Add support for service token parameters
Add support for the parameters in authtoken middleware, which are
related to service token feature.
Change-Id: If60373cb44a62397678cee7aaefad3431a91f7e4
(cherry picked from commit b6b458cd59
)
This commit is contained in:
parent
1c1cb38c70
commit
d238ee9b29
|
@ -55,6 +55,22 @@
|
|||
# not set the X-Service-Catalog header. Boolean value.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*service_token_roles*]
|
||||
# (Optional) A choice of roles that must be present in a service token.
|
||||
# Service tokens are allowed to request that an expired token
|
||||
# can be used and so this check should tightly control that
|
||||
# only actual services should be sending this token. Roles
|
||||
# here are applied as an ANY check so any role in this list
|
||||
# must be present. For backwards compatibility reasons this
|
||||
# currently only affects the allow_expired check. (list value)
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*service_token_roles_required*]
|
||||
# (optional) backwards compatibility to ensure that the service tokens are
|
||||
# compared against a list of possible roles for validity
|
||||
# true/false
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# == DEPRECATED
|
||||
#
|
||||
# [*identity_uri*]
|
||||
|
@ -98,6 +114,8 @@ class swift::proxy::authtoken(
|
|||
$username = 'swift',
|
||||
$password = 'password',
|
||||
$include_service_catalog = false,
|
||||
$service_token_roles = $::os_service_default,
|
||||
$service_token_roles_required = $::os_service_default,
|
||||
# DEPRECATED PARAMETERS
|
||||
$admin_user = undef,
|
||||
$admin_tenant_name = undef,
|
||||
|
@ -162,5 +180,7 @@ class swift::proxy::authtoken(
|
|||
'filter:authtoken/delay_auth_decision': value => $delay_auth_decision;
|
||||
'filter:authtoken/cache': value => $cache;
|
||||
'filter:authtoken/include_service_catalog': value => $include_service_catalog;
|
||||
'filter:authtoken/service_token_roles': value => $service_token_roles;
|
||||
'filter:authtoken/service_token_roles_required': value => $service_token_roles_required;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
swift::proxy::authtoken::service_token_roles and
|
||||
swift::proxy::authtoken::service_token_roles_required were added to
|
||||
add support for the authtoken parameters related to service token feature
|
|
@ -32,6 +32,8 @@ describe 'swift::proxy::authtoken' do
|
|||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/delay_auth_decision').with_value('1') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/cache').with_value('swift.cache') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>') }
|
||||
end
|
||||
|
||||
describe "when overriding parameters" do
|
||||
|
@ -42,7 +44,9 @@ describe 'swift::proxy::authtoken' do
|
|||
:admin_password => 'swiftpassword',
|
||||
:cache => 'foo',
|
||||
:delay_auth_decision => '0',
|
||||
:signing_dir => '/home/swift/keystone-signing'
|
||||
:signing_dir => '/home/swift/keystone-signing',
|
||||
:service_token_roles => ['service'],
|
||||
:service_token_roles_required => true,
|
||||
}
|
||||
end
|
||||
|
||||
|
@ -60,6 +64,8 @@ describe 'swift::proxy::authtoken' do
|
|||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/delay_auth_decision').with_value('0') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/cache').with_value('foo') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value(['service']) }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value(true) }
|
||||
end
|
||||
|
||||
describe 'when overriding www_authenticate_uri' do
|
||||
|
|
Loading…
Reference in New Issue