Browse Source

Service_token_roles_required missing in the server config file

Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: I654cf1564607f6c4ac47db0987d2a86e335a3f89
Closes-Bug: 1778198
tags/14.3.0
ZhongShengping 3 months ago
parent
commit
26abc42c2b

+ 8
- 0
manifests/keystone/authtoken.pp View File

@@ -161,6 +161,12 @@
161 161
 #   (in seconds). Set to -1 to disable caching completely. Integer value
162 162
 #   Defaults to $::os_service_default.
163 163
 #
164
+# [*service_token_roles_required*]
165
+#   (optional) backwards compatibility to ensure that the service tokens are
166
+#   compared against a list of possible roles for validity
167
+#   true/false
168
+#   Defaults to $::os_service_default.
169
+#
164 170
 # DEPRECATED PARAMETERS
165 171
 #
166 172
 # [*check_revocations_for_cached*]
@@ -213,6 +219,7 @@ class barbican::keystone::authtoken(
213 219
   $manage_memcache_package        = false,
214 220
   $region_name                    = $::os_service_default,
215 221
   $token_cache_time               = $::os_service_default,
222
+  $service_token_roles_required   = $::os_service_default,
216 223
   # DEPRECATED PARAMETERS
217 224
   $check_revocations_for_cached   = undef,
218 225
   $hash_algorithms                = undef,
@@ -265,5 +272,6 @@ class barbican::keystone::authtoken(
265 272
     manage_memcache_package        => $manage_memcache_package,
266 273
     region_name                    => $region_name,
267 274
     token_cache_time               => $token_cache_time,
275
+    service_token_roles_required   => $service_token_roles_required,
268 276
   }
269 277
 }

+ 5
- 0
releasenotes/notes/service_token_roles_required-97c9d8c94d9dbabd.yaml View File

@@ -0,0 +1,5 @@
1
+---
2
+features:
3
+  - Service_token_roles_required missing in the server config file which
4
+    allows backwards compatibility to ensure that the service tokens are
5
+    compared against a list of possible roles for validity.

+ 3
- 0
spec/classes/barbican_keystone_authtoken_spec.rb View File

@@ -61,6 +61,7 @@ describe 'barbican::keystone::authtoken' do
61 61
         is_expected.to contain_barbican_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
62 62
         is_expected.to contain_barbican_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
63 63
         is_expected.to contain_barbican_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
64
+        is_expected.to contain_barbican_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
64 65
       end
65 66
     end
66 67
 
@@ -99,6 +100,7 @@ describe 'barbican::keystone::authtoken' do
99 100
           :manage_memcache_package              => true,
100 101
           :region_name                          => 'region2',
101 102
           :token_cache_time                     => '301',
103
+          :service_token_roles_required         => false,
102 104
         })
103 105
       end
104 106
 
@@ -134,6 +136,7 @@ describe 'barbican::keystone::authtoken' do
134 136
         is_expected.to contain_barbican_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
135 137
         is_expected.to contain_barbican_config('keystone_authtoken/region_name').with_value(params[:region_name])
136 138
         is_expected.to contain_barbican_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
139
+        is_expected.to contain_barbican_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
137 140
       end
138 141
 
139 142
       it 'installs python memcache package' do

Loading…
Cancel
Save