Browse Source

Remove domain role from nova, placement service users

This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the users
the role intended for their project for the domain (i.e., for the Default
domain instead of for the service project).

We add the domain_name attribute that creates the nova and placement
users in the desired domain. Note that this change needs a sufficiently
recent openstackclient cookbook -- otherwise the domain_name attribute
is ignored (which does not matter as long as the users are to be created
in the Default domain).

Change-Id: I333da4d0d93c8a0065c6c1001b5ebed8cd6eab5c
changes/82/519382/2
Roger Luethi 1 year ago
parent
commit
d82d6a9f7c
2 changed files with 3 additions and 18 deletions
  1. 2
    8
      recipes/identity_registration.rb
  2. 1
    10
      spec/identity_registration_spec.rb

+ 2
- 8
recipes/identity_registration.rb View File

@@ -101,12 +101,14 @@ end
101 101
 # Register Service Users
102 102
 openstack_user service_user do
103 103
   project_name service_project_name
104
+  domain_name service_domain_name
104 105
   password service_pass
105 106
   connection_params connection_params
106 107
 end
107 108
 
108 109
 openstack_user placement_service_user do
109 110
   project_name service_project_name
111
+  domain_name service_domain_name
110 112
   password placement_service_pass
111 113
   connection_params connection_params
112 114
 end
@@ -119,12 +121,4 @@ end
119 121
     connection_params connection_params
120 122
     action :grant_role
121 123
   end
122
-
123
-  openstack_user user do
124
-    domain_name service_domain_name
125
-    role_name service_role
126
-    user_name user
127
-    connection_params connection_params
128
-    action :grant_domain
129
-  end
130 124
 end

+ 1
- 10
spec/identity_registration_spec.rb View File

@@ -104,6 +104,7 @@ describe 'openstack-compute::identity_registration' do
104 104
       expect(chef_run).to create_openstack_user(
105 105
         placement_service_user
106 106
       ).with(
107
+        domain_name: domain_name,
107 108
         project_name: project_name,
108 109
         password: placement_password,
109 110
         connection_params: connection_params
@@ -112,16 +113,6 @@ describe 'openstack-compute::identity_registration' do
112 113
 
113 114
     context 'grants user roles' do
114 115
       [service_user, placement_service_user].each do |user_name|
115
-        it do
116
-          expect(chef_run).to grant_domain_openstack_user(
117
-            user_name
118
-          ).with(
119
-            domain_name: domain_name,
120
-            role_name: role_name,
121
-            connection_params: connection_params
122
-          )
123
-        end
124
-
125 116
         it do
126 117
           expect(chef_run).to grant_role_openstack_user(
127 118
             user_name

Loading…
Cancel
Save