diff --git a/manifests/resource/authtoken.pp b/manifests/resource/authtoken.pp index 471a38ad2..36569ab2a 100644 --- a/manifests/resource/authtoken.pp +++ b/manifests/resource/authtoken.pp @@ -212,6 +212,11 @@ # true/false # Defaults to $::os_service_default. # +# [*service_type*] +# (Optional) The name or type of the service as it appears in the service +# catalog. This is used to validate tokens that have restricted access rules. +# Defaults to $::os_service_default. +# # [*interface*] # (Optional) Interface to use for the Identity API endpoint. Valid values are # "public", "internal" or "admin". @@ -253,6 +258,7 @@ define keystone::resource::authtoken( $manage_memcache_package = false, $service_token_roles = $::os_service_default, $service_token_roles_required = $::os_service_default, + $service_type = $::os_service_default, $interface = $::os_service_default, ) { @@ -327,6 +333,7 @@ define keystone::resource::authtoken( 'keystone_authtoken/insecure' => {'value' => $insecure}, 'keystone_authtoken/service_token_roles' => {'value' => $service_token_roles}, 'keystone_authtoken/service_token_roles_required' => {'value' => $service_token_roles_required}, + 'keystone_authtoken/service_type' => {'value' => $service_type}, 'keystone_authtoken/interface' => {'value' => $interface}, } diff --git a/releasenotes/notes/add-authtoken-service_type-parameter-cab05db2d977f232.yaml b/releasenotes/notes/add-authtoken-service_type-parameter-cab05db2d977f232.yaml new file mode 100644 index 000000000..20a987415 --- /dev/null +++ b/releasenotes/notes/add-authtoken-service_type-parameter-cab05db2d977f232.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Added the service_type parameter to keystone::resource::authtoken resource. + This value should be set to the name or type of the service as it appears + in the service catalog. This is used to validate tokens that have + restricted access rules. diff --git a/spec/defines/keystone_resource_authtoken_spec.rb b/spec/defines/keystone_resource_authtoken_spec.rb index 62db4fcfb..d675b9317 100644 --- a/spec/defines/keystone_resource_authtoken_spec.rb +++ b/spec/defines/keystone_resource_authtoken_spec.rb @@ -47,6 +47,7 @@ describe 'keystone::resource::authtoken' do is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value('') is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value('') is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value('') + is_expected.to contain_keystone_config('keystone_authtoken/service_type').with_value('') is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value('') is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value('') end @@ -79,6 +80,7 @@ describe 'keystone::resource::authtoken' do :region_name => 'MyRegion', :service_token_roles => 'service', :service_token_roles_required => false, + :service_type => 'identity', :token_cache_time => '20', :interface => 'internal', }) @@ -116,6 +118,7 @@ describe 'keystone::resource::authtoken' do is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value(params[:region_name]) is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles]) is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required]) + is_expected.to contain_keystone_config('keystone_authtoken/service_type').with_value(params[:service_type]) is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time]) is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value(params[:interface]) end