Browse Source

Service_token_roles_required missing in the server config file

Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: Ic8e5badec98f5d14e71a36d303f9a7f01962f1d3
Closes-Bug: 1778198
tags/14.3.0
ZhongShengping 4 months ago
parent
commit
f51903716f

+ 8
- 0
manifests/keystone/authtoken.pp View File

@@ -165,6 +165,12 @@
165 165
 #  (in seconds). Set to -1 to disable caching completely. Integer value
166 166
 #  Defaults to $::os_service_default.
167 167
 #
168
+# [*service_token_roles_required*]
169
+#   (optional) backwards compatibility to ensure that the service tokens are
170
+#   compared against a list of possible roles for validity
171
+#   true/false
172
+#   Defaults to $::os_service_default.
173
+#
168 174
 # DEPRECATED PARAMETERS
169 175
 #
170 176
 # [*check_revocations_for_cached*]
@@ -218,6 +224,7 @@ class cinder::keystone::authtoken(
218 224
   $manage_memcache_package        = false,
219 225
   $region_name                    = $::os_service_default,
220 226
   $token_cache_time               = $::os_service_default,
227
+  $service_token_roles_required   = $::os_service_default,
221 228
   # DEPRECATED PARAMETERS
222 229
   $check_revocations_for_cached   = undef,
223 230
   $hash_algorithms                = undef,
@@ -270,5 +277,6 @@ class cinder::keystone::authtoken(
270 277
     manage_memcache_package        => $manage_memcache_package,
271 278
     region_name                    => $region_name,
272 279
     token_cache_time               => $token_cache_time,
280
+    service_token_roles_required   => $service_token_roles_required,
273 281
   }
274 282
 }

+ 5
- 0
releasenotes/notes/service_token_roles_required-92618e63dceeb2bd.yaml View File

@@ -0,0 +1,5 @@
1
+---
2
+features:
3
+  - Service_token_roles_required missing in the server config file which
4
+    allows backwards compatibility to ensure that the service tokens are
5
+    compared against a list of possible roles for validity.

+ 3
- 0
spec/classes/cinder_keystone_authtoken_spec.rb View File

@@ -41,6 +41,7 @@ describe 'cinder::keystone::authtoken' do
41 41
         is_expected.to contain_cinder_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
42 42
         is_expected.to contain_cinder_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
43 43
         is_expected.to contain_cinder_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
44
+        is_expected.to contain_cinder_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
44 45
       end
45 46
     end
46 47
 
@@ -79,6 +80,7 @@ describe 'cinder::keystone::authtoken' do
79 80
           :manage_memcache_package              => true,
80 81
           :region_name                          => 'region2',
81 82
           :token_cache_time                     => '301',
83
+          :service_token_roles_required         => false,
82 84
         })
83 85
       end
84 86
 
@@ -114,6 +116,7 @@ describe 'cinder::keystone::authtoken' do
114 116
         is_expected.to contain_cinder_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
115 117
         is_expected.to contain_cinder_config('keystone_authtoken/region_name').with_value(params[:region_name])
116 118
         is_expected.to contain_cinder_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
119
+        is_expected.to contain_cinder_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
117 120
       end
118 121
 
119 122
       it 'installs python memcache package' do

Loading…
Cancel
Save