Add support for the interface parameter in authtoken middleware

This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.

Change-Id: I43f3f5708d1de6f63b61cbb688fb98a5d9241c8c

manifests/keystone/authtoken.pp

@@ -166,6 +166,11 @@
 #   true/false
 #   Defaults to $::os_service_default.
 #
+# [*interface*]
+#  (Optional) Interface to use for the Identity API endpoint. Valid values are
+#  "public", "internal" or "admin".
+#  Defaults to $::os_service_default.
+#
 class magnum::keystone::authtoken(
   $username                       = 'magnum',
   $password                       = $::os_service_default,
@@ -200,6 +205,7 @@ class magnum::keystone::authtoken(
   $region_name                    = $::os_service_default,
   $token_cache_time               = $::os_service_default,
   $service_token_roles_required   = $::os_service_default,
+  $interface                      = $::os_service_default,
 ) {
 
   include magnum::deps
@@ -242,6 +248,7 @@ class magnum::keystone::authtoken(
     region_name                    => $region_name,
     token_cache_time               => $token_cache_time,
     service_token_roles_required   => $service_token_roles_required,
+    interface                      => $interface,
   }
   magnum_config {
     'keystone_auth/cafile'                : value => $cafile;

releasenotes/notes/keystone-authtoken-interface-7f48cab08fdc7ac9.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``magnum::keystone::authtoken::interface`` parameter has been added,
+    which can be used to set the interface parameter in authtoken middleware.

spec/classes/magnum_keystone_authtoken_spec.rb

@@ -47,6 +47,7 @@ describe 'magnum::keystone::authtoken' do
         is_expected.to contain_magnum_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_magnum_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
@@ -90,6 +91,7 @@ describe 'magnum::keystone::authtoken' do
           :region_name                          => 'region2',
           :token_cache_time                     => '301',
           :service_token_roles_required         => false,
+          :interface                            => 'internal',
         })
       end
 
@@ -126,6 +128,7 @@ describe 'magnum::keystone::authtoken' do
         is_expected.to contain_magnum_config('keystone_authtoken/region_name').with_value(params[:region_name])
         is_expected.to contain_magnum_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
         is_expected.to contain_magnum_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
+        is_expected.to contain_magnum_config('keystone_authtoken/interface').with_value(params[:interface])
         is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(params[:insecure])
         is_expected.to contain_magnum_config('keystone_auth/cafile').with_value(params[:cafile])
         is_expected.to contain_magnum_config('keystone_auth/certfile').with_value(params[:certfile])