Add support for service_type in authtoken config

This is used to validate tokens that have restricted access rules.

Change-Id: I1ba6aef478592e681887d87380a15ee8667ff006

manifests/resource/authtoken.pp

@@ -212,6 +212,11 @@
 #  true/false
 #  Defaults to $::os_service_default.
 #
+# [*service_type*]
+#  (Optional) The name or type of the service as it appears in the service
+#  catalog. This is used to validate tokens that have restricted access rules.
+#  Defaults to $::os_service_default.
+#
 # [*interface*]
 #  (Optional) Interface to use for the Identity API endpoint. Valid values are
 #  "public", "internal" or "admin".
@@ -253,6 +258,7 @@ define keystone::resource::authtoken(
   $manage_memcache_package        = false,
   $service_token_roles            = $::os_service_default,
   $service_token_roles_required   = $::os_service_default,
+  $service_type                   = $::os_service_default,
   $interface                      = $::os_service_default,
 ) {
 
@@ -327,6 +333,7 @@ define keystone::resource::authtoken(
     'keystone_authtoken/insecure'                       => {'value' => $insecure},
     'keystone_authtoken/service_token_roles'            => {'value' => $service_token_roles},
     'keystone_authtoken/service_token_roles_required'   => {'value' => $service_token_roles_required},
+    'keystone_authtoken/service_type'                   => {'value' => $service_type},
     'keystone_authtoken/interface'                      => {'value' => $interface},
   }
 

releasenotes/notes/add-authtoken-service_type-parameter-cab05db2d977f232.yaml

@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Added the service_type parameter to keystone::resource::authtoken resource.
+    This value should be set to the name or type of the service as it appears
+    in the service catalog. This is used to validate tokens that have
+    restricted access rules.

spec/defines/keystone_resource_authtoken_spec.rb

@@ -47,6 +47,7 @@ describe 'keystone::resource::authtoken' do
         is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('keystone_authtoken/service_type').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
       end
@@ -79,6 +80,7 @@ describe 'keystone::resource::authtoken' do
           :region_name                  => 'MyRegion',
           :service_token_roles          => 'service',
           :service_token_roles_required => false,
+          :service_type                 => 'identity',
           :token_cache_time             => '20',
           :interface                    => 'internal',
         })
@@ -116,6 +118,7 @@ describe 'keystone::resource::authtoken' do
         is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value(params[:region_name])
         is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
         is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
+        is_expected.to contain_keystone_config('keystone_authtoken/service_type').with_value(params[:service_type])
         is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
         is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value(params[:interface])
       end