Merge "Ability to define service_token_roles"
diff --git a/README.rst b/README.rst
index 9abb02c..261f234 100644
--- a/README.rst
+++ b/README.rst
@@ -640,6 +640,60 @@
           ceph_chunk_size: 134217728
           restore_discard_excess_bytes: false
 
+* Enable swift driver for cinder-backup service
+
+  .. code-block:: yaml
+
+   cinder:
+     controller:
+       backup:
+         engine: swift
+         swift:
+           driver: cinder.backup.drivers.swift
+           auth: per_user
+           auth_version: 3
+           block_size: 32768
+           object_size: 52428800
+           container: volumebackup
+           compression_algorithm: gzip
+           retry_attempts: 3
+           retry_backoff: 2
+           catalog_info: object-store:swift:internalURL
+           keystone_catalog_info: identity:Identity Service:publicURL
+           user: test
+           user_domain: localhost
+           key: AAAAAAAAAAA
+           tenant: admin
+           project_domain: localhost
+           project: service
+           enable_progress_timer: True
+           ca_cert_file: /etc/ssl/pki/ca.pem
+
+   cinder:
+     volume:
+       backup:
+         engine: swift
+         swift:
+           driver: cinder.backup.drivers.swift
+           auth: per_user
+           auth_version: 3
+           block_size: 32768
+           object_size: 52428800
+           container: volumebackup
+           compression_algorithm: gzip
+           retry_attempts: 3
+           retry_backoff: 2
+           catalog_info: object-store:swift:internalURL
+           keystone_catalog_info: identity:Identity Service:publicURL
+           user: test
+           user_domain: localhost
+           key: AAAAAAAAAAA
+           tenant: admin
+           project_domain: localhost
+           project: service
+           enable_progress_timer: True
+           ca_cert_file: /etc/ssl/pki/ca.pem
+
 * Auditing filter (CADF) enablement:
 
   .. code-block:: yaml
diff --git a/cinder/files/backup_backend/_swift.conf b/cinder/files/backup_backend/_swift.conf
new file mode 100644
index 0000000..ac20a4b
--- /dev/null
+++ b/cinder/files/backup_backend/_swift.conf
@@ -0,0 +1,110 @@
+{%- if _data.backup.swift is defined %}
+# Driver to use for backups. (string value)
+backup_driver = {{ _data.backup.swift.get('driver', 'cinder.backup.drivers.swift') }}
+
+# Swift authentication mechanism (per_user or single_user). (string value)
+# Possible values:
+# per_user - <No description provided>
+# single_user - <No description provided>
+backup_swift_auth = {{ _data.backup.swift.get('auth', 'per_user') }}
+
+# Swift authentication version. Specify "1" for auth 1.0, or "2" for auth 2.0
+# or "3" for auth 3.0 (string value)
+backup_swift_auth_version = {{ _data.backup.swift.get('auth_version', '3') }}
+
+# The size in bytes that changes are tracked for incremental backups.
+# backup_swift_object_size has to be multiple of backup_swift_block_size.
+# (integer value)
+backup_swift_block_size = {{ _data.backup.swift.get('block_size', '32768') }}
+
+# The size in bytes of Swift backup objects (integer value)
+backup_swift_object_size = {{ _data.backup.swift.get('object_size', '52428800') }}
+
+# The default Swift container to use (string value)
+backup_swift_container = {{ _data.backup.swift.get('container', 'volumebackup') }}
+
+# Compression algorithm (None to disable) (string value)
+# Possible values:
+# none - <No description provided>
+# off - <No description provided>
+# no - <No description provided>
+# zlib - <No description provided>
+# gzip - <No description provided>
+# bz2 - <No description provided>
+# bzip2 - <No description provided>
+backup_compression_algorithm = {{ _data.backup.swift.get('compression_algorithm', 'gzip') }}
+
+# The number of retries to make for Swift operations (integer value)
+backup_swift_retry_attempts = {{ _data.backup.swift.get('retry_attempts', '3') }}
+
+# The backoff time in seconds between Swift retries (integer value)
+backup_swift_retry_backoff = {{ _data.backup.swift.get('retry_backoff', '2') }}
+
+  {%- if _data.backup.swift.url is defined %}
+# The URL of the Swift endpoint (uri value)
+backup_swift_url = {{ _data.backup.swift.url }}
+  {%- else %}
+# Info to match when looking for swift in the service catalog. Format is:
+# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
+# Only used if backup_swift_url is unset (string value)
+swift_catalog_info = {{ _data.backup.swift.get('catalog_info', 'object-store:swift:internalURL') }}
+  {%- endif %}
+
+  {%- if _data.backup.swift.auth_url is defined %}
+# The URL of the Keystone endpoint (uri value)
+backup_swift_auth_url = {{ _data.backup.swift.auth_url }}
+  {%- else %}
+# Info to match when looking for keystone in the service catalog. Format is:
+# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
+# Only used if backup_swift_auth_url is unset (string value)
+keystone_catalog_info = {{ _data.backup.swift.get('keystone_catalog_info', 'identity:Identity Service:publicURL') }}
+  {%- endif %}
+
+  {%- if _data.backup.swift.user is defined %}
+# Swift user name (string value)
+backup_swift_user = {{ _data.backup.swift.user }}
+  {%- endif %}
+
+  {%- if _data.backup.swift.user_domain is defined %}
+# Swift user domain name. Required when connecting to an auth 3.0 system
+# (string value)
+backup_swift_user_domain = {{ _data.backup.swift.user_domain }}
+  {%- endif %}
+
+  {%- if _data.backup.swift.key is defined %}
+# Swift key for authentication (string value)
+backup_swift_key = {{ _data.backup.swift.key }}
+  {%- endif %}
+
+  {%- if _data.backup.swift.tenant is defined %}
+# Swift tenant/account name. Required when connecting to an auth 2.0 system
+# (string value)
+backup_swift_tenant = {{ _data.backup.swift.tenant }}
+  {%- endif %}
+
+  {%- if _data.backup.swift.project_domain is defined %}
+# Swift project domain name. Required when connecting to an auth 3.0 system
+# (string value)
+backup_swift_project_domain = {{ _data.backup.swift.project_domain }}
+  {%- endif %}
+
+  {%- if _data.backup.swift.project is defined %}
+# Swift project/account name. Required when connecting to an auth 3.0 system
+# (string value)
+backup_swift_project = {{ _data.backup.swift.project }}
+  {%- endif %}
+
+  {%- if _data.backup.swift.enable_progress_timer is defined %}
+# Enable or Disable the timer to send the periodic progress notifications to
+# Ceilometer when backing up the volume to the Swift backend storage. The
+# default value is True to enable the timer. (boolean value)
+backup_swift_enable_progress_timer = {{ _data.backup.swift.enable_progress_timer }}
+  {%- endif %}
+
+  {%- if _data.backup.swift.ca_cert_file is defined %}
+# Location of the CA certificate file to use for swift client requests. (string
+# value)
+backup_swift_ca_cert_file = {{ _data.backup.swift.ca_cert_file }}
+  {%- endif %}
+
+{%- endif %}
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index bb8315e..a4a65f0 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -99,6 +99,28 @@
     policy:
       'volume:delete': 'rule:admin_or_owner'
       'volume:extend':
+    backup:
+      engine: swift
+      swift:
+        driver: cinder.backup.drivers.swift
+        auth: per_user
+        auth_version: 3
+        block_size: 32768
+        object_size: 52428800
+        container: volumebackup
+        compression_algorithm: gzip
+        retry_attempts: 3
+        retry_backoff: 2
+        catalog_info: object-store:swift:internalURL
+        keystone_catalog_info: identity:Identity Service:publicURL
+        user: test
+        user_domain: localhost
+        key: AAAAAAAAAAA
+        tenant: admin
+        project_domain: localhost
+        project: service
+        enable_progress_timer: True
+        ca_cert_file: /etc/ssl/pki/ca.pem
 apache:
   server:
     enabled: true