Add support for the interface parameter in authtoken middleware

This patch adds support for [keystone_authtoken] interface parameter, so that operators can define which endpoint should be used by authtoken middleware. Change-Id: Iebb67609a384ee4c6be1d0f8aff86643ff6775c2
2020-07-16 00:29:38 +09:00 · 2020-07-16 00:29:38 +09:00 · a09758194a
commit a09758194a
parent 7a6fa33e77
3 changed files with 16 additions and 1 deletions
--- a/manifests/proxy/authtoken.pp
+++ b/manifests/proxy/authtoken.pp
@ -71,6 +71,11 @@
 #  true/false
 #  Defaults to $::os_service_default.
 #
+# [*interface*]
+#  (Optional) Interface to use for the Identity API endpoint. Valid values are
+#  "public", "internal" or "admin".
+#  Defaults to $::os_service_default.
+#
 # DEPRECATED PARAMETERS
 #
 # [*signing_dir*]
@ -100,6 +105,7 @@ class swift::proxy::authtoken(
  $include_service_catalog      = false,
  $service_token_roles          = $::os_service_default,
  $service_token_roles_required = $::os_service_default,
+  $interface                    = $::os_service_default,
  # DEPRECATED PARAMETERS
  $signing_dir                  = undef
 ) inherits swift::params {
@ -135,5 +141,6 @@ Please set password parameter')
    'filter:authtoken/include_service_catalog':      value => $include_service_catalog;
    'filter:authtoken/service_token_roles':          value => $service_token_roles;
    'filter:authtoken/service_token_roles_required': value => $service_token_roles_required;
+    'filter:authtoken/interface':                    value => $interface,
  }
 }
--- a/releasenotes/notes/keystone-authtoken-interface-a0cdde390fca1a46.yaml
+++ b/releasenotes/notes/keystone-authtoken-interface-a0cdde390fca1a46.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``swift::proxy::authtoken::interface`` parameter has been added,
+    which can be used to set the interface parameter in authtoken middleware.
--- a/spec/classes/swift_proxy_authtoken_spec.rb
+++ b/spec/classes/swift_proxy_authtoken_spec.rb
@ -19,6 +19,7 @@ describe 'swift::proxy::authtoken' do
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value('<SERVICE DEFAULT>') }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>') }
+      it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('<SERVICE DEFAULT>') }
    end

    describe "when overriding parameters" do
@ -26,12 +27,13 @@ describe 'swift::proxy::authtoken' do
        {
          :project_name                 => 'admin',
          :username                     => 'swiftuser',
-          :password                    => 'swiftpassword',
+          :password                     => 'swiftpassword',
          :region_name                  => 'region2',
          :cache                        => 'foo',
          :delay_auth_decision          => '0',
          :service_token_roles          => ['service'],
          :service_token_roles_required => true,
+          :interface                    => 'internal',
        }
      end

@ -51,6 +53,7 @@ describe 'swift::proxy::authtoken' do
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles').with_value(['service']) }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/service_token_roles_required').with_value(true) }
+      it { is_expected.to contain_swift_proxy_config('filter:authtoken/interface').with_value('internal') }
    end

    describe 'when overriding www_authenticate_uri' do