From da99cfcbd531cca42be22765c021bd744e974e8d Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 11 Oct 2020 21:27:59 +0900 Subject: [PATCH] Add support for the keystone_authtoken/service_type parameter Change-Id: I2ed8dfabd6e99c468456cca960996d9adc3b8f9c --- manifests/keystone/authtoken.pp | 7 +++++++ ...keystone-authtoken-service_type-6b60c7d5840cbefe.yaml | 5 +++++ spec/classes/nova_keystone_authtoken_spec.rb | 9 +++++---- 3 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/keystone-authtoken-service_type-6b60c7d5840cbefe.yaml diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp index efed9336f..7878f242b 100644 --- a/manifests/keystone/authtoken.pp +++ b/manifests/keystone/authtoken.pp @@ -177,6 +177,11 @@ # true/false # Defaults to $::os_service_default. # +# [*service_type*] +# (Optional) The name or type of the service as it appears in the service +# catalog. This is used to validate tokens that have restricted access rules. +# Defaults to $::os_service_default. +# # [*interface*] # (Optional) Interface to use for the Identity API endpoint. Valid values are # "public", "internal" or "admin". @@ -221,6 +226,7 @@ class nova::keystone::authtoken( $token_cache_time = $::os_service_default, $service_token_roles = $::os_service_default, $service_token_roles_required = $::os_service_default, + $service_type = $::os_service_default, $interface = $::os_service_default, $params = {}, ) { @@ -269,6 +275,7 @@ class nova::keystone::authtoken( token_cache_time => $token_cache_time, service_token_roles => $service_token_roles, service_token_roles_required => $service_token_roles_required, + service_type => $service_type, interface => $interface; } } diff --git a/releasenotes/notes/keystone-authtoken-service_type-6b60c7d5840cbefe.yaml b/releasenotes/notes/keystone-authtoken-service_type-6b60c7d5840cbefe.yaml new file mode 100644 index 000000000..a1df0b36f --- /dev/null +++ b/releasenotes/notes/keystone-authtoken-service_type-6b60c7d5840cbefe.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The new ``nova::keystone::authtoken::service_type`` parameter has been + added to configure the service_type parameter in authtoken middleware. diff --git a/spec/classes/nova_keystone_authtoken_spec.rb b/spec/classes/nova_keystone_authtoken_spec.rb index b2591a50f..8c6c4ab45 100644 --- a/spec/classes/nova_keystone_authtoken_spec.rb +++ b/spec/classes/nova_keystone_authtoken_spec.rb @@ -44,6 +44,7 @@ describe 'nova::keystone::authtoken' do is_expected.to contain_nova_config('keystone_authtoken/token_cache_time').with_value('') is_expected.to contain_nova_config('keystone_authtoken/service_token_roles').with_value('') is_expected.to contain_nova_config('keystone_authtoken/service_token_roles_required').with_value('') + is_expected.to contain_nova_config('keystone_authtoken/service_type').with_value('') is_expected.to contain_nova_config('keystone_authtoken/interface').with_value('') end end @@ -85,8 +86,8 @@ describe 'nova::keystone::authtoken' do :token_cache_time => '301', :service_token_roles => ['service'], :service_token_roles_required => true, + :service_type => 'identity', :interface => 'internal', - :params => { 'service_type' => "compute" }, }) end @@ -125,7 +126,7 @@ describe 'nova::keystone::authtoken' do is_expected.to contain_nova_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles]) is_expected.to contain_nova_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required]) is_expected.to contain_nova_config('keystone_authtoken/interface').with_value(params[:interface]) - is_expected.to contain_nova_config('keystone_authtoken/service_type').with_value(params[:params]['service_type']) + is_expected.to contain_nova_config('keystone_authtoken/service_type').with_value(params[:service_type]) end it 'installs python memcache package' do @@ -136,8 +137,8 @@ describe 'nova::keystone::authtoken' do context 'when overriding parameters via params hash' do before do params.merge!({ - :username => 'myuser', - :params => { 'username' => "myotheruser" }, + :username => 'myuser', + :params => { 'username' => 'myotheruser' }, }) end