Browse Source

Service_token_roles_required missing in the server config file

Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: I18250b18ec48329bbaba6c6fbfd2a255abc92d56
Closes-Bug: 1778198
tags/14.3.0
ZhongShengping 3 months ago
parent
commit
f2d968ac6e

+ 8
- 0
manifests/keystone/authtoken.pp View File

@@ -157,6 +157,12 @@
157 157
 #   (in seconds). Set to -1 to disable caching completely. Integer value
158 158
 #   Defaults to $::os_service_default.
159 159
 #
160
+# [*service_token_roles_required*]
161
+#   (optional) backwards compatibility to ensure that the service tokens are
162
+#   compared against a list of possible roles for validity
163
+#   true/false
164
+#   Defaults to $::os_service_default.
165
+#
160 166
 # DEPRECATED PARAMETERS
161 167
 #
162 168
 # [*check_revocations_for_cached*]
@@ -209,6 +215,7 @@ class magnum::keystone::authtoken(
209 215
   $manage_memcache_package        = false,
210 216
   $region_name                    = $::os_service_default,
211 217
   $token_cache_time               = $::os_service_default,
218
+  $service_token_roles_required   = $::os_service_default,
212 219
   # DEPRECATED PARAMETERS
213 220
   $check_revocations_for_cached   = undef,
214 221
   $hash_algorithms                = undef,
@@ -253,6 +260,7 @@ class magnum::keystone::authtoken(
253 260
     manage_memcache_package        => $manage_memcache_package,
254 261
     region_name                    => $region_name,
255 262
     token_cache_time               => $token_cache_time,
263
+    service_token_roles_required   => $service_token_roles_required,
256 264
   }
257 265
 
258 266
   magnum_config {

+ 5
- 0
releasenotes/notes/service_token_roles_required-bcfc36a96fdf6f30.yaml View File

@@ -0,0 +1,5 @@
1
+---
2
+features:
3
+  - Service_token_roles_required missing in the server config file which
4
+    allows backwards compatibility to ensure that the service tokens are
5
+    compared against a list of possible roles for validity.

+ 3
- 0
spec/classes/magnum_keystone_authtoken_spec.rb View File

@@ -45,6 +45,7 @@ describe 'magnum::keystone::authtoken' do
45 45
         is_expected.to contain_magnum_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
46 46
         is_expected.to contain_magnum_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
47 47
         is_expected.to contain_magnum_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
48
+        is_expected.to contain_magnum_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
48 49
         is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
49 50
         is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
50 51
         is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
@@ -87,6 +88,7 @@ describe 'magnum::keystone::authtoken' do
87 88
           :manage_memcache_package              => true,
88 89
           :region_name                          => 'region2',
89 90
           :token_cache_time                     => '301',
91
+          :service_token_roles_required         => false,
90 92
         })
91 93
       end
92 94
 
@@ -121,6 +123,7 @@ describe 'magnum::keystone::authtoken' do
121 123
         is_expected.to contain_magnum_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
122 124
         is_expected.to contain_magnum_config('keystone_authtoken/region_name').with_value(params[:region_name])
123 125
         is_expected.to contain_magnum_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
126
+        is_expected.to contain_magnum_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
124 127
         is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(params[:insecure])
125 128
         is_expected.to contain_magnum_config('keystone_auth/cafile').with_value(params[:cafile])
126 129
         is_expected.to contain_magnum_config('keystone_auth/certfile').with_value(params[:certfile])

Loading…
Cancel
Save