Browse Source

Add support for the interface parameter in authtoken middleware

This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.

Change-Id: Iebb67609a384ee4c6be1d0f8aff86643ff6775c2
(cherry picked from commit a09758194a)
(cherry picked from commit 263240ea84)
changes/73/820873/1
Takashi Kajinami 2 years ago
parent
commit
8930de7b4f
  1. 7
      manifests/proxy/authtoken.pp
  2. 5
      releasenotes/notes/keystone-authtoken-interface-a0cdde390fca1a46.yaml
  3. 3
      spec/classes/swift_proxy_authtoken_spec.rb

7
manifests/proxy/authtoken.pp

@ -71,6 +71,11 @@
# true/false
# Defaults to $::os_service_default.
#
# [*interface*]
# (Optional) Interface to use for the Identity API endpoint. Valid values are
# "public", "internal" or "admin".
# Defaults to $::os_service_default.
#
# == DEPRECATED
#
# [*identity_uri*]
@ -116,6 +121,7 @@ class swift::proxy::authtoken(
$include_service_catalog = false,
$service_token_roles = $::os_service_default,
$service_token_roles_required = $::os_service_default,
$interface = $::os_service_default,
# DEPRECATED PARAMETERS
$admin_user = undef,
$admin_tenant_name = undef,
@ -182,5 +188,6 @@ class swift::proxy::authtoken(
'filter:authtoken/include_service_catalog': value => $include_service_catalog;
'filter:authtoken/service_token_roles': value => $service_token_roles;
'filter:authtoken/service_token_roles_required': value => $service_token_roles_required;
'filter:authtoken/interface': value => $interface,
}
}

5
releasenotes/notes/keystone-authtoken-interface-a0cdde390fca1a46.yaml

@ -0,0 +1,5 @@
---
features:
- |
The new ``swift::proxy::authtoken::interface`` parameter has been added,
which can be used to set the interface parameter in authtoken middleware.

3
spec/classes/swift_proxy_authtoken_spec.rb

@ -34,6 +34,7 @@ describe 'swift::proxy::authtoken' do
it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('<SERVICE DEFAULT>') }
end
describe "when overriding parameters" do
@ -47,6 +48,7 @@ describe 'swift::proxy::authtoken' do
:signing_dir => '/home/swift/keystone-signing',
:service_token_roles => ['service'],
:service_token_roles_required => true,
:interface => 'internal',
}
end
@ -66,6 +68,7 @@ describe 'swift::proxy::authtoken' do
it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value(['service']) }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value(true) }
it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('internal') }
end
describe 'when overriding www_authenticate_uri' do

Loading…
Cancel
Save