summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/keystone/authtoken.pp8
-rw-r--r--releasenotes/notes/service_token_roles_required-a4e6c9d2f3f48074.yaml5
-rw-r--r--spec/classes/glare_keystone_authtoken_spec.rb3
3 files changed, 16 insertions, 0 deletions
diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp
index e01b21f..8e73a20 100644
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@@ -160,6 +160,12 @@
160# (in seconds). Set to -1 to disable caching completely. Integer value 160# (in seconds). Set to -1 to disable caching completely. Integer value
161# Defaults to $::os_service_default. 161# Defaults to $::os_service_default.
162# 162#
163# [*service_token_roles_required*]
164# (optional) backwards compatibility to ensure that the service tokens are
165# compared against a list of possible roles for validity
166# true/false
167# Defaults to $::os_service_default.
168#
163# DEPRECATED PARAMETERS 169# DEPRECATED PARAMETERS
164# 170#
165# [*check_revocations_for_cached*] 171# [*check_revocations_for_cached*]
@@ -212,6 +218,7 @@ class glare::keystone::authtoken(
212 $manage_memcache_package = false, 218 $manage_memcache_package = false,
213 $region_name = $::os_service_default, 219 $region_name = $::os_service_default,
214 $token_cache_time = $::os_service_default, 220 $token_cache_time = $::os_service_default,
221 $service_token_roles_required = $::os_service_default,
215 # DEPRECATED PARAMETERS 222 # DEPRECATED PARAMETERS
216 $check_revocations_for_cached = undef, 223 $check_revocations_for_cached = undef,
217 $hash_algorithms = undef, 224 $hash_algorithms = undef,
@@ -260,6 +267,7 @@ class glare::keystone::authtoken(
260 manage_memcache_package => $manage_memcache_package, 267 manage_memcache_package => $manage_memcache_package,
261 region_name => $region_name, 268 region_name => $region_name,
262 token_cache_time => $token_cache_time, 269 token_cache_time => $token_cache_time,
270 service_token_roles_required => $service_token_roles_required,
263 } 271 }
264} 272}
265 273
diff --git a/releasenotes/notes/service_token_roles_required-a4e6c9d2f3f48074.yaml b/releasenotes/notes/service_token_roles_required-a4e6c9d2f3f48074.yaml
new file mode 100644
index 0000000..60a4521
--- /dev/null
+++ b/releasenotes/notes/service_token_roles_required-a4e6c9d2f3f48074.yaml
@@ -0,0 +1,5 @@
1---
2features:
3 - Service_token_roles_required missing in the server config file which
4 allows backwards compatibility to ensure that the service tokens are
5 compared against a list of possible roles for validity.
diff --git a/spec/classes/glare_keystone_authtoken_spec.rb b/spec/classes/glare_keystone_authtoken_spec.rb
index 4d94b82..eccacc2 100644
--- a/spec/classes/glare_keystone_authtoken_spec.rb
+++ b/spec/classes/glare_keystone_authtoken_spec.rb
@@ -42,6 +42,7 @@ describe 'glare::keystone::authtoken' do
42 is_expected.to contain_glare_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>') 42 is_expected.to contain_glare_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
43 is_expected.to contain_glare_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>') 43 is_expected.to contain_glare_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
44 is_expected.to contain_glare_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>') 44 is_expected.to contain_glare_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
45 is_expected.to contain_glare_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
45 end 46 end
46 end 47 end
47 48
@@ -80,6 +81,7 @@ describe 'glare::keystone::authtoken' do
80 :manage_memcache_package => true, 81 :manage_memcache_package => true,
81 :region_name => 'region2', 82 :region_name => 'region2',
82 :token_cache_time => '301', 83 :token_cache_time => '301',
84 :service_token_roles_required => false,
83 }) 85 })
84 end 86 end
85 87
@@ -115,6 +117,7 @@ describe 'glare::keystone::authtoken' do
115 is_expected.to contain_glare_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211') 117 is_expected.to contain_glare_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
116 is_expected.to contain_glare_config('keystone_authtoken/region_name').with_value(params[:region_name]) 118 is_expected.to contain_glare_config('keystone_authtoken/region_name').with_value(params[:region_name])
117 is_expected.to contain_glare_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time]) 119 is_expected.to contain_glare_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
120 is_expected.to contain_glare_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
118 end 121 end
119 122
120 it 'installs python memcache package' do 123 it 'installs python memcache package' do