Add support for service_type in authtoken config
This is used to validate tokens that have restricted access rules. Change-Id: I1ba6aef478592e681887d87380a15ee8667ff006
This commit is contained in:
parent
d5e3a563e6
commit
aba4a00d29
@ -212,6 +212,11 @@
|
|||||||
# true/false
|
# true/false
|
||||||
# Defaults to $::os_service_default.
|
# Defaults to $::os_service_default.
|
||||||
#
|
#
|
||||||
|
# [*service_type*]
|
||||||
|
# (Optional) The name or type of the service as it appears in the service
|
||||||
|
# catalog. This is used to validate tokens that have restricted access rules.
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
# [*interface*]
|
# [*interface*]
|
||||||
# (Optional) Interface to use for the Identity API endpoint. Valid values are
|
# (Optional) Interface to use for the Identity API endpoint. Valid values are
|
||||||
# "public", "internal" or "admin".
|
# "public", "internal" or "admin".
|
||||||
@ -253,6 +258,7 @@ define keystone::resource::authtoken(
|
|||||||
$manage_memcache_package = false,
|
$manage_memcache_package = false,
|
||||||
$service_token_roles = $::os_service_default,
|
$service_token_roles = $::os_service_default,
|
||||||
$service_token_roles_required = $::os_service_default,
|
$service_token_roles_required = $::os_service_default,
|
||||||
|
$service_type = $::os_service_default,
|
||||||
$interface = $::os_service_default,
|
$interface = $::os_service_default,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
@ -327,6 +333,7 @@ define keystone::resource::authtoken(
|
|||||||
'keystone_authtoken/insecure' => {'value' => $insecure},
|
'keystone_authtoken/insecure' => {'value' => $insecure},
|
||||||
'keystone_authtoken/service_token_roles' => {'value' => $service_token_roles},
|
'keystone_authtoken/service_token_roles' => {'value' => $service_token_roles},
|
||||||
'keystone_authtoken/service_token_roles_required' => {'value' => $service_token_roles_required},
|
'keystone_authtoken/service_token_roles_required' => {'value' => $service_token_roles_required},
|
||||||
|
'keystone_authtoken/service_type' => {'value' => $service_type},
|
||||||
'keystone_authtoken/interface' => {'value' => $interface},
|
'keystone_authtoken/interface' => {'value' => $interface},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added the service_type parameter to keystone::resource::authtoken resource.
|
||||||
|
This value should be set to the name or type of the service as it appears
|
||||||
|
in the service catalog. This is used to validate tokens that have
|
||||||
|
restricted access rules.
|
@ -47,6 +47,7 @@ describe 'keystone::resource::authtoken' do
|
|||||||
is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_keystone_config('keystone_authtoken/service_type').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
|
||||||
end
|
end
|
||||||
@ -79,6 +80,7 @@ describe 'keystone::resource::authtoken' do
|
|||||||
:region_name => 'MyRegion',
|
:region_name => 'MyRegion',
|
||||||
:service_token_roles => 'service',
|
:service_token_roles => 'service',
|
||||||
:service_token_roles_required => false,
|
:service_token_roles_required => false,
|
||||||
|
:service_type => 'identity',
|
||||||
:token_cache_time => '20',
|
:token_cache_time => '20',
|
||||||
:interface => 'internal',
|
:interface => 'internal',
|
||||||
})
|
})
|
||||||
@ -116,6 +118,7 @@ describe 'keystone::resource::authtoken' do
|
|||||||
is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value(params[:region_name])
|
is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value(params[:region_name])
|
||||||
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
|
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
|
||||||
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
|
is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
|
||||||
|
is_expected.to contain_keystone_config('keystone_authtoken/service_type').with_value(params[:service_type])
|
||||||
is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
|
is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
|
||||||
is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value(params[:interface])
|
is_expected.to contain_keystone_config('keystone_authtoken/interface').with_value(params[:interface])
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user