1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# == class: swift::proxy::tempauth
# This class manages tempauth middleware
#
# [*reseller_prefix*]
# The naming scope for the auth service. Swift storage accounts and
# auth tokens will begin with this prefix.
# Optional. Defaults to 'undef'
# Example: 'AUTH'.
#
# [*auth_prefix*]
# The HTTP request path prefix for the auth service. Swift itself
# reserves anything beginning with the letter v.
# Optional. Defaults to 'undef'
# Example: '/auth/'
#
# [*token_life*]
# The number of seconds a token is valid.
# Optional. Integer value. Defaults to 'undef'.
# Example: 81600
#
# [*allow_overrides*]
# Allows middleware higher in the WSGI pipeline to override auth
# processing
# Optional. Boolean. Defaults to 'undef'
# Example: true
#
# [*storage_url_scheme*]
# Scheme to return with storage urls: http, https, or default
# Optional. Possible values: http, https or default. Defaults to 'undef'
#
# [*account_user_list*]
# List all the accounts/users you want in an array of hash format.
# 'user' and 'account' should not include '_' (TODO).
# Defaults to:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# }
# ]
#
# Example of two account/user:
# account_user_list => [
# {
# 'user' => 'admin',
# 'account' => 'admin',
# 'key' => 'admin',
# 'groups' => [ 'admin', 'reseller_admin' ],
# },
# {
# 'user' => 'foo',
# 'account' => 'bar',
# 'key' => 'pass',
# 'groups' => [],
# },
# ]
#
# it will generate these lines
# user_admin_admin = admin .admin .reseller_admin
# user_bar_foo = pass
#
# == Authors
#
# Guilherme Maluf Balzana <guimalufb@gmail.com>
#
class swift::proxy::tempauth (
Array[Hash] $account_user_list = [
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'groups' => [ 'admin', 'reseller_admin' ],
},
],
Optional[String[1]] $reseller_prefix = undef,
Optional[Pattern[/\/(.*)+\//]] $auth_prefix = undef,
Optional[Integer[0]] $token_life = undef,
Optional[Boolean] $allow_overrides = undef,
Optional[Enum['http', 'https', 'default']] $storage_url_scheme = undef,
) {
include swift::deps
if ($reseller_prefix) {
$reseller_prefix_upcase = upcase($reseller_prefix)
} else {
$reseller_prefix_upcase = $reseller_prefix
}
swift_proxy_config {
'filter:tempauth/use': value => 'egg:swift#tempauth';
'filter:tempauth/reseller_prefix': value => $reseller_prefix_upcase;
'filter:tempauth/token_life': value => $token_life;
'filter:tempauth/auth_prefix': value => $auth_prefix;
'filter:tempauth/storage_url_scheme': value => $storage_url_scheme;
}
# tempauth account_users end up in the following format
# user_<account>_<user> = <key> .<group1> .<groupx>
# ex: user_admin_admin=admin .admin .reseller_admin
# account_data is an array with each element containing a single account string:
# ex [user_<account>_<user>, <key> .<group1> .<groupx>]
$account_user_list.each |$account_user| {
validate_tempauth_account($account_user)
$account_base = "user_${account_user['account']}_${account_user['user']}, ${account_user['key']}"
$groups = empty($account_user) ? {
true => undef,
default => join([''] + $account_user['groups'], ' .')
}
$account_data = join(delete_undef_values([$account_base, $groups]), '')
# write each temauth account line to file
swift::proxy::tempauth_account { $account_data: }
}
}
|
