At the moment both swift user and group IDs are not fixed in puppet, this means that their assigned IDs depend on package installation order. This in turn makes it clunky to do a reimage/reinstall while keeping the data disks intact. After reinstall the uid/gid in passwd are not guaranteed to match what's on the data disk filesystem.
The plan is thus to first fix the swift user/group uid/gid before puppet runs, then once the fleet is all at the same uid/gid we can let the 'admin' module create the user/group as needed. The UID/GID reserved for swift is 902, see also https://gerrit.wikimedia.org/r/c/operations/puppet/+/575217