Add support for the interface parameter in authtoken middleware

This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.

Change-Id: Iebb67609a384ee4c6be1d0f8aff86643ff6775c2

manifests/proxy/authtoken.pp

@@ -71,6 +71,11 @@
 #  true/false
 #  Defaults to $::os_service_default.
 #
+# [*interface*]
+#  (Optional) Interface to use for the Identity API endpoint. Valid values are
+#  "public", "internal" or "admin".
+#  Defaults to $::os_service_default.
+#
 # DEPRECATED PARAMETERS
 #
 # [*signing_dir*]
@@ -100,6 +105,7 @@ class swift::proxy::authtoken(
   $include_service_catalog      = false,
   $service_token_roles          = $::os_service_default,
   $service_token_roles_required = $::os_service_default,
+  $interface                    = $::os_service_default,
   # DEPRECATED PARAMETERS
   $signing_dir                  = undef
 ) inherits swift::params {
@@ -135,5 +141,6 @@ Please set password parameter')
     'filter:authtoken/include_service_catalog':      value => $include_service_catalog;
     'filter:authtoken/service_token_roles':          value => $service_token_roles;
     'filter:authtoken/service_token_roles_required': value => $service_token_roles_required;
+    'filter:authtoken/interface':                    value => $interface,
   }
 }

releasenotes/notes/keystone-authtoken-interface-a0cdde390fca1a46.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``swift::proxy::authtoken::interface`` parameter has been added,
+    which can be used to set the interface parameter in authtoken middleware.

spec/classes/swift_proxy_authtoken_spec.rb

@@ -19,6 +19,7 @@ describe 'swift::proxy::authtoken' do
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>') }
+      it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('<SERVICE DEFAULT>') }
     end
 
     describe "when overriding parameters" do
@@ -26,12 +27,13 @@ describe 'swift::proxy::authtoken' do
         {
           :project_name                 => 'admin',
           :username                     => 'swiftuser',
-          :password                    => 'swiftpassword',
+          :password                     => 'swiftpassword',
           :region_name                  => 'region2',
           :cache                        => 'foo',
           :delay_auth_decision          => '0',
           :service_token_roles          => ['service'],
           :service_token_roles_required => true,
+          :interface                    => 'internal',
         }
       end
 
@@ -51,6 +53,7 @@ describe 'swift::proxy::authtoken' do
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value(['service']) }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value(true) }
+      it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('internal') }
     end
 
     describe 'when overriding www_authenticate_uri' do