From 704352edb66fdd43019433e7b98304cd7a6f6823 Mon Sep 17 00:00:00 2001
From: Rocky <shi.yan@unimelb.edu.au>
Date: Sun, 3 May 2020 21:52:46 +1000
Subject: [PATCH] Add more parameters for s3token middleware

Change-Id: I478cf98a72b7c06bcd96a93957af43aed39bccc7
(cherry picked from commit 3d036d6e76ab81e880efd1644b5f07c07c5d4c3a)
---
 manifests/proxy/s3token.pp                    | 92 +++++++++++++++++--
 .../add_s3token_params-89215880c6e2507a.yaml  |  6 ++
 spec/classes/swift_proxy_s3token_spec.rb      | 37 +++++++-
 3 files changed, 127 insertions(+), 8 deletions(-)
 create mode 100644 releasenotes/notes/add_s3token_params-89215880c6e2507a.yaml

diff --git a/manifests/proxy/s3token.pp b/manifests/proxy/s3token.pp
index cec69ecd..653031b9 100644
--- a/manifests/proxy/s3token.pp
+++ b/manifests/proxy/s3token.pp
@@ -20,6 +20,63 @@
 #   (optional) The Keystone server uri
 #   Defaults to http://127.0.0.1:5000
 #
+# [*reseller_prefix*]
+#   Prefix that will be prepended to the project to
+#   form the account
+#   Default to 'AUTH_'
+#
+# [*delay_auth_decision*]
+#   Enable downstream WSGI components to decide the
+#   validation of s3-style requests.
+#   Default to False
+#
+# [*http_timeout*]
+#   Connection timeout to be used during communicating
+#   with Keystone
+#   Default to $::os_service_default
+#
+# [*secret_cache_duration*]
+#   The number of seconds that secrets can be cached.
+#   Set this to some number greater than zero to enable
+#   caching, which will help to reduce latency for the
+#   client and load on Keystone.
+#   Default to 0
+#
+# [*auth_url*]
+#   (Optional) Keystone credentials used for secret caching
+#   The URL to use for authentication.
+#   Defaults to 'http://127.0.0.1:5000'
+#
+# [*auth_type*]
+#   (Optional) Keystone credentials used for secret caching
+#   The plugin for authentication
+#   Defaults to password
+#
+# [*username*]
+#   (Optional) Keystone credentials used for secret caching
+#   The name of the service user
+#   Defaults to swift
+#
+# [*password*]
+#   (Optional) Keystone credentials used for secret caching
+#   The password for the user
+#   Defaults to password
+#
+# [*project_name*]
+#   (Optional) Keystone credentials used for secret caching
+#   Service project name
+#   Defaults to services
+#
+# [*project_domain_id*]
+#   (Optional) Keystone credentials used for secret caching
+#   id of domain for $project_name
+#   Defaults to default
+#
+# [*user_domain_id*]
+#   (Optional) Keystone credentials used for secret caching
+#   id of domain for $username
+#   Defaults to default
+#
 # == Dependencies
 #
 # == Examples
@@ -33,10 +90,21 @@
 # Copyright 2012 eNovance licensing@enovance.com
 #
 class swift::proxy::s3token(
-  $auth_host = undef,
-  $auth_port = undef,
-  $auth_protocol = undef,
-  $auth_uri = 'http://127.0.0.1:5000'
+  $auth_host             = undef,
+  $auth_port             = undef,
+  $auth_protocol         = undef,
+  $auth_uri              = 'http://127.0.0.1:5000',
+  $reseller_prefix       = 'AUTH_',
+  $delay_auth_decision   = false,
+  $http_timeout          = $::os_service_default,
+  $secret_cache_duration = 0,
+  $auth_url              = 'http://127.0.0.1:5000',
+  $auth_type             = 'password',
+  $username              = 'swift',
+  $password              = 'password',
+  $project_name          = 'services',
+  $project_domain_id     = 'default',
+  $user_domain_id        = 'default'
 ) {
 
   include swift::deps
@@ -49,9 +117,19 @@ class swift::proxy::s3token(
   }
 
 
-
   swift_proxy_config {
-    'filter:s3token/use':                  value => 'egg:swift#s3token';
-    'filter:s3token/auth_uri':             value => $auth_uri_real;
+    'filter:s3token/use':                   value => 'egg:swift#s3token';
+    'filter:s3token/auth_uri':              value => $auth_uri_real;
+    'filter:s3token/reseller_prefix':       value => $reseller_prefix;
+    'filter:s3token/delay_auth_decision':   value => $delay_auth_decision;
+    'filter:s3token/http_timeout':          value => $http_timeout;
+    'filter:s3token/secret_cache_duration': value => $secret_cache_duration;
+    'filter:s3token/auth_url':              value => $auth_url;
+    'filter:s3token/auth_type':             value => $auth_type;
+    'filter:s3token/username':              value => $username;
+    'filter:s3token/password':              value => $password;
+    'filter:s3token/project_name':          value => $project_name;
+    'filter:s3token/project_domain_id':     value => $project_domain_id;
+    'filter:s3token/user_domain_id':        value => $user_domain_id;
   }
 }
diff --git a/releasenotes/notes/add_s3token_params-89215880c6e2507a.yaml b/releasenotes/notes/add_s3token_params-89215880c6e2507a.yaml
new file mode 100644
index 00000000..2f6a66f3
--- /dev/null
+++ b/releasenotes/notes/add_s3token_params-89215880c6e2507a.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    For s3token class, add more parameters: reseller_prefix, delay_auth_decision, http_timeout,
+    secret_cache_duration, and keystone credential parameters used for secret caching: auth_uri,
+    auth_type, username, password, project_name, project_domain_id, user_domain_id
diff --git a/spec/classes/swift_proxy_s3token_spec.rb b/spec/classes/swift_proxy_s3token_spec.rb
index 9b2c274f..168c3e24 100644
--- a/spec/classes/swift_proxy_s3token_spec.rb
+++ b/spec/classes/swift_proxy_s3token_spec.rb
@@ -5,6 +5,18 @@ describe 'swift::proxy::s3token' do
     describe "when using default parameters" do
       it { is_expected.to contain_swift_proxy_config('filter:s3token/use').with_value('egg:swift#s3token') }
       it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_uri').with_value('http://127.0.0.1:5000') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/reseller_prefix').with_value('AUTH_') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/delay_auth_decision').with_value('false') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/http_timeout').with_value('<SERVICE DEFAULT>') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/secret_cache_duration').with_value('0') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_url').with_value('http://127.0.0.1:5000') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_type').with_value('password') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/username').with_value('swift') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/password').with_value('password') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/project_name').with_value('services') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/project_domain_id').with_value('default') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/user_domain_id').with_value('default') }
+
     end
 
     describe "when overriding default parameters" do
@@ -22,11 +34,34 @@ describe 'swift::proxy::s3token' do
     describe "when overriding default parameters" do
       let :params do
         {
-          :auth_uri => 'http://192.168.24.11:5000'
+          :auth_uri               => 'http://192.168.24.11:5000',
+          :reseller_prefix        => 'SWIFT_',
+          :delay_auth_decision    => true,
+          :http_timeout           => '5',
+          :secret_cache_duration  => '10',
+          :auth_url               => 'http://192.168.24.11:5000',
+          :auth_type              => 'password',
+          :username               => 'swift',
+          :password               => 'swift',
+          :project_name           => 'admin',
+          :project_domain_id      => '12345',
+          :user_domain_id         => '12345'
+
         }
       end
 
       it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_uri').with_value('http://192.168.24.11:5000') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/reseller_prefix').with_value('SWIFT_') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/delay_auth_decision').with_value('true') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/http_timeout').with_value('5') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/secret_cache_duration').with_value('10') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_url').with_value('http://192.168.24.11:5000') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_type').with_value('password') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/username').with_value('swift') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/password').with_value('swift') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/project_name').with_value('admin') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/project_domain_id').with_value('12345') }
+      it { is_expected.to contain_swift_proxy_config('filter:s3token/user_domain_id').with_value('12345') }
     end
   end