Add support for the keystone_authtoken/service_type parameter

Change-Id: I95f6d260a1a07f5c2e933ce9ff8075acc232a5b3
2020-11-03 17:45:53 +09:00
parent fd6a963a70
commit 423036b73c
3 changed files with 15 additions and 0 deletions
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@@ -176,6 +176,11 @@
 #   true/false
 #   Defaults to $::os_service_default.
 #
+# [*service_type*]
+#  (Optional) The name or type of the service as it appears in the service
+#  catalog. This is used to validate tokens that have restricted access rules.
+#  Defaults to $::os_service_default.
+#
 # [*interface*]
 #  (Optional) Interface to use for the Identity API endpoint. Valid values are
 #  "public", "internal" or "admin".
@@ -216,6 +221,7 @@ class cloudkitty::keystone::authtoken(
  $token_cache_time               = $::os_service_default,
  $service_token_roles            = $::os_service_default,
  $service_token_roles_required   = $::os_service_default,
+  $service_type                   = $::os_service_default,
  $interface                      = $::os_service_default,
 ) {

@@ -256,6 +262,7 @@ class cloudkitty::keystone::authtoken(
    token_cache_time               => $token_cache_time,
    service_token_roles            => $service_token_roles,
    service_token_roles_required   => $service_token_roles_required,
+    service_type                   => $service_type,
    interface                      => $interface,
  }
 }
--- a/releasenotes/notes/keystone-authtoken-service_type-08b687a9db2a8097.yaml
+++ b/releasenotes/notes/keystone-authtoken-service_type-08b687a9db2a8097.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``cloudkitty::keystone::authtoken::service_type`` parameter has
+    been added to configure the service_type parameter in authtoken middleware.
--- a/spec/classes/cloudkitty_keystone_authtoken_spec.rb
+++ b/spec/classes/cloudkitty_keystone_authtoken_spec.rb
@@ -44,6 +44,7 @@ describe 'cloudkitty::keystone::authtoken' do
        is_expected.to contain_cloudkitty_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_cloudkitty_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_cloudkitty_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cloudkitty_config('keystone_authtoken/service_type').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_cloudkitty_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
      end
    end
@@ -85,6 +86,7 @@ describe 'cloudkitty::keystone::authtoken' do
          :token_cache_time               => '301',
          :service_token_roles            => ['service'],
          :service_token_roles_required   => false,
+          :service_type                   => 'identity',
          :interface                      => 'internal',
        })
      end
@@ -123,6 +125,7 @@ describe 'cloudkitty::keystone::authtoken' do
        is_expected.to contain_cloudkitty_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
        is_expected.to contain_cloudkitty_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
        is_expected.to contain_cloudkitty_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
+        is_expected.to contain_cloudkitty_config('keystone_authtoken/service_type').with_value(params[:service_type])
        is_expected.to contain_cloudkitty_config('keystone_authtoken/interface').with_value(params[:interface])
      end