From da99cfcbd531cca42be22765c021bd744e974e8d Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Sun, 11 Oct 2020 21:27:59 +0900
Subject: [PATCH] Add support for the keystone_authtoken/service_type parameter

Change-Id: I2ed8dfabd6e99c468456cca960996d9adc3b8f9c
---
 manifests/keystone/authtoken.pp                          | 7 +++++++
 ...keystone-authtoken-service_type-6b60c7d5840cbefe.yaml | 5 +++++
 spec/classes/nova_keystone_authtoken_spec.rb             | 9 +++++----
 3 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/keystone-authtoken-service_type-6b60c7d5840cbefe.yaml

diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp
index efed9336f..7878f242b 100644
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@@ -177,6 +177,11 @@
 #   true/false
 #   Defaults to $::os_service_default.
 #
+# [*service_type*]
+#  (Optional) The name or type of the service as it appears in the service
+#  catalog. This is used to validate tokens that have restricted access rules.
+#  Defaults to $::os_service_default.
+#
 # [*interface*]
 #  (Optional) Interface to use for the Identity API endpoint. Valid values are
 #  "public", "internal" or "admin".
@@ -221,6 +226,7 @@ class nova::keystone::authtoken(
   $token_cache_time               = $::os_service_default,
   $service_token_roles            = $::os_service_default,
   $service_token_roles_required   = $::os_service_default,
+  $service_type                   = $::os_service_default,
   $interface                      = $::os_service_default,
   $params                         = {},
 ) {
@@ -269,6 +275,7 @@ class nova::keystone::authtoken(
       token_cache_time               => $token_cache_time,
       service_token_roles            => $service_token_roles,
       service_token_roles_required   => $service_token_roles_required,
+      service_type                   => $service_type,
       interface                      => $interface;
   }
 }
diff --git a/releasenotes/notes/keystone-authtoken-service_type-6b60c7d5840cbefe.yaml b/releasenotes/notes/keystone-authtoken-service_type-6b60c7d5840cbefe.yaml
new file mode 100644
index 000000000..a1df0b36f
--- /dev/null
+++ b/releasenotes/notes/keystone-authtoken-service_type-6b60c7d5840cbefe.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``nova::keystone::authtoken::service_type`` parameter has been
+    added to configure the service_type parameter in authtoken middleware.
diff --git a/spec/classes/nova_keystone_authtoken_spec.rb b/spec/classes/nova_keystone_authtoken_spec.rb
index b2591a50f..8c6c4ab45 100644
--- a/spec/classes/nova_keystone_authtoken_spec.rb
+++ b/spec/classes/nova_keystone_authtoken_spec.rb
@@ -44,6 +44,7 @@ describe 'nova::keystone::authtoken' do
         is_expected.to contain_nova_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_nova_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_nova_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_nova_config('keystone_authtoken/service_type').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_nova_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
       end
     end
@@ -85,8 +86,8 @@ describe 'nova::keystone::authtoken' do
           :token_cache_time                     => '301',
           :service_token_roles                  => ['service'],
           :service_token_roles_required         => true,
+          :service_type                         => 'identity',
           :interface                            => 'internal',
-          :params                               => { 'service_type' => "compute" },
         })
       end
 
@@ -125,7 +126,7 @@ describe 'nova::keystone::authtoken' do
         is_expected.to contain_nova_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
         is_expected.to contain_nova_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
         is_expected.to contain_nova_config('keystone_authtoken/interface').with_value(params[:interface])
-        is_expected.to contain_nova_config('keystone_authtoken/service_type').with_value(params[:params]['service_type'])
+        is_expected.to contain_nova_config('keystone_authtoken/service_type').with_value(params[:service_type])
       end
 
       it 'installs python memcache package' do
@@ -136,8 +137,8 @@ describe 'nova::keystone::authtoken' do
     context 'when overriding parameters via params hash' do
       before do
         params.merge!({
-          :username                             => 'myuser',
-          :params                               => { 'username' => "myotheruser" },
+          :username => 'myuser',
+          :params   => { 'username' => 'myotheruser' },
         })
       end