Add support for the interface parameter in authtoken middleware
This patch adds support for [keystone_authtoken] interface parameter, so that operators can define which endpoint should be used by authtoken middleware. Change-Id: Iebb67609a384ee4c6be1d0f8aff86643ff6775c2 (cherry picked from commita09758194a
) (cherry picked from commit263240ea84
)
This commit is contained in:
parent
d238ee9b29
commit
8930de7b4f
|
@ -71,6 +71,11 @@
|
||||||
# true/false
|
# true/false
|
||||||
# Defaults to $::os_service_default.
|
# Defaults to $::os_service_default.
|
||||||
#
|
#
|
||||||
|
# [*interface*]
|
||||||
|
# (Optional) Interface to use for the Identity API endpoint. Valid values are
|
||||||
|
# "public", "internal" or "admin".
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
# == DEPRECATED
|
# == DEPRECATED
|
||||||
#
|
#
|
||||||
# [*identity_uri*]
|
# [*identity_uri*]
|
||||||
|
@ -116,6 +121,7 @@ class swift::proxy::authtoken(
|
||||||
$include_service_catalog = false,
|
$include_service_catalog = false,
|
||||||
$service_token_roles = $::os_service_default,
|
$service_token_roles = $::os_service_default,
|
||||||
$service_token_roles_required = $::os_service_default,
|
$service_token_roles_required = $::os_service_default,
|
||||||
|
$interface = $::os_service_default,
|
||||||
# DEPRECATED PARAMETERS
|
# DEPRECATED PARAMETERS
|
||||||
$admin_user = undef,
|
$admin_user = undef,
|
||||||
$admin_tenant_name = undef,
|
$admin_tenant_name = undef,
|
||||||
|
@ -182,5 +188,6 @@ class swift::proxy::authtoken(
|
||||||
'filter:authtoken/include_service_catalog': value => $include_service_catalog;
|
'filter:authtoken/include_service_catalog': value => $include_service_catalog;
|
||||||
'filter:authtoken/service_token_roles': value => $service_token_roles;
|
'filter:authtoken/service_token_roles': value => $service_token_roles;
|
||||||
'filter:authtoken/service_token_roles_required': value => $service_token_roles_required;
|
'filter:authtoken/service_token_roles_required': value => $service_token_roles_required;
|
||||||
|
'filter:authtoken/interface': value => $interface,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The new ``swift::proxy::authtoken::interface`` parameter has been added,
|
||||||
|
which can be used to set the interface parameter in authtoken middleware.
|
|
@ -34,6 +34,7 @@ describe 'swift::proxy::authtoken' do
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value('<SERVICE DEFAULT>') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value('<SERVICE DEFAULT>') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>') }
|
||||||
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('<SERVICE DEFAULT>') }
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "when overriding parameters" do
|
describe "when overriding parameters" do
|
||||||
|
@ -47,6 +48,7 @@ describe 'swift::proxy::authtoken' do
|
||||||
:signing_dir => '/home/swift/keystone-signing',
|
:signing_dir => '/home/swift/keystone-signing',
|
||||||
:service_token_roles => ['service'],
|
:service_token_roles => ['service'],
|
||||||
:service_token_roles_required => true,
|
:service_token_roles_required => true,
|
||||||
|
:interface => 'internal',
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -66,6 +68,7 @@ describe 'swift::proxy::authtoken' do
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value(['service']) }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value(['service']) }
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value(true) }
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value(true) }
|
||||||
|
it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('internal') }
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'when overriding www_authenticate_uri' do
|
describe 'when overriding www_authenticate_uri' do
|
||||||
|
|
Loading…
Reference in New Issue