diff --git a/manifests/rgw/keystone.pp b/manifests/rgw/keystone.pp index 0cab34ad..27137181 100644 --- a/manifests/rgw/keystone.pp +++ b/manifests/rgw/keystone.pp @@ -49,6 +49,10 @@ # Comma separated list of roles. # Defaults to 'member' # +# [*rgw_keystone_accepted_admin_roles*] +# (Optional) List of roles allowing user to gain admin privileges. +# Defaults to 'admin' +# # [*rgw_keystone_token_cache_size*] # (Optional) How many tokens to keep cached. # Defaults to 500 @@ -66,11 +70,12 @@ define ceph::rgw::keystone ( $rgw_keystone_admin_project, $rgw_keystone_admin_user, $rgw_keystone_admin_password, - $rgw_keystone_url = 'http://127.0.0.1:5000', - $rgw_keystone_accepted_roles = 'member', - $rgw_keystone_token_cache_size = 500, - $rgw_s3_auth_use_keystone = true, - $rgw_keystone_implicit_tenants = true, + $rgw_keystone_url = 'http://127.0.0.1:5000', + $rgw_keystone_accepted_roles = 'member', + $rgw_keystone_accepted_admin_roles = 'admin', + $rgw_keystone_token_cache_size = 500, + $rgw_s3_auth_use_keystone = true, + $rgw_keystone_implicit_tenants = true, ) { unless $name =~ /^radosgw\..+/ { @@ -78,11 +83,12 @@ define ceph::rgw::keystone ( } ceph_config { - "client.${name}/rgw_keystone_url": value => $rgw_keystone_url; - "client.${name}/rgw_keystone_accepted_roles": value => join(any2array($rgw_keystone_accepted_roles), ','); - "client.${name}/rgw_keystone_token_cache_size": value => $rgw_keystone_token_cache_size; - "client.${name}/rgw_s3_auth_use_keystone": value => $rgw_s3_auth_use_keystone; - "client.${name}/rgw_keystone_implicit_tenants": value => $rgw_keystone_implicit_tenants; + "client.${name}/rgw_keystone_url": value => $rgw_keystone_url; + "client.${name}/rgw_keystone_accepted_roles": value => join(any2array($rgw_keystone_accepted_roles), ','); + "client.${name}/rgw_keystone_accepted_admin_roles": value => join(any2array($rgw_keystone_accepted_admin_roles), ','); + "client.${name}/rgw_keystone_token_cache_size": value => $rgw_keystone_token_cache_size; + "client.${name}/rgw_s3_auth_use_keystone": value => $rgw_s3_auth_use_keystone; + "client.${name}/rgw_keystone_implicit_tenants": value => $rgw_keystone_implicit_tenants; } ceph_config { diff --git a/releasenotes/notes/rgw_keystone_accepted_admin_roles-1e41fbdb47c30910.yaml b/releasenotes/notes/rgw_keystone_accepted_admin_roles-1e41fbdb47c30910.yaml new file mode 100644 index 00000000..a1bf2ca0 --- /dev/null +++ b/releasenotes/notes/rgw_keystone_accepted_admin_roles-1e41fbdb47c30910.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The new ``rgw::keystone::rgw_keystone_accepted_admin_roles`` parameter has + been added. diff --git a/spec/defines/ceph_rgw_keystone_spec.rb b/spec/defines/ceph_rgw_keystone_spec.rb index 210532ca..a594b5fc 100644 --- a/spec/defines/ceph_rgw_keystone_spec.rb +++ b/spec/defines/ceph_rgw_keystone_spec.rb @@ -49,6 +49,7 @@ describe 'ceph::rgw::keystone' do it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456').with_secret(true) } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://127.0.0.1:5000') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_accepted_roles').with_value('member') } + it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_accepted_admin_roles').with_value('admin') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_token_cache_size').with_value(500) } it { should contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_implicit_tenants').with_value(true) } @@ -68,15 +69,16 @@ describe 'ceph::rgw::keystone' do let :params do { - :rgw_keystone_admin_domain => 'default', - :rgw_keystone_admin_project => 'openstack', - :rgw_keystone_admin_user => 'rgwuser', - :rgw_keystone_admin_password => '123456', - :rgw_keystone_url => 'http://keystone.custom:5000', - :rgw_keystone_accepted_roles => '_role1_,role2', - :rgw_keystone_token_cache_size => 100, - :rgw_s3_auth_use_keystone => false, - :rgw_keystone_implicit_tenants => false, + :rgw_keystone_admin_domain => 'default', + :rgw_keystone_admin_project => 'openstack', + :rgw_keystone_admin_user => 'rgwuser', + :rgw_keystone_admin_password => '123456', + :rgw_keystone_url => 'http://keystone.custom:5000', + :rgw_keystone_accepted_roles => ['member', 'admin'], + :rgw_keystone_accepted_admin_roles => ['ResellerAdmin', 'admin'], + :rgw_keystone_token_cache_size => 100, + :rgw_s3_auth_use_keystone => false, + :rgw_keystone_implicit_tenants => false, } end @@ -86,7 +88,8 @@ describe 'ceph::rgw::keystone' do it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_user').with_value('rgwuser') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_password').with_value('123456').with_secret(true) } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_url').with_value('http://keystone.custom:5000') } - it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_roles').with_value('_role1_,role2') } + it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_roles').with_value('member,admin') } + it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_admin_roles').with_value('ResellerAdmin,admin') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_token_cache_size').with_value(100) } it { should contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_implicit_tenants').with_value(false) }