Browse Source

Service_token_roles_required missing in the server config file

Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: I95abaa0720ad38378dadf6d97114ee4f255d9713
Closes-Bug: 1778198
ZhongShengping 3 months ago
parent
commit
c1e3f13bd7

+ 8
- 0
manifests/keystone/authtoken.pp View File

@@ -160,6 +160,12 @@
160 160
 #   (in seconds). Set to -1 to disable caching completely. Integer value
161 161
 #   Defaults to $::os_service_default.
162 162
 #
163
+# [*service_token_roles_required*]
164
+#   (optional) backwards compatibility to ensure that the service tokens are
165
+#   compared against a list of possible roles for validity
166
+#   true/false
167
+#   Defaults to $::os_service_default.
168
+#
163 169
 # DEPRECATED PARAMETERS
164 170
 #
165 171
 # [*check_revocations_for_cached*]
@@ -212,6 +218,7 @@ class congress::keystone::authtoken(
212 218
   $manage_memcache_package        = false,
213 219
   $region_name                    = $::os_service_default,
214 220
   $token_cache_time               = $::os_service_default,
221
+  $service_token_roles_required   = $::os_service_default,
215 222
   # DEPRECATED PARAMETERS
216 223
   $check_revocations_for_cached   = undef,
217 224
   $hash_algorithms                = undef,
@@ -260,6 +267,7 @@ class congress::keystone::authtoken(
260 267
     manage_memcache_package        => $manage_memcache_package,
261 268
     region_name                    => $region_name,
262 269
     token_cache_time               => $token_cache_time,
270
+    service_token_roles_required   => $service_token_roles_required,
263 271
   }
264 272
 }
265 273
 

+ 5
- 0
releasenotes/notes/service_token_roles_required-a13f8e9107379f7e.yaml View File

@@ -0,0 +1,5 @@
1
+---
2
+features:
3
+  - Service_token_roles_required missing in the server config file which
4
+    allows backwards compatibility to ensure that the service tokens are
5
+    compared against a list of possible roles for validity.

+ 3
- 0
spec/classes/congress_keystone_authtoken_spec.rb View File

@@ -47,6 +47,7 @@ describe 'congress::keystone::authtoken' do
47 47
         is_expected.to contain_congress_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
48 48
         is_expected.to contain_congress_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
49 49
         is_expected.to contain_congress_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
50
+        is_expected.to contain_congress_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
50 51
       end
51 52
     end
52 53
 
@@ -85,6 +86,7 @@ describe 'congress::keystone::authtoken' do
85 86
           :manage_memcache_package              => true,
86 87
           :region_name                          => 'region2',
87 88
           :token_cache_time                     => '301',
89
+          :service_token_roles_required         => false,
88 90
         })
89 91
       end
90 92
 
@@ -120,6 +122,7 @@ describe 'congress::keystone::authtoken' do
120 122
         is_expected.to contain_congress_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
121 123
         is_expected.to contain_congress_config('keystone_authtoken/region_name').with_value(params[:region_name])
122 124
         is_expected.to contain_congress_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
125
+        is_expected.to contain_congress_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
123 126
       end
124 127
 
125 128
       it 'installs python memcache package' do

Loading…
Cancel
Save