diff --git a/manifests/api/authtoken.pp b/manifests/api/authtoken.pp index acabba28..c2eb8ab7 100644 --- a/manifests/api/authtoken.pp +++ b/manifests/api/authtoken.pp @@ -161,6 +161,12 @@ # (in seconds). Set to -1 to disable caching completely. Integer value # Defaults to $::os_service_default. # +# [*service_token_roles_required*] +# (optional) backwards compatibility to ensure that the service tokens are +# compared against a list of possible roles for validity +# true/false +# Defaults to $::os_service_default. +# # DEPRECATED PARAMETERS # # [*check_revocations_for_cached*] @@ -213,6 +219,7 @@ class glance::api::authtoken( $manage_memcache_package = false, $region_name = $::os_service_default, $token_cache_time = $::os_service_default, + $service_token_roles_required = $::os_service_default, # DEPRECATED PARAMETERS $check_revocations_for_cached = undef, $hash_algorithms = undef, @@ -265,5 +272,6 @@ class glance::api::authtoken( manage_memcache_package => $manage_memcache_package, region_name => $region_name, token_cache_time => $token_cache_time, + service_token_roles_required => $service_token_roles_required, } } diff --git a/manifests/registry/authtoken.pp b/manifests/registry/authtoken.pp index 37876611..ac8674d2 100644 --- a/manifests/registry/authtoken.pp +++ b/manifests/registry/authtoken.pp @@ -161,6 +161,12 @@ # (in seconds). Set to -1 to disable caching completely. Integer value # Defaults to $::os_service_default. # +# [*service_token_roles_required*] +# (optional) backwards compatibility to ensure that the service tokens are +# compared against a list of possible roles for validity +# true/false +# Defaults to $::os_service_default. +# # DEPRECATED PARAMETERS # # [*check_revocations_for_cached*] @@ -213,6 +219,7 @@ class glance::registry::authtoken( $manage_memcache_package = false, $region_name = $::os_service_default, $token_cache_time = $::os_service_default, + $service_token_roles_required = $::os_service_default, # DEPRECATED PARAMETERS $check_revocations_for_cached = undef, $hash_algorithms = undef, @@ -265,5 +272,6 @@ class glance::registry::authtoken( manage_memcache_package => $manage_memcache_package, region_name => $region_name, token_cache_time => $token_cache_time, + service_token_roles_required => $service_token_roles_required, } } diff --git a/releasenotes/notes/service_token_roles_required-84a52781e88fc5bb.yaml b/releasenotes/notes/service_token_roles_required-84a52781e88fc5bb.yaml new file mode 100644 index 00000000..60a45217 --- /dev/null +++ b/releasenotes/notes/service_token_roles_required-84a52781e88fc5bb.yaml @@ -0,0 +1,5 @@ +--- +features: + - Service_token_roles_required missing in the server config file which + allows backwards compatibility to ensure that the service tokens are + compared against a list of possible roles for validity. diff --git a/spec/classes/glance_api_authtoken_spec.rb b/spec/classes/glance_api_authtoken_spec.rb index d7bb59f0..e6939ebd 100644 --- a/spec/classes/glance_api_authtoken_spec.rb +++ b/spec/classes/glance_api_authtoken_spec.rb @@ -42,6 +42,7 @@ describe 'glance::api::authtoken' do is_expected.to contain_glance_api_config('keystone_authtoken/memcached_servers').with_value('') is_expected.to contain_glance_api_config('keystone_authtoken/region_name').with_value('') is_expected.to contain_glance_api_config('keystone_authtoken/token_cache_time').with_value('') + is_expected.to contain_glance_api_config('keystone_authtoken/service_token_roles_required').with_value('') end end @@ -80,6 +81,7 @@ describe 'glance::api::authtoken' do :manage_memcache_package => true, :region_name => 'region2', :token_cache_time => '301', + :service_token_roles_required => false, }) end @@ -115,6 +117,7 @@ describe 'glance::api::authtoken' do is_expected.to contain_glance_api_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211') is_expected.to contain_glance_api_config('keystone_authtoken/region_name').with_value(params[:region_name]) is_expected.to contain_glance_api_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time]) + is_expected.to contain_glance_api_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required]) end it 'installs python memcache package' do diff --git a/spec/classes/glance_registry_authtoken_spec.rb b/spec/classes/glance_registry_authtoken_spec.rb index 266c8711..e191f22b 100644 --- a/spec/classes/glance_registry_authtoken_spec.rb +++ b/spec/classes/glance_registry_authtoken_spec.rb @@ -42,6 +42,7 @@ describe 'glance::registry::authtoken' do is_expected.to contain_glance_registry_config('keystone_authtoken/memcached_servers').with_value('') is_expected.to contain_glance_registry_config('keystone_authtoken/region_name').with_value('') is_expected.to contain_glance_registry_config('keystone_authtoken/token_cache_time').with_value('') + is_expected.to contain_glance_registry_config('keystone_authtoken/service_token_roles_required').with_value('') end end @@ -80,6 +81,7 @@ describe 'glance::registry::authtoken' do :manage_memcache_package => true, :region_name => 'region2', :token_cache_time => '301', + :service_token_roles_required => false, }) end @@ -115,6 +117,7 @@ describe 'glance::registry::authtoken' do is_expected.to contain_glance_registry_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211') is_expected.to contain_glance_registry_config('keystone_authtoken/region_name').with_value(params[:region_name]) is_expected.to contain_glance_registry_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time]) + is_expected.to contain_glance_registry_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required]) end it 'installs python memcache package' do