Merge "Add support for service_type in authtoken config"

This commit is contained in:
Zuul 2020-07-30 16:03:46 +00:00 committed by Gerrit Code Review
commit 3184e2079d
3 changed files with 17 additions and 0 deletions

View File

@ -212,6 +212,11 @@
# true/false # true/false
# Defaults to $::os_service_default. # Defaults to $::os_service_default.
# #
# [*service_type*]
# (Optional) The name or type of the service as it appears in the service
# catalog. This is used to validate tokens that have restricted access rules.
# Defaults to $::os_service_default.
#
# [*interface*] # [*interface*]
# (Optional) Interface to use for the Identity API endpoint. Valid values are # (Optional) Interface to use for the Identity API endpoint. Valid values are
# "public", "internal" or "admin". # "public", "internal" or "admin".
@ -253,6 +258,7 @@ define keystone::resource::authtoken(
$manage_memcache_package = false, $manage_memcache_package = false,
$service_token_roles = $::os_service_default, $service_token_roles = $::os_service_default,
$service_token_roles_required = $::os_service_default, $service_token_roles_required = $::os_service_default,
$service_type = $::os_service_default,
$interface = $::os_service_default, $interface = $::os_service_default,
) { ) {
@ -327,6 +333,7 @@ define keystone::resource::authtoken(
'keystone_authtoken/insecure' => {'value' => $insecure}, 'keystone_authtoken/insecure' => {'value' => $insecure},
'keystone_authtoken/service_token_roles' => {'value' => $service_token_roles}, 'keystone_authtoken/service_token_roles' => {'value' => $service_token_roles},
'keystone_authtoken/service_token_roles_required' => {'value' => $service_token_roles_required}, 'keystone_authtoken/service_token_roles_required' => {'value' => $service_token_roles_required},
'keystone_authtoken/service_type' => {'value' => $service_type},
'keystone_authtoken/interface' => {'value' => $interface}, 'keystone_authtoken/interface' => {'value' => $interface},
} }

View File

@ -0,0 +1,7 @@
---
features:
- |
Added the service_type parameter to keystone::resource::authtoken resource.
This value should be set to the name or type of the service as it appears
in the service catalog. This is used to validate tokens that have
restricted access rules.

View File

@ -47,6 +47,7 @@ describe 'keystone::resource::authtoken' do
is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('keystone_authtoken/service_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
end end
@ -79,6 +80,7 @@ describe 'keystone::resource::authtoken' do
:region_name => 'MyRegion', :region_name => 'MyRegion',
:service_token_roles => 'service', :service_token_roles => 'service',
:service_token_roles_required => false, :service_token_roles_required => false,
:service_type => 'identity',
:token_cache_time => '20', :token_cache_time => '20',
:interface => 'internal', :interface => 'internal',
}) })
@ -116,6 +118,7 @@ describe 'keystone::resource::authtoken' do
is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value(params[:region_name]) is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value(params[:region_name])
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles]) is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required]) is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
is_expected.to contain_keystone_config('keystone_authtoken/service_type').with_value(params[:service_type])
is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time]) is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value(params[:interface]) is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value(params[:interface])
end end