Browse Source

Remove domain role from cinder service user

This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the user the
role intended for their project for the domain (i.e., for the Default
domain instead of for the service project).

We add the domain_name attribute that creates the cinder user in the
desired domain. Note that this change needs a sufficiently recent
openstackclient cookbook -- otherwise the domain_name attribute is
ignored (which does not matter as long as the cinder user is to be
created in the Default domain).

Change-Id: I3d3cad8f870f80b577ded04588c401c27c62fbc8
Roger Luethi 1 year ago
parent
commit
54f8d6d917
2 changed files with 2 additions and 17 deletions
  1. 1
    7
      recipes/identity_registration.rb
  2. 1
    10
      spec/identity_registration_spec.rb

+ 1
- 7
recipes/identity_registration.rb View File

@@ -80,6 +80,7 @@ end
80 80
 # Register Service User
81 81
 openstack_user service_user do
82 82
   project_name service_project_name
83
+  domain_name service_domain_name
83 84
   password service_pass
84 85
   connection_params connection_params
85 86
 end
@@ -91,10 +92,3 @@ openstack_user service_user do
91 92
   connection_params connection_params
92 93
   action :grant_role
93 94
 end
94
-
95
-openstack_user service_user do
96
-  domain_name service_domain_name
97
-  role_name service_role
98
-  connection_params connection_params
99
-  action :grant_domain
100
-end

+ 1
- 10
spec/identity_registration_spec.rb View File

@@ -73,22 +73,13 @@ describe 'openstack-block-storage::identity_registration' do
73 73
       expect(chef_run).to create_openstack_user(
74 74
         service_user
75 75
       ).with(
76
+        domain_name: domain_name,
76 77
         project_name: project_name,
77 78
         password: password,
78 79
         connection_params: connection_params
79 80
       )
80 81
     end
81 82
 
82
-    it do
83
-      expect(chef_run).to grant_domain_openstack_user(
84
-        service_user
85
-      ).with(
86
-        domain_name: domain_name,
87
-        role_name: role_name,
88
-        connection_params: connection_params
89
-      )
90
-    end
91
-
92 83
     it do
93 84
       expect(chef_run).to grant_role_openstack_user(
94 85
         service_user

Loading…
Cancel
Save