New keystone::resource::authtoken::interface parameter

Adds interface parameter to keystone::resource::authtoken allow
services to configure the interface to use for the Identity API
endpoint.
Valid values are "public", "internal" or "admin".

Change-Id: I90584d3b5900d2dc74ae8ae1ff293822e5d6ecd9

manifests/resource/authtoken.pp

@@ -212,6 +212,11 @@
 #  true/false
 #  Defaults to $::os_service_default.
 #
+# [*interface*]
+#  (Optional) Interface to use for the Identity API endpoint. Valid values are
+#  "public", "internal" or "admin".
+#  Defaults to $::os_service_default.
+#
 # DEPRECATED PARAMETERS
 #
 # [*check_revocations_for_cached*]
@@ -267,6 +272,7 @@ define keystone::resource::authtoken(
   $manage_memcache_package        = false,
   $service_token_roles            = $::os_service_default,
   $service_token_roles_required   = $::os_service_default,
+  $interface                      = $::os_service_default,
   # DEPRECATED PARAMETERS
   $check_revocations_for_cached   = undef,
   $hash_algorithms                = undef,
@@ -351,6 +357,7 @@ define keystone::resource::authtoken(
     'keystone_authtoken/insecure'                       => {'value' => $insecure},
     'keystone_authtoken/service_token_roles'            => {'value' => $service_token_roles},
     'keystone_authtoken/service_token_roles_required'   => {'value' => $service_token_roles_required},
+    'keystone_authtoken/interface'                      => {'value' => $interface},
   }
 
   create_resources($name, $keystonemiddleware_options)

releasenotes/notes/authtoken_interface-2e8ccbd3e961e0fb.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds interface parameter to keystone::resource::authtoken allow services
+    to configure the interface to use for the Identity API endpoint. Valid
+    values are "public", "internal" or "admin".

spec/defines/keystone_resource_authtoken_spec.rb

@@ -48,6 +48,7 @@ describe 'keystone::resource::authtoken' do
         is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
       end
     end
 
@@ -79,6 +80,7 @@ describe 'keystone::resource::authtoken' do
           :service_token_roles          => 'service',
           :service_token_roles_required => false,
           :token_cache_time             => '20',
+          :interface                    => 'internal',
         })
       end
       it 'override keystone authtoken parameters' do
@@ -115,6 +117,7 @@ describe 'keystone::resource::authtoken' do
         is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
         is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
         is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
+        is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value(params[:interface])
       end
     end