swift::deps
if $password == undef {
warning('Usage of the default password is deprecated and will be removed in a future release. \
Please set password parameter')
$password_real = 'password'
} else {
$password_real = $password
}
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_id_real = $project_domain_id
} else {
$project_name_real = $::os_service_default
$project_domain_id_real = $::os_service_default
}
swift_proxy_config {
'filter:s3token/use': value => 'egg:swift#s3token';
'filter:s3token/auth_uri': value => $auth_uri;
'filter:s3token/reseller_prefix': value => $reseller_prefix;
'filter:s3token/delay_auth_decision': value => $delay_auth_decision;
'filter:s3token/http_timeout': value => $http_timeout;
'filter:s3token/secret_cache_duration': value => $secret_cache_duration;
'filter:s3token/auth_url': value => $auth_url;
'filter:s3token/auth_type': value => $auth_type;
'filter:s3token/username': value => $username;
'filter:s3token/user_domain_id': value => $user_domain_id;
'filter:s3token/password': value => $password_real, secret => true;
'filter:s3token/project_name': value => $project_name_real;
'filter:s3token/project_domain_id': value => $project_domain_id_real;
'filter:s3token/system_scope': value => $system_scope;
}
}
|
