Service_token_roles_required missing in authtoken config file Edit

Service_token_roles_required missing in the authtoken which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: I67a358e921bd2a85caf242464327033562c46adc
Implements: bug service_token_roles_required missing
Closes-Bug: 1779389

manifests/resource/authtoken.pp

@@ -213,6 +213,12 @@
 #  (Optional) Whether to install the python-memcache package.
 #  Defaults to false.
 #
+# [*service_token_roles_required*]
+#  (optional) backwards compatibility to ensure that the service tokens are
+#  compared against a list of possible roles for validity
+#  true/false
+#  Defaults to $::os_service_default.
+#
 # DEPRECATED PARAMETERS
 #
 # [*auth_uri*]
@@ -255,6 +261,7 @@ define keystone::resource::authtoken(
   $region_name                    = $::os_service_default,
   $token_cache_time               = $::os_service_default,
   $manage_memcache_package        = false,
+  $service_token_roles_required   = $::os_service_default,
   # DEPRECATED PARAMETERS
   $auth_uri                       = undef,
 ) {
@@ -341,6 +348,7 @@ define keystone::resource::authtoken(
     'keystone_authtoken/project_name'                   => {'value' => $project_name},
     'keystone_authtoken/project_domain_name'            => {'value' => $project_domain_name},
     'keystone_authtoken/insecure'                       => {'value' => $insecure},
+    'keystone_authtoken/service_token_roles_required'   => {'value' => $service_token_roles_required},
   }
   create_resources($name, $keystonemiddleware_options)
 }

releasenotes/notes/service_token_roles_required-0574ea85813b533c.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Add 'service_token_roles_required' missing in the authtoken which
+    allows backwards compatibility to ensure that the service tokens are
+    compared against a list of possible roles for validity.

spec/defines/keystone_resource_authtoken_spec.rb

@@ -47,6 +47,7 @@ describe 'keystone::resource::authtoken' do
         is_expected.to contain_keystone_config('keystone_authtoken/memcache_use_advanced_pool').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
       end
     end
@@ -78,6 +79,7 @@ describe 'keystone::resource::authtoken' do
           :include_service_catalog      => false,
           :keyfile                      => 'somekey.key',
           :region_name                  => 'MyRegion',
+          :service_token_roles_required => false,
           :token_cache_time             => '20',
         })
       end
@@ -111,6 +113,7 @@ describe 'keystone::resource::authtoken' do
         is_expected.to contain_keystone_config('keystone_authtoken/memcache_use_advanced_pool').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('keystone_authtoken/region_name').with_value(params[:region_name])
+        is_expected.to contain_keystone_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
         is_expected.to contain_keystone_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
       end
     end