From 6f833db0a22ff1f012cbd3e493fa760a2ab49ea6 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Mon, 12 Oct 2020 14:04:26 +0900
Subject: [PATCH] Use a 'params' hash for authtoken parameters

This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].

[1] 5c38281e1b698f157f03bf1815733277c541c30b

Change-Id: I1ee5f6f36dce3429261b77a4c91b4732ced4a591
---
 manifests/keystone/authtoken.pp               | 82 ++++++++++---------
 .../barbican_keystone_authtoken_spec.rb       | 13 +++
 2 files changed, 58 insertions(+), 37 deletions(-)

diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp
index 0d76ba52..4faacdbd 100644
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@@ -187,6 +187,10 @@
 #  "public", "internal" or "admin".
 #  Defaults to $::os_service_default.
 #
+# [*params*]
+#  (Optional) Hash of additional parameters to pass through to the keystone
+#  authtoken class. Values set here override the individual parameters above.
+#
 class barbican::keystone::authtoken(
   $password                       = $::os_service_default,
   $username                       = 'barbican',
@@ -224,6 +228,7 @@ class barbican::keystone::authtoken(
   $service_token_roles_required   = $::os_service_default,
   $service_type                   = $::os_service_default,
   $interface                      = $::os_service_default,
+  $params                         = {},
 ) {
 
   include barbican::deps
@@ -232,42 +237,45 @@ class barbican::keystone::authtoken(
     fail('Please set password for barbican service user')
   }
 
-  keystone::resource::authtoken { 'barbican_config':
-    username                       => $username,
-    password                       => $password,
-    project_name                   => $project_name,
-    auth_url                       => $auth_url,
-    www_authenticate_uri           => $www_authenticate_uri,
-    auth_version                   => $auth_version,
-    auth_type                      => $auth_type,
-    auth_section                   => $auth_section,
-    user_domain_name               => $user_domain_name,
-    project_domain_name            => $project_domain_name,
-    insecure                       => $insecure,
-    cache                          => $cache,
-    cafile                         => $cafile,
-    certfile                       => $certfile,
-    delay_auth_decision            => $delay_auth_decision,
-    enforce_token_bind             => $enforce_token_bind,
-    http_connect_timeout           => $http_connect_timeout,
-    http_request_max_retries       => $http_request_max_retries,
-    include_service_catalog        => $include_service_catalog,
-    keyfile                        => $keyfile,
-    memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
-    memcache_pool_dead_retry       => $memcache_pool_dead_retry,
-    memcache_pool_maxsize          => $memcache_pool_maxsize,
-    memcache_pool_socket_timeout   => $memcache_pool_socket_timeout,
-    memcache_secret_key            => $memcache_secret_key,
-    memcache_security_strategy     => $memcache_security_strategy,
-    memcache_use_advanced_pool     => $memcache_use_advanced_pool,
-    memcache_pool_unused_timeout   => $memcache_pool_unused_timeout,
-    memcached_servers              => $memcached_servers,
-    manage_memcache_package        => $manage_memcache_package,
-    region_name                    => $region_name,
-    token_cache_time               => $token_cache_time,
-    service_token_roles            => $service_token_roles,
-    service_token_roles_required   => $service_token_roles_required,
-    service_type                   => $service_type,
-    interface                      => $interface,
+  keystone::resource::authtoken {
+    'barbican_config':
+      *                              => $params;
+    default:
+      username                       => $username,
+      password                       => $password,
+      project_name                   => $project_name,
+      auth_url                       => $auth_url,
+      www_authenticate_uri           => $www_authenticate_uri,
+      auth_version                   => $auth_version,
+      auth_type                      => $auth_type,
+      auth_section                   => $auth_section,
+      user_domain_name               => $user_domain_name,
+      project_domain_name            => $project_domain_name,
+      insecure                       => $insecure,
+      cache                          => $cache,
+      cafile                         => $cafile,
+      certfile                       => $certfile,
+      delay_auth_decision            => $delay_auth_decision,
+      enforce_token_bind             => $enforce_token_bind,
+      http_connect_timeout           => $http_connect_timeout,
+      http_request_max_retries       => $http_request_max_retries,
+      include_service_catalog        => $include_service_catalog,
+      keyfile                        => $keyfile,
+      memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
+      memcache_pool_dead_retry       => $memcache_pool_dead_retry,
+      memcache_pool_maxsize          => $memcache_pool_maxsize,
+      memcache_pool_socket_timeout   => $memcache_pool_socket_timeout,
+      memcache_secret_key            => $memcache_secret_key,
+      memcache_security_strategy     => $memcache_security_strategy,
+      memcache_use_advanced_pool     => $memcache_use_advanced_pool,
+      memcache_pool_unused_timeout   => $memcache_pool_unused_timeout,
+      memcached_servers              => $memcached_servers,
+      manage_memcache_package        => $manage_memcache_package,
+      region_name                    => $region_name,
+      token_cache_time               => $token_cache_time,
+      service_token_roles            => $service_token_roles,
+      service_token_roles_required   => $service_token_roles_required,
+      service_type                   => $service_type,
+      interface                      => $interface;
   }
 }
diff --git a/spec/classes/barbican_keystone_authtoken_spec.rb b/spec/classes/barbican_keystone_authtoken_spec.rb
index e5417ca2..ccb89201 100644
--- a/spec/classes/barbican_keystone_authtoken_spec.rb
+++ b/spec/classes/barbican_keystone_authtoken_spec.rb
@@ -152,6 +152,19 @@ describe 'barbican::keystone::authtoken' do
         is_expected.to contain_package('python-memcache')
       end
     end
+
+    context 'when overriding parameters via params hash' do
+      before do
+        params.merge!({
+          :username => 'myuser',
+          :params   => { 'username' => 'myotheruser' },
+        })
+      end
+
+      it 'configure keystone_authtoken' do
+        is_expected.to contain_barbican_config('keystone_authtoken/username').with_value(params[:params]['username'])
+      end
+    end
   end
 
   on_supported_os({