Service_token_roles_required missing in the server config file

Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: I18250b18ec48329bbaba6c6fbfd2a255abc92d56
Closes-Bug: 1778198

manifests/keystone/authtoken.pp

@@ -157,6 +157,12 @@
 #   (in seconds). Set to -1 to disable caching completely. Integer value
 #   Defaults to $::os_service_default.
 #
+# [*service_token_roles_required*]
+#   (optional) backwards compatibility to ensure that the service tokens are
+#   compared against a list of possible roles for validity
+#   true/false
+#   Defaults to $::os_service_default.
+#
 # DEPRECATED PARAMETERS
 #
 # [*check_revocations_for_cached*]
@@ -209,6 +215,7 @@ class magnum::keystone::authtoken(
   $manage_memcache_package        = false,
   $region_name                    = $::os_service_default,
   $token_cache_time               = $::os_service_default,
+  $service_token_roles_required   = $::os_service_default,
   # DEPRECATED PARAMETERS
   $check_revocations_for_cached   = undef,
   $hash_algorithms                = undef,
@@ -253,6 +260,7 @@ class magnum::keystone::authtoken(
     manage_memcache_package        => $manage_memcache_package,
     region_name                    => $region_name,
     token_cache_time               => $token_cache_time,
+    service_token_roles_required   => $service_token_roles_required,
   }
 
   magnum_config {

releasenotes/notes/service_token_roles_required-bcfc36a96fdf6f30.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Service_token_roles_required missing in the server config file which
+    allows backwards compatibility to ensure that the service tokens are
+    compared against a list of possible roles for validity.

spec/classes/magnum_keystone_authtoken_spec.rb

@@ -45,6 +45,7 @@ describe 'magnum::keystone::authtoken' do
         is_expected.to contain_magnum_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_magnum_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
@@ -87,6 +88,7 @@ describe 'magnum::keystone::authtoken' do
           :manage_memcache_package              => true,
           :region_name                          => 'region2',
           :token_cache_time                     => '301',
+          :service_token_roles_required         => false,
         })
       end
 
@@ -121,6 +123,7 @@ describe 'magnum::keystone::authtoken' do
         is_expected.to contain_magnum_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
         is_expected.to contain_magnum_config('keystone_authtoken/region_name').with_value(params[:region_name])
         is_expected.to contain_magnum_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
+        is_expected.to contain_magnum_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
         is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(params[:insecure])
         is_expected.to contain_magnum_config('keystone_auth/cafile').with_value(params[:cafile])
         is_expected.to contain_magnum_config('keystone_auth/certfile').with_value(params[:certfile])