Add support for the keystone_authtoken/service_type parameter

Change-Id: Idaac0ee4c2f41e0bb338ef027ec06052b78508ff
2020-10-15 15:44:22 +09:00 · 2020-10-15 15:44:22 +09:00 · 62f93b6fcd
commit 62f93b6fcd
parent 6604f5aa73
3 changed files with 15 additions and 0 deletions
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@ -181,6 +181,11 @@
 #   true/false
 #   Defaults to $::os_service_default.
 #
+# [*service_type*]
+#  (Optional) The name or type of the service as it appears in the service
+#  catalog. This is used to validate tokens that have restricted access rules.
+#  Defaults to $::os_service_default.
+#
 # [*interface*]
 #  (Optional) Interface to use for the Identity API endpoint. Valid values are
 #  "public", "internal" or "admin".
@ -221,6 +226,7 @@ class cinder::keystone::authtoken(
  $token_cache_time               = $::os_service_default,
  $service_token_roles            = $::os_service_default,
  $service_token_roles_required   = $::os_service_default,
+  $service_type                   = $::os_service_default,
  $interface                      = $::os_service_default,
 ) {

@ -265,6 +271,7 @@ class cinder::keystone::authtoken(
    token_cache_time               => $token_cache_time,
    service_token_roles            => $service_token_roles,
    service_token_roles_required   => $service_token_roles_required,
+    service_type                   => $service_type,
    interface                      => $interface,
  }
 }
--- a/releasenotes/notes/keystone-authtoken-service_type-c3963a3f6064050c.yaml
+++ b/releasenotes/notes/keystone-authtoken-service_type-c3963a3f6064050c.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``cinder::keystone::authtoken::service_type`` parameter has been
+    added to configure the service_type parameter in authtoken middleware.
--- a/spec/classes/cinder_keystone_authtoken_spec.rb
+++ b/spec/classes/cinder_keystone_authtoken_spec.rb
@ -43,6 +43,7 @@ describe 'cinder::keystone::authtoken' do
        is_expected.to contain_cinder_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_cinder_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_cinder_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cinder_config('keystone_authtoken/service_type').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_cinder_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
      end
    end
@ -84,6 +85,7 @@ describe 'cinder::keystone::authtoken' do
          :token_cache_time               => '301',
          :service_token_roles            => ['admin'],
          :service_token_roles_required   => true,
+          :service_type                   => 'identity',
          :interface                      => 'internal',
        })
      end
@ -122,6 +124,7 @@ describe 'cinder::keystone::authtoken' do
        is_expected.to contain_cinder_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
        is_expected.to contain_cinder_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
        is_expected.to contain_cinder_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
+        is_expected.to contain_cinder_config('keystone_authtoken/service_type').with_value(params[:service_type])
        is_expected.to contain_cinder_config('keystone_authtoken/interface').with_value(params[:interface])
      end