Remove domain role from nova, placement service users
This patch removes the openstack_user resource with :grant_domain action. A user is always created within a specific domain; such a membership cannot be tacked on later. This resource gave the users the role intended for their project for the domain (i.e., for the Default domain instead of for the service project). We add the domain_name attribute that creates the nova and placement users in the desired domain. Note that this change needs a sufficiently recent openstackclient cookbook -- otherwise the domain_name attribute is ignored (which does not matter as long as the users are to be created in the Default domain). Change-Id: I333da4d0d93c8a0065c6c1001b5ebed8cd6eab5c
This commit is contained in:
Roger Luethi
parent
cb414a9655
commit
d82d6a9f7c
@ -101,12 +101,14 @@ end
|
|||||||
# Register Service Users
|
# Register Service Users
|
||||||
openstack_user service_user do
|
openstack_user service_user do
|
||||||
project_name service_project_name
|
project_name service_project_name
|
||||||
|
domain_name service_domain_name
|
||||||
password service_pass
|
password service_pass
|
||||||
connection_params connection_params
|
connection_params connection_params
|
||||||
end
|
end
|
||||||
|
|
||||||
openstack_user placement_service_user do
|
openstack_user placement_service_user do
|
||||||
project_name service_project_name
|
project_name service_project_name
|
||||||
|
domain_name service_domain_name
|
||||||
password placement_service_pass
|
password placement_service_pass
|
||||||
connection_params connection_params
|
connection_params connection_params
|
||||||
end
|
end
|
||||||
@ -119,12 +121,4 @@ end
|
|||||||
connection_params connection_params
|
connection_params connection_params
|
||||||
action :grant_role
|
action :grant_role
|
||||||
end
|
end
|
||||||
|
|
||||||
openstack_user user do
|
|
||||||
domain_name service_domain_name
|
|
||||||
role_name service_role
|
|
||||||
user_name user
|
|
||||||
connection_params connection_params
|
|
||||||
action :grant_domain
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|||||||
@ -104,6 +104,7 @@ describe 'openstack-compute::identity_registration' do
|
|||||||
expect(chef_run).to create_openstack_user(
|
expect(chef_run).to create_openstack_user(
|
||||||
placement_service_user
|
placement_service_user
|
||||||
).with(
|
).with(
|
||||||
|
domain_name: domain_name,
|
||||||
project_name: project_name,
|
project_name: project_name,
|
||||||
password: placement_password,
|
password: placement_password,
|
||||||
connection_params: connection_params
|
connection_params: connection_params
|
||||||
@ -112,16 +113,6 @@ describe 'openstack-compute::identity_registration' do
|
|||||||
|
|
||||||
context 'grants user roles' do
|
context 'grants user roles' do
|
||||||
[service_user, placement_service_user].each do |user_name|
|
[service_user, placement_service_user].each do |user_name|
|
||||||
it do
|
|
||||||
expect(chef_run).to grant_domain_openstack_user(
|
|
||||||
user_name
|
|
||||||
).with(
|
|
||||||
domain_name: domain_name,
|
|
||||||
role_name: role_name,
|
|
||||||
connection_params: connection_params
|
|
||||||
)
|
|
||||||
end
|
|
||||||
|
|
||||||
it do
|
it do
|
||||||
expect(chef_run).to grant_role_openstack_user(
|
expect(chef_run).to grant_role_openstack_user(
|
||||||
user_name
|
user_name
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user