summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/api/authtoken.pp8
-rw-r--r--manifests/registry/authtoken.pp8
-rw-r--r--releasenotes/notes/service_token_roles_required-84a52781e88fc5bb.yaml5
-rw-r--r--spec/classes/glance_api_authtoken_spec.rb3
-rw-r--r--spec/classes/glance_registry_authtoken_spec.rb3
5 files changed, 27 insertions, 0 deletions
diff --git a/manifests/api/authtoken.pp b/manifests/api/authtoken.pp
index acabba2..c2eb8ab 100644
--- a/manifests/api/authtoken.pp
+++ b/manifests/api/authtoken.pp
@@ -161,6 +161,12 @@
161# (in seconds). Set to -1 to disable caching completely. Integer value 161# (in seconds). Set to -1 to disable caching completely. Integer value
162# Defaults to $::os_service_default. 162# Defaults to $::os_service_default.
163# 163#
164# [*service_token_roles_required*]
165# (optional) backwards compatibility to ensure that the service tokens are
166# compared against a list of possible roles for validity
167# true/false
168# Defaults to $::os_service_default.
169#
164# DEPRECATED PARAMETERS 170# DEPRECATED PARAMETERS
165# 171#
166# [*check_revocations_for_cached*] 172# [*check_revocations_for_cached*]
@@ -213,6 +219,7 @@ class glance::api::authtoken(
213 $manage_memcache_package = false, 219 $manage_memcache_package = false,
214 $region_name = $::os_service_default, 220 $region_name = $::os_service_default,
215 $token_cache_time = $::os_service_default, 221 $token_cache_time = $::os_service_default,
222 $service_token_roles_required = $::os_service_default,
216 # DEPRECATED PARAMETERS 223 # DEPRECATED PARAMETERS
217 $check_revocations_for_cached = undef, 224 $check_revocations_for_cached = undef,
218 $hash_algorithms = undef, 225 $hash_algorithms = undef,
@@ -265,5 +272,6 @@ class glance::api::authtoken(
265 manage_memcache_package => $manage_memcache_package, 272 manage_memcache_package => $manage_memcache_package,
266 region_name => $region_name, 273 region_name => $region_name,
267 token_cache_time => $token_cache_time, 274 token_cache_time => $token_cache_time,
275 service_token_roles_required => $service_token_roles_required,
268 } 276 }
269} 277}
diff --git a/manifests/registry/authtoken.pp b/manifests/registry/authtoken.pp
index 3787661..ac8674d 100644
--- a/manifests/registry/authtoken.pp
+++ b/manifests/registry/authtoken.pp
@@ -161,6 +161,12 @@
161# (in seconds). Set to -1 to disable caching completely. Integer value 161# (in seconds). Set to -1 to disable caching completely. Integer value
162# Defaults to $::os_service_default. 162# Defaults to $::os_service_default.
163# 163#
164# [*service_token_roles_required*]
165# (optional) backwards compatibility to ensure that the service tokens are
166# compared against a list of possible roles for validity
167# true/false
168# Defaults to $::os_service_default.
169#
164# DEPRECATED PARAMETERS 170# DEPRECATED PARAMETERS
165# 171#
166# [*check_revocations_for_cached*] 172# [*check_revocations_for_cached*]
@@ -213,6 +219,7 @@ class glance::registry::authtoken(
213 $manage_memcache_package = false, 219 $manage_memcache_package = false,
214 $region_name = $::os_service_default, 220 $region_name = $::os_service_default,
215 $token_cache_time = $::os_service_default, 221 $token_cache_time = $::os_service_default,
222 $service_token_roles_required = $::os_service_default,
216 # DEPRECATED PARAMETERS 223 # DEPRECATED PARAMETERS
217 $check_revocations_for_cached = undef, 224 $check_revocations_for_cached = undef,
218 $hash_algorithms = undef, 225 $hash_algorithms = undef,
@@ -265,5 +272,6 @@ class glance::registry::authtoken(
265 manage_memcache_package => $manage_memcache_package, 272 manage_memcache_package => $manage_memcache_package,
266 region_name => $region_name, 273 region_name => $region_name,
267 token_cache_time => $token_cache_time, 274 token_cache_time => $token_cache_time,
275 service_token_roles_required => $service_token_roles_required,
268 } 276 }
269} 277}
diff --git a/releasenotes/notes/service_token_roles_required-84a52781e88fc5bb.yaml b/releasenotes/notes/service_token_roles_required-84a52781e88fc5bb.yaml
new file mode 100644
index 0000000..60a4521
--- /dev/null
+++ b/releasenotes/notes/service_token_roles_required-84a52781e88fc5bb.yaml
@@ -0,0 +1,5 @@
1---
2features:
3 - Service_token_roles_required missing in the server config file which
4 allows backwards compatibility to ensure that the service tokens are
5 compared against a list of possible roles for validity.
diff --git a/spec/classes/glance_api_authtoken_spec.rb b/spec/classes/glance_api_authtoken_spec.rb
index d7bb59f..e6939eb 100644
--- a/spec/classes/glance_api_authtoken_spec.rb
+++ b/spec/classes/glance_api_authtoken_spec.rb
@@ -42,6 +42,7 @@ describe 'glance::api::authtoken' do
42 is_expected.to contain_glance_api_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>') 42 is_expected.to contain_glance_api_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
43 is_expected.to contain_glance_api_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>') 43 is_expected.to contain_glance_api_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
44 is_expected.to contain_glance_api_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>') 44 is_expected.to contain_glance_api_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
45 is_expected.to contain_glance_api_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
45 end 46 end
46 end 47 end
47 48
@@ -80,6 +81,7 @@ describe 'glance::api::authtoken' do
80 :manage_memcache_package => true, 81 :manage_memcache_package => true,
81 :region_name => 'region2', 82 :region_name => 'region2',
82 :token_cache_time => '301', 83 :token_cache_time => '301',
84 :service_token_roles_required => false,
83 }) 85 })
84 end 86 end
85 87
@@ -115,6 +117,7 @@ describe 'glance::api::authtoken' do
115 is_expected.to contain_glance_api_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211') 117 is_expected.to contain_glance_api_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
116 is_expected.to contain_glance_api_config('keystone_authtoken/region_name').with_value(params[:region_name]) 118 is_expected.to contain_glance_api_config('keystone_authtoken/region_name').with_value(params[:region_name])
117 is_expected.to contain_glance_api_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time]) 119 is_expected.to contain_glance_api_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
120 is_expected.to contain_glance_api_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
118 end 121 end
119 122
120 it 'installs python memcache package' do 123 it 'installs python memcache package' do
diff --git a/spec/classes/glance_registry_authtoken_spec.rb b/spec/classes/glance_registry_authtoken_spec.rb
index 266c871..e191f22 100644
--- a/spec/classes/glance_registry_authtoken_spec.rb
+++ b/spec/classes/glance_registry_authtoken_spec.rb
@@ -42,6 +42,7 @@ describe 'glance::registry::authtoken' do
42 is_expected.to contain_glance_registry_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>') 42 is_expected.to contain_glance_registry_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
43 is_expected.to contain_glance_registry_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>') 43 is_expected.to contain_glance_registry_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
44 is_expected.to contain_glance_registry_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>') 44 is_expected.to contain_glance_registry_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
45 is_expected.to contain_glance_registry_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
45 end 46 end
46 end 47 end
47 48
@@ -80,6 +81,7 @@ describe 'glance::registry::authtoken' do
80 :manage_memcache_package => true, 81 :manage_memcache_package => true,
81 :region_name => 'region2', 82 :region_name => 'region2',
82 :token_cache_time => '301', 83 :token_cache_time => '301',
84 :service_token_roles_required => false,
83 }) 85 })
84 end 86 end
85 87
@@ -115,6 +117,7 @@ describe 'glance::registry::authtoken' do
115 is_expected.to contain_glance_registry_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211') 117 is_expected.to contain_glance_registry_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
116 is_expected.to contain_glance_registry_config('keystone_authtoken/region_name').with_value(params[:region_name]) 118 is_expected.to contain_glance_registry_config('keystone_authtoken/region_name').with_value(params[:region_name])
117 is_expected.to contain_glance_registry_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time]) 119 is_expected.to contain_glance_registry_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
120 is_expected.to contain_glance_registry_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
118 end 121 end
119 122
120 it 'installs python memcache package' do 123 it 'installs python memcache package' do