swift-dsvm: Enable s3api

Depends-On: https://review.opendev.org/#/c/571021/
Change-Id: I3ac3288cd61b745ce7dbf2bded8eade026d0418f

2 files changed, 96 insertions, 4 deletions

diff --git a/roles/additional-keystone-users/tasks/main.yaml b/roles/additional-keystone-users/tasks/main.yaml
new file mode 100644
index 000000000..3e2b01342
--- /dev/null
+++ b/roles/additional-keystone-users/tasks/main.yaml
@@ -0,0 +1,61 @@
+- name: Set S3 endpoint
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_storage_url
+    value: http://localhost:8080
+  become: true
+
+- name: Create primary S3 user
+  shell: >
+    openstack --os-auth-url http://localhost/identity
+    --os-project-domain-id default --os-project-name admin
+    --os-user-domain-id default --os-username admin
+    --os-password secretadmin
+    credential create --type ec2 --project swiftprojecttest1 swiftusertest1
+    '{"access": "s3-user1", "secret": "s3-secret1"}'
+- name: Add primary S3 user to test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_access_key
+    value: s3-user1
+  become: true
+- name: Add primary S3 user secret to test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_secret_key
+    value: s3-secret1
+  become: true
+
+- name: Clear secondary S3 user from test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_access_key2
+    value: ""
+  become: true
+
+- name: Create restricted S3 user
+  shell: >
+    openstack --os-auth-url http://localhost/identity
+    --os-project-domain-id default --os-project-name admin
+    --os-user-domain-id default --os-username admin
+    --os-password secretadmin
+    credential create --type ec2 --project swiftprojecttest1 swiftusertest3
+    '{"access": "s3-user3", "secret": "s3-secret3"}'
+- name: Add restricted S3 user to test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_access_key3
+    value: s3-user3
+  become: true
+- name: Add restricted S3 user secret to test.conf
+  ini_file:
+    path: /etc/swift/test.conf
+    section: func_test
+    option: s3_secret_key3
+    value: s3-secret3
+  become: true
diff --git a/roles/dsvm-additional-middlewares/tasks/main.yaml b/roles/dsvm-additional-middlewares/tasks/main.yaml
index f149e519f..66e186a3f 100644
--- a/roles/dsvm-additional-middlewares/tasks/main.yaml
+++ b/roles/dsvm-additional-middlewares/tasks/main.yaml
@@ -1,8 +1,15 @@
-- name: Add more middlewares to pipeline
+- name: Add domain_remap and etag-quoter to pipeline
   replace:
-      path: "/etc/swift/proxy-server.conf"
-      regexp: "cache listing_formats"
-      replace: "cache domain_remap etag-quoter listing_formats"
+    path: "/etc/swift/proxy-server.conf"
+    regexp: "cache listing_formats"
+    replace: "cache domain_remap etag-quoter listing_formats"
+  become: true
+
+- name: Add s3api and s3token to pipeline
+  replace:
+    path: "/etc/swift/proxy-server.conf"
+    regexp: "authtoken keystoneauth tempauth"
+    replace: "authtoken s3api s3token keystoneauth tempauth"
   become: true
 
 - name: Set domain_remap domain
@@ -29,6 +36,30 @@
     value: true
   become: true
 
+- name: Configure s3api force_swift_request_proxy_log
+  ini_file:
+    path: /etc/swift/proxy-server.conf
+    section: filter:s3api
+    option: force_swift_request_proxy_log
+    value: true
+  become: true
+
+- name: Configure s3token auth_uri
+  ini_file:
+    path: /etc/swift/proxy-server.conf
+    section: filter:s3token
+    option: auth_uri
+    value: http://localhost/identity/v3
+  become: true
+
+- name: Configure s3token delay_auth_decision
+  ini_file:
+    path: /etc/swift/proxy-server.conf
+    section: filter:s3token
+    option: delay_auth_decision
+    value: true
+  become: true
+
 - name: Copy ring for Policy-1
   copy:
     remote_src: true