Merge "Add support for rgw_keystone_accepted_admin_roles"

manifests/rgw/keystone.pp

@@ -49,6 +49,10 @@
 #   Comma separated list of roles.
 #   Defaults to 'member'
 #
+# [*rgw_keystone_accepted_admin_roles*]
+#   (Optional) List of roles allowing user to gain admin privileges.
+#   Defaults to 'admin'
+#
 # [*rgw_keystone_token_cache_size*]
 #   (Optional) How many tokens to keep cached.
 #   Defaults to 500
@@ -66,11 +70,12 @@ define ceph::rgw::keystone (
   $rgw_keystone_admin_project,
   $rgw_keystone_admin_user,
   $rgw_keystone_admin_password,
-  $rgw_keystone_url                 = 'http://127.0.0.1:5000',
-  $rgw_keystone_accepted_roles      = 'member',
-  $rgw_keystone_token_cache_size    = 500,
-  $rgw_s3_auth_use_keystone         = true,
-  $rgw_keystone_implicit_tenants    = true,
+  $rgw_keystone_url                  = 'http://127.0.0.1:5000',
+  $rgw_keystone_accepted_roles       = 'member',
+  $rgw_keystone_accepted_admin_roles = 'admin',
+  $rgw_keystone_token_cache_size     = 500,
+  $rgw_s3_auth_use_keystone          = true,
+  $rgw_keystone_implicit_tenants     = true,
 ) {
 
   unless $name =~ /^radosgw\..+/ {
@@ -78,11 +83,12 @@ define ceph::rgw::keystone (
   }
 
   ceph_config {
-    "client.${name}/rgw_keystone_url":              value => $rgw_keystone_url;
-    "client.${name}/rgw_keystone_accepted_roles":   value => join(any2array($rgw_keystone_accepted_roles), ',');
-    "client.${name}/rgw_keystone_token_cache_size": value => $rgw_keystone_token_cache_size;
-    "client.${name}/rgw_s3_auth_use_keystone":      value => $rgw_s3_auth_use_keystone;
-    "client.${name}/rgw_keystone_implicit_tenants": value => $rgw_keystone_implicit_tenants;
+    "client.${name}/rgw_keystone_url":                  value => $rgw_keystone_url;
+    "client.${name}/rgw_keystone_accepted_roles":       value => join(any2array($rgw_keystone_accepted_roles), ',');
+    "client.${name}/rgw_keystone_accepted_admin_roles": value => join(any2array($rgw_keystone_accepted_admin_roles), ',');
+    "client.${name}/rgw_keystone_token_cache_size":     value => $rgw_keystone_token_cache_size;
+    "client.${name}/rgw_s3_auth_use_keystone":          value => $rgw_s3_auth_use_keystone;
+    "client.${name}/rgw_keystone_implicit_tenants":     value => $rgw_keystone_implicit_tenants;
   }
 
   ceph_config {

releasenotes/notes/rgw_keystone_accepted_admin_roles-1e41fbdb47c30910.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``rgw::keystone::rgw_keystone_accepted_admin_roles`` parameter has
+    been added.

spec/defines/ceph_rgw_keystone_spec.rb

@@ -49,6 +49,7 @@ describe 'ceph::rgw::keystone' do
       it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456').with_secret(true) }
       it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://127.0.0.1:5000') }
       it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_accepted_roles').with_value('member') }
+      it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_accepted_admin_roles').with_value('admin') }
       it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_token_cache_size').with_value(500) }
       it { should contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) }
       it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_implicit_tenants').with_value(true) }
@@ -68,15 +69,16 @@ describe 'ceph::rgw::keystone' do
 
       let :params do
         {
-          :rgw_keystone_admin_domain     => 'default',
-          :rgw_keystone_admin_project    => 'openstack',
-          :rgw_keystone_admin_user       => 'rgwuser',
-          :rgw_keystone_admin_password   => '123456',
-          :rgw_keystone_url              => 'http://keystone.custom:5000',
-          :rgw_keystone_accepted_roles   => '_role1_,role2',
-          :rgw_keystone_token_cache_size => 100,
-          :rgw_s3_auth_use_keystone      => false,
-          :rgw_keystone_implicit_tenants => false,
+          :rgw_keystone_admin_domain         => 'default',
+          :rgw_keystone_admin_project        => 'openstack',
+          :rgw_keystone_admin_user           => 'rgwuser',
+          :rgw_keystone_admin_password       => '123456',
+          :rgw_keystone_url                  => 'http://keystone.custom:5000',
+          :rgw_keystone_accepted_roles       => ['member', 'admin'],
+          :rgw_keystone_accepted_admin_roles => ['ResellerAdmin', 'admin'],
+          :rgw_keystone_token_cache_size     => 100,
+          :rgw_s3_auth_use_keystone          => false,
+          :rgw_keystone_implicit_tenants     => false,
         }
       end
 
@@ -86,7 +88,8 @@ describe 'ceph::rgw::keystone' do
       it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_user').with_value('rgwuser') }
       it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_password').with_value('123456').with_secret(true) }
       it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_url').with_value('http://keystone.custom:5000') }
-      it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_roles').with_value('_role1_,role2') }
+      it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_roles').with_value('member,admin') }
+      it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_admin_roles').with_value('ResellerAdmin,admin') }
       it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_token_cache_size').with_value(100) }
       it { should contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) }
       it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_implicit_tenants').with_value(false) }