Add support for the keystone_authtoken/service_type parameter

Change-Id: Idad166632710fbb3c43ab9bd089f893bb311c082

manifests/keystone/authtoken.pp

@@ -179,6 +179,11 @@
 #   true/false
 #   Defaults to $::os_service_default.
 #
+# [*service_type*]
+#  (Optional) The name or type of the service as it appears in the service
+#  catalog. This is used to validate tokens that have restricted access rules.
+#  Defaults to $::os_service_default.
+#
 # [*interface*]
 #  (Optional) Interface to use for the Identity API endpoint. Valid values are
 #  "public", "internal" or "admin".
@@ -219,6 +224,7 @@ class watcher::keystone::authtoken (
   $token_cache_time               = $::os_service_default,
   $service_token_roles            = $::os_service_default,
   $service_token_roles_required   = $::os_service_default,
+  $service_type                   = $::os_service_default,
   $interface                      = $::os_service_default,
 ) {
 
@@ -265,6 +271,7 @@ class watcher::keystone::authtoken (
     token_cache_time               => $token_cache_time,
     service_token_roles            => $service_token_roles,
     service_token_roles_required   => $service_token_roles_required,
+    service_type                   => $service_type,
     interface                      => $interface,
   }
 

releasenotes/notes/keystone-authtoken-service_type-276f4e9509781776.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``watcher::keystone::authtoken::service_type`` parameter has been
+    added to configure the service_type parameter in authtoken middleware.

spec/classes/watcher_keystone_authtoken_spec.rb

@@ -48,6 +48,7 @@ describe 'watcher::keystone::authtoken' do
         is_expected.to contain_watcher_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_watcher_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_watcher_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_watcher_config('keystone_authtoken/service_type').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_watcher_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
       end
     end
@@ -89,6 +90,7 @@ describe 'watcher::keystone::authtoken' do
           :token_cache_time                     => '301',
           :service_token_roles                  => ['service'],
           :service_token_roles_required         => false,
+          :service_type                         => 'identity',
           :interface                            => 'internal',
         })
       end
@@ -127,6 +129,7 @@ describe 'watcher::keystone::authtoken' do
         is_expected.to contain_watcher_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
         is_expected.to contain_watcher_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
         is_expected.to contain_watcher_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
+        is_expected.to contain_watcher_config('keystone_authtoken/service_type').with_value(params[:service_type])
         is_expected.to contain_watcher_config('keystone_authtoken/interface').with_value(params[:interface])
       end