Allow configuration of Zaqar keystone roles

To be able to use the swift backend, we may need to configure Zaqar to
have the proper role to access Swift. This exposes the roles parameter
to allow that.

Change-Id: I9ce1bbc18d02383a5cdd3edbcf8c65c90165fb53

manifests/keystone/auth.pp

@@ -51,11 +51,15 @@
 # [*service_description*]
 #   (optional) Description for keystone service.
 #   Defaults to 'Openstack workflow Service'.
-
+#
 # [*configure_user_role*]
 #   (optional) Whether to configure the admin role for the service user.
 #   Defaults to true
 #
+# [*roles*]
+#   (optional) Roles to give the service user.
+#   Defaults to undef
+#
 class zaqar::keystone::auth(
   $password,
   $email                  = 'zaqar@localhost',
@@ -72,6 +76,7 @@ class zaqar::keystone::auth(
   $configure_user         = true,
   $configure_user_role    = true,
   $service_description    = 'Openstack messaging Service',
+  $roles                  = undef,
 ) {
 
   include ::zaqar::deps
@@ -93,5 +98,6 @@ class zaqar::keystone::auth(
     public_url          => $public_url,
     admin_url           => $admin_url,
     internal_url        => $internal_url,
+    roles               => $roles,
   }
 }

releasenotes/notes/keystone_roles-a4c663156355bb51.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Allow configuration of Zaqar keystone roles, to be able to use as a Swift
+    user when the backend is configured.

spec/classes/zaqar_keystone_auth_spec.rb

@@ -115,6 +115,18 @@ describe 'zaqar::keystone::auth' do
       ) }
 
     end
+
+    describe 'when setting roles' do
+      let :params do
+        { :password => 'zaqar_password',
+          :roles     => ['admin', 'ResellerAdmin'] }
+      end
+
+      it { is_expected.to contain_keystone_user_role('zaqar@services').with(
+        :ensure  => 'present',
+        :roles   => ['admin', 'ResellerAdmin']
+      )}
+    end
   end
 
   on_supported_os({