Fix authtoken

- Fix doc in authtoken class - Fix metadata dependencies Change-Id: I8a9c664b8de3f831efe5cf6890e51e8c9616941c
2016-08-27 00:54:13 -03:00 · 2016-08-27 00:54:13 -03:00 · 7344155a5b
parent f80ddcf328
commit 7344155a5b
2 changed files with 101 additions and 106 deletions
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@ -28,166 +28,161 @@
 #   Defaults to $::os_service_default
 #
 # [*insecure*]
-#  (Optional) If true, explicitly allow TLS without checking server cert
-#  against any certificate authorities.  WARNING: not recommended.  Use with
-#  caution.
-#  Defaults to $:os_service_default
+#   (Optional) If true, explicitly allow TLS without checking server cert
+#   against any certificate authorities.  WARNING: not recommended.  Use with
+#   caution.
+#   Defaults to $:os_service_default
 #
 # [*auth_section*]
-#  (Optional) Config Section from which to load plugin specific options
-#  Defaults to $::os_service_default.
+#   (Optional) Config Section from which to load plugin specific options
+#   Defaults to $::os_service_default.
 #
 # [*auth_type*]
-#  (Optional) Authentication type to load
-#  Defaults to 'password'
+#   (Optional) Authentication type to load
+#   Defaults to 'password'
 #
 # [*auth_uri*]
-#  (Optional) Complete public Identity API endpoint.
-#  Defaults to 'http://localhost:5000'
+#   (Optional) Complete public Identity API endpoint.
+#   Defaults to 'http://localhost:5000'
 #
 # [*auth_version*]
-#  (Optional) API version of the admin Identity API endpoint.
-#  Defaults to $::os_service_default.
+#   (Optional) API version of the admin Identity API endpoint.
+#   Defaults to $::os_service_default.
 #
 # [*cache*]
-#  (Optional) Env key for the swift cache.
-#  Defaults to $::os_service_default.
+#   (Optional) Env key for the swift cache.
+#   Defaults to $::os_service_default.
 #
 # [*cafile*]
-#  (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
-#  connections.
-#  Defaults to $::os_service_default.
+#   (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
+#   connections.
+#   Defaults to $::os_service_default.
 #
 # [*certfile*]
-#  (Optional) Required if identity server requires client certificate
-#  Defaults to $::os_service_default.
+#   (Optional) Required if identity server requires client certificate
+#   Defaults to $::os_service_default.
 #
 # [*check_revocations_for_cached*]
-#  (Optional) If true, the revocation list will be checked for cached tokens.
-#  This requires that PKI tokens are configured on the identity server.
-#  boolean value.
-#  Defaults to $::os_service_default.
+#   (Optional) If true, the revocation list will be checked for cached tokens.
+#   This requires that PKI tokens are configured on the identity server.
+#   boolean value.
+#   Defaults to $::os_service_default.
 #
 # [*delay_auth_decision*]
-#  (Optional) Do not handle authorization requests within the middleware, but
-#  delegate the authorization decision to downstream WSGI components. Boolean
-#  value
-#  Defaults to $::os_service_default.
+#   (Optional) Do not handle authorization requests within the middleware, but
+#   delegate the authorization decision to downstream WSGI components. Boolean
+#   value
+#   Defaults to $::os_service_default.
 #
 # [*enforce_token_bind*]
-#  (Optional) Used to control the use and type of token binding. Can be set
-#  to: "disabled" to not check token binding. "permissive" (default) to
-#  validate binding information if the bind type is of a form known to the
-#  server and ignore it if not. "strict" like "permissive" but if the bind
-#  type is unknown the token will be rejected. "required" any form of token
-#  binding is needed to be allowed. Finally the name of a binding method that
-#  must be present in tokens. String value.
-#  Defaults to $::os_service_default.
+#   (Optional) Used to control the use and type of token binding. Can be set
+#   to: "disabled" to not check token binding. "permissive" (default) to
+#   validate binding information if the bind type is of a form known to the
+#   server and ignore it if not. "strict" like "permissive" but if the bind
+#   type is unknown the token will be rejected. "required" any form of token
+#   binding is needed to be allowed. Finally the name of a binding method that
+#   must be present in tokens. String value.
+#   Defaults to $::os_service_default.
 #
 # [*hash_algorithms*]
-#  (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
-#  single algorithm or multiple. The algorithms are those supported by Python
-#  standard hashlib.new(). The hashes will be tried in the order given, so put
-#  the preferred one first for performance. The result of the first hash will
-#  be stored in the cache. This will typically be set to multiple values only
-#  while migrating from a less secure algorithm to a more secure one. Once all
-#  the old tokens are expired this option should be set to a single value for
-#  better performance. List value.
-#  Defaults to $::os_service_default.
+#   (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
+#   single algorithm or multiple. The algorithms are those supported by Python
+#   standard hashlib.new(). The hashes will be tried in the order given, so put
+#   the preferred one first for performance. The result of the first hash will
+#   be stored in the cache. This will typically be set to multiple values only
+#   while migrating from a less secure algorithm to a more secure one. Once all
+#   the old tokens are expired this option should be set to a single value for
+#   better performance. List value.
+#   Defaults to $::os_service_default.
 #
 # [*http_connect_timeout*]
-#  (Optional) Request timeout value for communicating with Identity API
-#  server.
-#  Defaults to $::os_service_default.
+#   (Optional) Request timeout value for communicating with Identity API
+#   server.
+#   Defaults to $::os_service_default.
 #
 # [*http_request_max_retries*]
-#  (Optional) How many times are we trying to reconnect when communicating
-#  with Identity API Server. Integer value
-#  Defaults to $::os_service_default.
+#   (Optional) How many times are we trying to reconnect when communicating
+#   with Identity API Server. Integer value
+#   Defaults to $::os_service_default.
 #
 # [*include_service_catalog*]
-#  (Optional) Indicate whether to set the X-Service-Catalog header. If False,
-#  middleware will not ask for service catalog on token validation and will
-#  not
-#  set the X-Service-Catalog header. Boolean value.
-#  Defaults to $::os_service_default.
+#   (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+#   middleware will not ask for service catalog on token validation and will
+#   not set the X-Service-Catalog header. Boolean value.
+#   Defaults to $::os_service_default.
 #
 # [*keyfile*]
-#  (Optional) Required if identity server requires client certificate
-#  Defaults to $::os_service_default.
+#   (Optional) Required if identity server requires client certificate
+#   Defaults to $::os_service_default.
 #
 # [*memcache_pool_conn_get_timeout*]
-#  (Optional) Number of seconds that an operation will wait to get a memcached
-#  client connection from the pool. Integer value
-#  Defaults to $::os_service_default.
+#   (Optional) Number of seconds that an operation will wait to get a memcached
+#   client connection from the pool. Integer value
+#   Defaults to $::os_service_default.
 #
 # [*memcache_pool_dead_retry*]
-#  (Optional) Number of seconds memcached server is considered dead before it
-#  is tried again. Integer value
-#  Defaults to $::os_service_default.
+#   (Optional) Number of seconds memcached server is considered dead before it
+#   is tried again. Integer value
+#   Defaults to $::os_service_default.
 #
 # [*memcache_pool_maxsize*]
-#  (Optional) Maximum total number of open connections to every memcached
-#  server. Integer value
-#  Defaults to $::os_service_default.
+#   (Optional) Maximum total number of open connections to every memcached
+#   server. Integer value
+#   Defaults to $::os_service_default.
 #
 # [*memcache_pool_socket_timeout*]
-#  (Optional) Number of seconds a connection to memcached is held unused in
-#  the
-#  pool before it is closed. Integer value
-#  Defaults to $::os_service_default.
+#   (Optional) Number of seconds a connection to memcached is held unused in
+#   the pool before it is closed. Integer value
+#   Defaults to $::os_service_default.
 #
 # [*memcache_pool_unused_timeout*]
-#  (Optional) Number of seconds a connection to memcached is held unused in
-#  the
-#  pool before it is closed. Integer value
-#  Defaults to $::os_service_default.
+#   (Optional) Number of seconds a connection to memcached is held unused in
+#   the pool before it is closed. Integer value
+#   Defaults to $::os_service_default.
 #
 # [*memcache_secret_key*]
-#  (Optional, mandatory if memcache_security_strategy is defined) This string
-#  is used for key derivation.
-#  Defaults to $::os_service_default.
+#   (Optional, mandatory if memcache_security_strategy is defined) This string
+#   is used for key derivation.
+#   Defaults to $::os_service_default.
 #
 # [*memcache_security_strategy*]
-#  (Optional) If defined, indicate whether token data should be authenticated
-#  or
-#  authenticated and encrypted. If MAC, token data is authenticated (with
-#  HMAC)
-#  in the cache. If ENCRYPT, token data is encrypted and authenticated in the
-#  cache. If the value is not one of these options or empty, auth_token will
-#  raise an exception on initialization.
-#  Defaults to $::os_service_default.
+#   (Optional) If defined, indicate whether token data should be authenticated
+#   or authenticated and encrypted. If MAC, token data is authenticated (with
+#   HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+#   cache. If the value is not one of these options or empty, auth_token will
+#   raise an exception on initialization.
+#   Defaults to $::os_service_default.
 #
 # [*memcache_use_advanced_pool*]
-#  (Optional)  Use the advanced (eventlet safe) memcached client pool. The
-#  advanced pool will only work under python 2.x Boolean value
-#  Defaults to $::os_service_default.
+#   (Optional)  Use the advanced (eventlet safe) memcached client pool. The
+#   advanced pool will only work under python 2.x Boolean value
+#   Defaults to $::os_service_default.
 #
 # [*memcached_servers*]
-#  (Optional) Optionally specify a list of memcached server(s) to use for
-#  caching. If left undefined, tokens will instead be cached in-process.
-#  Defaults to $::os_service_default.
+#   (Optional) Optionally specify a list of memcached server(s) to use for
+#   caching. If left undefined, tokens will instead be cached in-process.
+#   Defaults to $::os_service_default.
 #
 # [*region_name*]
-#  (Optional) The region in which the identity server can be found.
-#  Defaults to $::os_service_default.
+#   (Optional) The region in which the identity server can be found.
+#   Defaults to $::os_service_default.
 #
 # [*revocation_cache_time*]
-#  (Optional) Determines the frequency at which the list of revoked tokens is
-#  retrieved from the Identity service (in seconds). A high number of
-#  revocation events combined with a low cache duration may significantly
-#  reduce performance. Only valid for PKI tokens. Integer value
-#  Defaults to $::os_service_default.
+#   (Optional) Determines the frequency at which the list of revoked tokens is
+#   retrieved from the Identity service (in seconds). A high number of
+#   revocation events combined with a low cache duration may significantly
+#   reduce performance. Only valid for PKI tokens. Integer value
+#   Defaults to $::os_service_default.
 #
 # [*signing_dir*]
-#  (Optional) Directory used to cache files related to PKI tokens.
-#  Defaults to $::os_service_default.
+#   (Optional) Directory used to cache files related to PKI tokens.
+#   Defaults to $::os_service_default.
 #
 # [*token_cache_time*]
-#  (Optional) In order to prevent excessive effort spent validating tokens,
-#  the middleware caches previously-seen tokens for a configurable duration
-#  (in seconds). Set to -1 to disable caching completely. Integer value
-#  Defaults to $::os_service_default.
+#   (Optional) In order to prevent excessive effort spent validating tokens,
+#   the middleware caches previously-seen tokens for a configurable duration
+#   (in seconds). Set to -1 to disable caching completely. Integer value
+#   Defaults to $::os_service_default.
 #
 class ec2api::keystone::authtoken(
  $password,
--- a/metadata.json
+++ b/metadata.json
@ -30,7 +30,7 @@
    { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" },
    { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.2.0 <5.0.0" },
    { "name": "openstack/openstacklib", "version_requirement": ">=9.1.0 <10.0.0" },
-    { "name": "openstack/keystone", "version_requirement": ">=9.1.0 <10.0.0"},
-    { "name": "openstack/oslo", "version_requirement": ">=9.1.0 <10.0.0" }
+    { "name": "openstack/keystone", "version_requirement": ">=9.2.0 <10.0.0"},
+    { "name": "openstack/oslo", "version_requirement": ">=9.2.0 <10.0.0" }
  ]
 }