diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp index 60f81b0..6e70242 100644 --- a/manifests/keystone/authtoken.pp +++ b/manifests/keystone/authtoken.pp @@ -179,6 +179,11 @@ # true/false # Defaults to $::os_service_default. # +# [*service_type*] +# (Optional) The name or type of the service as it appears in the service +# catalog. This is used to validate tokens that have restricted access rules. +# Defaults to $::os_service_default. +# # [*interface*] # (Optional) Interface to use for the Identity API endpoint. Valid values are # "public", "internal" or "admin". @@ -219,6 +224,7 @@ class watcher::keystone::authtoken ( $token_cache_time = $::os_service_default, $service_token_roles = $::os_service_default, $service_token_roles_required = $::os_service_default, + $service_type = $::os_service_default, $interface = $::os_service_default, ) { @@ -265,6 +271,7 @@ class watcher::keystone::authtoken ( token_cache_time => $token_cache_time, service_token_roles => $service_token_roles, service_token_roles_required => $service_token_roles_required, + service_type => $service_type, interface => $interface, } diff --git a/releasenotes/notes/keystone-authtoken-service_type-276f4e9509781776.yaml b/releasenotes/notes/keystone-authtoken-service_type-276f4e9509781776.yaml new file mode 100644 index 0000000..c212581 --- /dev/null +++ b/releasenotes/notes/keystone-authtoken-service_type-276f4e9509781776.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The new ``watcher::keystone::authtoken::service_type`` parameter has been + added to configure the service_type parameter in authtoken middleware. diff --git a/spec/classes/watcher_keystone_authtoken_spec.rb b/spec/classes/watcher_keystone_authtoken_spec.rb index aeff2d9..395bb52 100644 --- a/spec/classes/watcher_keystone_authtoken_spec.rb +++ b/spec/classes/watcher_keystone_authtoken_spec.rb @@ -48,6 +48,7 @@ describe 'watcher::keystone::authtoken' do is_expected.to contain_watcher_config('keystone_authtoken/token_cache_time').with_value('') is_expected.to contain_watcher_config('keystone_authtoken/service_token_roles').with_value('') is_expected.to contain_watcher_config('keystone_authtoken/service_token_roles_required').with_value('') + is_expected.to contain_watcher_config('keystone_authtoken/service_type').with_value('') is_expected.to contain_watcher_config('keystone_authtoken/interface').with_value('') end end @@ -89,6 +90,7 @@ describe 'watcher::keystone::authtoken' do :token_cache_time => '301', :service_token_roles => ['service'], :service_token_roles_required => false, + :service_type => 'identity', :interface => 'internal', }) end @@ -127,6 +129,7 @@ describe 'watcher::keystone::authtoken' do is_expected.to contain_watcher_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time]) is_expected.to contain_watcher_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles]) is_expected.to contain_watcher_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required]) + is_expected.to contain_watcher_config('keystone_authtoken/service_type').with_value(params[:service_type]) is_expected.to contain_watcher_config('keystone_authtoken/interface').with_value(params[:interface]) end