Merge "Add region parameters for keystone authentication"

manifests/proxy/authtoken.pp

@@ -49,6 +49,10 @@
 #   (Optional) id of domain for $username
 #   Defaults to 'default'
 #
+# [*region_name*]
+#   (Optional) The region in which the identity server can be found.
+#   Defaults to $::os_service_default.
+#
 # [*include_service_catalog*]
 #   (Optional) Indicate whether to set the X-Service-Catalog header. If False,
 #   middleware will not ask for service catalog on token validation and will
@@ -113,6 +117,7 @@ class swift::proxy::authtoken(
   $project_name                 = 'services',
   $username                     = 'swift',
   $password                     = 'password',
+  $region_name                  = $::os_service_default,
   $include_service_catalog      = false,
   $service_token_roles          = $::os_service_default,
   $service_token_roles_required = $::os_service_default,
@@ -177,6 +182,7 @@ class swift::proxy::authtoken(
     'filter:authtoken/project_name':                 value => $project_name_real;
     'filter:authtoken/username':                     value => $username_real;
     'filter:authtoken/password':                     value => $password_real;
+    'filter:authtoken/region_name':                  value => $region_name;
     'filter:authtoken/delay_auth_decision':          value => $delay_auth_decision;
     'filter:authtoken/cache':                        value => $cache;
     'filter:authtoken/include_service_catalog':      value => $include_service_catalog;

manifests/proxy/ceilometer.pp

@@ -75,6 +75,10 @@
 #   (Optional) The password for the user
 #   Defaults to 'password'
 #
+# [*region_name*]
+#   (Optional) The region in which the identity server can be found.
+#   Defaults to $::os_service_default.
+#
 # [*notification_ssl_ca_file*]
 #   (optional) SSL certification authority file (valid only if SSL enabled).
 #   (string value)
@@ -129,6 +133,7 @@ class swift::proxy::ceilometer(
   $project_name               = 'services',
   $username                   = 'swift',
   $password                   = 'password',
+  $region_name                = $::os_service_default,
   $notification_ssl_ca_file   = $::os_service_default,
   $notification_ssl_cert_file = $::os_service_default,
   $notification_ssl_key_file  = $::os_service_default,
@@ -173,6 +178,7 @@ class swift::proxy::ceilometer(
     'filter:ceilometer/project_name':         value => $project_name;
     'filter:ceilometer/username':             value => $username;
     'filter:ceilometer/password':             value => $password;
+    'filter:ceilometer/region_name':          value => $region_name;
   }
 
   if $default_transport_url =~ /^rabbit.*/ {

releasenotes/notes/keystone-region-416dd0806629397a.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Add swift::proxy::authtoken::region_name and
+    swift::proxy::ceilometer::region_name to specify keystone region
+    where we expect identity resources like swift user are created.

spec/classes/swift_proxy_authtoken_spec.rb

@@ -29,6 +29,7 @@ describe 'swift::proxy::authtoken' do
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('services') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/username').with_value('swift') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/password').with_value('password') }
+      it { is_expected.to contain_swift_proxy_config('filter:authtoken/region_name').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/delay_auth_decision').with_value('1') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/cache').with_value('swift.cache') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
@@ -42,6 +43,7 @@ describe 'swift::proxy::authtoken' do
           :admin_tenant_name            => 'admin',
           :admin_user                   => 'swiftuser',
           :admin_password               => 'swiftpassword',
+          :region_name                  => 'region2',
           :cache                        => 'foo',
           :delay_auth_decision          => '0',
           :signing_dir                  => '/home/swift/keystone-signing',
@@ -61,6 +63,7 @@ describe 'swift::proxy::authtoken' do
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('admin') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/username').with_value('swiftuser') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/password').with_value('swiftpassword') }
+      it { is_expected.to contain_swift_proxy_config('filter:authtoken/region_name').with_value('region2') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/delay_auth_decision').with_value('0') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/cache').with_value('foo') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }

spec/classes/swift_proxy_ceilometer_spec.rb

@@ -32,14 +32,15 @@ describe 'swift::proxy::ceilometer' do
           :control_exchange      => 'swift',
           :nonblocking_notify    => true,
           :ignore_projects       => ['services'],
-	  :auth_uri              => 'http://127.0.0.1:5000',
-	  :auth_url              => 'http://127.0.0.1:5000',
-	  :auth_type             => 'password',
-	  :project_domain_name   => 'Default',
-	  :user_domain_name      => 'Default',
-	  :project_name          => 'services',
-	  :username              => 'swift',
-	  :password              => 'password',
+          :auth_uri              => 'http://127.0.0.1:5000',
+          :auth_url              => 'http://127.0.0.1:5000',
+          :auth_type             => 'password',
+          :project_domain_name   => 'Default',
+          :user_domain_name      => 'Default',
+          :project_name          => 'services',
+          :username              => 'swift',
+          :password              => 'password',
+          :region_name           => 'region2'
         }
       end
 
@@ -52,14 +53,15 @@ describe 'swift::proxy::ceilometer' do
         it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') }
         it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('true') }
         it { is_expected.to contain_swift_proxy_config('filter:ceilometer/ignore_projects').with_value(['services']) }
-	it { is_expected.to contain_swift_proxy_config('filter:ceilometer/auth_uri').with_value('http://127.0.0.1:5000') }
-	it { is_expected.to contain_swift_proxy_config('filter:ceilometer/auth_url').with_value('http://127.0.0.1:5000') }
+        it { is_expected.to contain_swift_proxy_config('filter:ceilometer/auth_uri').with_value('http://127.0.0.1:5000') }
+        it { is_expected.to contain_swift_proxy_config('filter:ceilometer/auth_url').with_value('http://127.0.0.1:5000') }
         it { is_expected.to contain_swift_proxy_config('filter:ceilometer/auth_type').with_value('password') }
         it { is_expected.to contain_swift_proxy_config('filter:ceilometer/project_domain_name').with_value('Default') }
         it { is_expected.to contain_swift_proxy_config('filter:ceilometer/user_domain_name').with_value('Default') }
         it { is_expected.to contain_swift_proxy_config('filter:ceilometer/project_name').with_value('services') }
         it { is_expected.to contain_swift_proxy_config('filter:ceilometer/username').with_value('swift') }
         it { is_expected.to contain_swift_proxy_config('filter:ceilometer/password').with_value('password') }
+        it { is_expected.to contain_swift_proxy_config('filter:ceilometer/region_name').with_value('region2') }
       end
 
       context 'with default transport url' do