summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZhongShengping <chdzsp@163.com>2019-02-15 10:03:02 +0800
committerZhongShengping <chdzsp@163.com>2019-02-15 10:03:02 +0800
commit1c40ef70f3b0f8aeab08d55234541ffc45aef5e7 (patch)
treebe107d710ab49e252d13c0b07f0e803267f8a867
parent6c5c17f2f6d873ec82f8cd6b45e5002944a61a88 (diff)
Service_token_roles_required missing in the server config fileHEADmaster
Service_token_roles_required missing in the server config file which allows backwards compatibility to ensure that the service tokens are compared against a list of possible roles for validity. Change-Id: Idd23d6b6d3c2bd1d81d9387cacb4471599e56e88 Closes-Bug: 1778198
Notes
Notes (review): Code-Review+2: Tobias Urdin <tobias.urdin@binero.se> Code-Review+2: Emilien Macchi <emilien@redhat.com> Workflow+1: Emilien Macchi <emilien@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 18 Feb 2019 18:10:34 +0000 Reviewed-on: https://review.openstack.org/637102 Project: openstack/puppet-ec2api Branch: refs/heads/master
-rw-r--r--manifests/keystone/authtoken.pp8
-rw-r--r--releasenotes/notes/service_token_roles_required-8a40b333668b42ae.yaml5
-rw-r--r--spec/classes/ec2api_keystone_authtoken_spec.rb3
3 files changed, 16 insertions, 0 deletions
diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp
index 40e89cd..8946f23 100644
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@@ -160,6 +160,12 @@
160# (in seconds). Set to -1 to disable caching completely. Integer value 160# (in seconds). Set to -1 to disable caching completely. Integer value
161# Defaults to $::os_service_default. 161# Defaults to $::os_service_default.
162# 162#
163# [*service_token_roles_required*]
164# (optional) backwards compatibility to ensure that the service tokens are
165# compared against a list of possible roles for validity
166# true/false
167# Defaults to $::os_service_default.
168#
163# DEPRECATED PARAMETERS 169# DEPRECATED PARAMETERS
164# 170#
165# [*check_revocations_for_cached*] 171# [*check_revocations_for_cached*]
@@ -212,6 +218,7 @@ class ec2api::keystone::authtoken(
212 $manage_memcache_package = false, 218 $manage_memcache_package = false,
213 $region_name = $::os_service_default, 219 $region_name = $::os_service_default,
214 $token_cache_time = $::os_service_default, 220 $token_cache_time = $::os_service_default,
221 $service_token_roles_required = $::os_service_default,
215 # DEPRECATED PARAMETERS 222 # DEPRECATED PARAMETERS
216 $check_revocations_for_cached = undef, 223 $check_revocations_for_cached = undef,
217 $hash_algorithms = undef, 224 $hash_algorithms = undef,
@@ -260,5 +267,6 @@ class ec2api::keystone::authtoken(
260 manage_memcache_package => $manage_memcache_package, 267 manage_memcache_package => $manage_memcache_package,
261 region_name => $region_name, 268 region_name => $region_name,
262 token_cache_time => $token_cache_time, 269 token_cache_time => $token_cache_time,
270 service_token_roles_required => $service_token_roles_required,
263 } 271 }
264} 272}
diff --git a/releasenotes/notes/service_token_roles_required-8a40b333668b42ae.yaml b/releasenotes/notes/service_token_roles_required-8a40b333668b42ae.yaml
new file mode 100644
index 0000000..60a4521
--- /dev/null
+++ b/releasenotes/notes/service_token_roles_required-8a40b333668b42ae.yaml
@@ -0,0 +1,5 @@
1---
2features:
3 - Service_token_roles_required missing in the server config file which
4 allows backwards compatibility to ensure that the service tokens are
5 compared against a list of possible roles for validity.
diff --git a/spec/classes/ec2api_keystone_authtoken_spec.rb b/spec/classes/ec2api_keystone_authtoken_spec.rb
index 7f68b97..9192300 100644
--- a/spec/classes/ec2api_keystone_authtoken_spec.rb
+++ b/spec/classes/ec2api_keystone_authtoken_spec.rb
@@ -46,6 +46,7 @@ describe 'ec2api::keystone::authtoken' do
46 is_expected.to contain_ec2api_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>') 46 is_expected.to contain_ec2api_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
47 is_expected.to contain_ec2api_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>') 47 is_expected.to contain_ec2api_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
48 is_expected.to contain_ec2api_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>') 48 is_expected.to contain_ec2api_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
49 is_expected.to contain_ec2api_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
49 end 50 end
50 end 51 end
51 52
@@ -86,6 +87,7 @@ describe 'ec2api::keystone::authtoken' do
86 :manage_memcache_package => true, 87 :manage_memcache_package => true,
87 :region_name => 'region2', 88 :region_name => 'region2',
88 :token_cache_time => '301', 89 :token_cache_time => '301',
90 :service_token_roles_required => false,
89 }) 91 })
90 end 92 end
91 93
@@ -121,6 +123,7 @@ describe 'ec2api::keystone::authtoken' do
121 is_expected.to contain_ec2api_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211') 123 is_expected.to contain_ec2api_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
122 is_expected.to contain_ec2api_config('keystone_authtoken/region_name').with_value(params[:region_name]) 124 is_expected.to contain_ec2api_config('keystone_authtoken/region_name').with_value(params[:region_name])
123 is_expected.to contain_ec2api_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time]) 125 is_expected.to contain_ec2api_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
126 is_expected.to contain_ec2api_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
124 end 127 end
125 128
126 it 'installs python memcache package' do 129 it 'installs python memcache package' do