Add support for the service_type parameter in authtoken middleware

Change-Id: Ida59686cf01e4b31db0f99bed9137bc63cf59628

manifests/proxy/authtoken.pp

@@ -71,6 +71,11 @@
 #  true/false
 #  Defaults to $::os_service_default.
 #
+# [*service_type*]
+#  (Optional) The name or type of the service as it appears in the service
+#  catalog. This is used to validate tokens that have restricted access rules.
+#  Defaults to $::os_service_default.
+#
 # [*interface*]
 #  (Optional) Interface to use for the Identity API endpoint. Valid values are
 #  "public", "internal" or "admin".
@@ -109,6 +114,7 @@ class swift::proxy::authtoken(
   $include_service_catalog      = false,
   $service_token_roles          = $::os_service_default,
   $service_token_roles_required = $::os_service_default,
+  $service_type                 = $::os_service_default,
   $interface                    = $::os_service_default,
   # DEPRECATED PARAMETERS
   $signing_dir                  = undef,
@@ -153,6 +159,7 @@ Please set password parameter')
     'filter:authtoken/include_service_catalog':      value => $include_service_catalog;
     'filter:authtoken/service_token_roles':          value => $service_token_roles;
     'filter:authtoken/service_token_roles_required': value => $service_token_roles_required;
+    'filter:authtoken/service_type':                 value => $service_type;
     'filter:authtoken/interface':                    value => $interface,
   }
 

releasenotes/notes/keystone-authtoken-service_type-135867e7fa30d712.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``swift::proxy::authtoken::service_type`` parameter has been
+    added to configure the service_type parameter in authtoken middleware.

spec/classes/swift_proxy_authtoken_spec.rb

@@ -19,6 +19,7 @@ describe 'swift::proxy::authtoken' do
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>') }
+      it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_type').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_plugin').with_ensure('absent') }
     end
@@ -34,6 +35,7 @@ describe 'swift::proxy::authtoken' do
           :delay_auth_decision          => '0',
           :service_token_roles          => ['service'],
           :service_token_roles_required => true,
+          :service_type                 => 'identity',
           :interface                    => 'internal',
         }
       end
@@ -54,6 +56,7 @@ describe 'swift::proxy::authtoken' do
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value(['service']) }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value(true) }
+      it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_type').with_value('identity') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('internal') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_plugin').with_ensure('absent') }
     end