openidc: Support more redis cache options

Change-Id: I70cc5c2d0ecf10b4aa4e07e4af91609d1ad7cee3

manifests/federation/openidc.pp

@@ -113,6 +113,24 @@
 #  authentication. When not specified, no authentication is
 #  performed. Defaults to undef.
 #
+# [*redis_username*]
+#  (Optional) Username to be used if the Redis server requires
+#  authentication.
+#  Defaults to undef
+#
+# [*redis_database*]
+#  (Optional) Logical database to select on the Redis server.
+#  Defaults to undef
+#
+# [*redis_connect_timeout*]
+#  (Optional) Timeout (in seconds) for connecting to the Redis servers.
+#  Defaults to undef
+#
+# [*redis_timeout*]
+#  (Optional) Timeout waiting for a response of the Redis servers after
+#  a request was sent.
+#  Defaults to undef
+#
 # [*remote_id_attribute*]
 #  (Optional) Value to be used to obtain the entity ID of the Identity
 #  Provider from the environment.
@@ -153,6 +171,10 @@ class keystone::federation::openidc (
   $memcached_servers              = undef,
   $redis_server                   = undef,
   $redis_password                 = undef,
+  $redis_username                 = undef,
+  $redis_database                 = undef,
+  $redis_connect_timeout          = undef,
+  $redis_timeout                  = undef,
   $remote_id_attribute            = $facts['os_service_default'],
   $template_order                 = 331,
 ) {

releasenotes/notes/oidc-redis-opts-5e1bc4cf2f6c4869.yaml

@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    The following parameters have been added to
+    the ``keystone::federation::openidc`` class.
+
+    - ``redis_username``
+    - ``redis_database``
+    - ``redis_timeout``
+    - ``redis_connect_timeout``

spec/classes/keystone_federation_openidc_spec.rb

@@ -151,6 +151,10 @@ describe 'keystone::federation::openidc' do
         params.merge!({
           :openidc_cache_type    => 'redis',
           :redis_password        => 'redispass',
+          :redis_username        => 'redisuser',
+          :redis_database        => 0,
+          :redis_timeout         => 10,
+          :redis_connect_timeout => 11,
         })
       end
 
@@ -158,6 +162,10 @@ describe 'keystone::federation::openidc' do
         content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
         expect(content).to match('OIDCCacheType redis')
         expect(content).to match('OIDCRedisCachePassword "redispass"')
+        expect(content).to match('OIDCRedisCacheUsername "redisuser"')
+        expect(content).to match('OIDCRedisCacheDatabase 0')
+        expect(content).to match('OIDCRedisCacheTimeout 10')
+        expect(content).to match('OIDCRedisCacheConnectTimeout 11')
       end
     end
 

templates/openidc.conf.erb

@@ -33,6 +33,18 @@
 <%- if scope['::keystone::federation::openidc::redis_password'] != nil -%>
   OIDCRedisCachePassword "<%= scope['::keystone::federation::openidc::redis_password'] %>"
 <%- end -%>
+<%- if scope['::keystone::federation::openidc::redis_username'] != nil -%>
+  OIDCRedisCacheUsername "<%= scope['::keystone::federation::openidc::redis_username'] %>"
+<%- end -%>
+<%- if scope['::keystone::federation::openidc::redis_database'] != nil -%>
+  OIDCRedisCacheDatabase <%= scope['::keystone::federation::openidc::redis_database'] %>
+<%- end -%>
+<%- if scope['::keystone::federation::openidc::redis_connect_timeout'] != nil -%>
+  OIDCRedisCacheConnectTimeout <%= scope['::keystone::federation::openidc::redis_connect_timeout'] %>
+<%- end -%>
+<%- if scope['::keystone::federation::openidc::redis_timeout'] != nil -%>
+  OIDCRedisCacheTimeout <%= scope['::keystone::federation::openidc::redis_timeout'] %>
+<%- end -%>
 <%- if scope['::keystone::federation::openidc::openidc_claim_delimiter'] != nil -%>
   OIDCClaimDelimiter "<%= scope['::keystone::federation::openidc::openidc_claim_delimiter'] %>"
 <%- end -%>