commit fb9a9d668fddbd4dc3900487871006a0482b6d9b Author: Takashi Kajinami Date: Mon Oct 19 18:46:20 2020 +0900 Add support for the service_type parameter in authtoken middleware Change-Id: Ida59686cf01e4b31db0f99bed9137bc63cf59628 diff --git a/manifests/proxy/authtoken.pp b/manifests/proxy/authtoken.pp index c0fb194..c806f55 100644 --- a/manifests/proxy/authtoken.pp +++ b/manifests/proxy/authtoken.pp @@ -71,6 +71,11 @@ # true/false # Defaults to $::os_service_default. # +# [*service_type*] +# (Optional) The name or type of the service as it appears in the service +# catalog. This is used to validate tokens that have restricted access rules. +# Defaults to $::os_service_default. +# # [*interface*] # (Optional) Interface to use for the Identity API endpoint. Valid values are # "public", "internal" or "admin". @@ -109,6 +114,7 @@ class swift::proxy::authtoken( $include_service_catalog = false, $service_token_roles = $::os_service_default, $service_token_roles_required = $::os_service_default, + $service_type = $::os_service_default, $interface = $::os_service_default, # DEPRECATED PARAMETERS $signing_dir = undef, @@ -153,6 +159,7 @@ Please set password parameter') 'filter:authtoken/include_service_catalog': value => $include_service_catalog; 'filter:authtoken/service_token_roles': value => $service_token_roles; 'filter:authtoken/service_token_roles_required': value => $service_token_roles_required; + 'filter:authtoken/service_type': value => $service_type; 'filter:authtoken/interface': value => $interface, } diff --git a/releasenotes/notes/keystone-authtoken-service_type-135867e7fa30d712.yaml b/releasenotes/notes/keystone-authtoken-service_type-135867e7fa30d712.yaml new file mode 100644 index 0000000..8c367b0 --- /dev/null +++ b/releasenotes/notes/keystone-authtoken-service_type-135867e7fa30d712.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The new ``swift::proxy::authtoken::service_type`` parameter has been + added to configure the service_type parameter in authtoken middleware. diff --git a/spec/classes/swift_proxy_authtoken_spec.rb b/spec/classes/swift_proxy_authtoken_spec.rb index d6b5683..48bf12a 100644 --- a/spec/classes/swift_proxy_authtoken_spec.rb +++ b/spec/classes/swift_proxy_authtoken_spec.rb @@ -19,6 +19,7 @@ describe 'swift::proxy::authtoken' do it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value('') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value('') } + it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_type').with_value('') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_plugin').with_ensure('absent') } end @@ -34,6 +35,7 @@ describe 'swift::proxy::authtoken' do :delay_auth_decision => '0', :service_token_roles => ['service'], :service_token_roles_required => true, + :service_type => 'identity', :interface => 'internal', } end @@ -54,6 +56,7 @@ describe 'swift::proxy::authtoken' do it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value(['service']) } it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value(true) } + it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_type').with_value('identity') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('internal') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_plugin').with_ensure('absent') } end