Browse Source

Remove domain role from neutron service user

This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the user the
role intended for their project for the domain (i.e., for the Default
domain instead of for the service project).

We add the domain_name attribute that creates the neutron user in the
desired domain. Note that this change needs a sufficiently recent
openstackclient cookbook -- otherwise the domain_name attribute is
ignored (which does not matter as long as the neutron user is to be
created in the Default domain).

Change-Id: I4b67565c9408c758acefc681dd756a1dca836ec3
changes/79/519379/2
Roger Luethi 1 year ago
parent
commit
c678df66d6
2 changed files with 2 additions and 17 deletions
  1. 1
    7
      recipes/identity_registration.rb
  2. 1
    10
      spec/identity_registration_spec.rb

+ 1
- 7
recipes/identity_registration.rb View File

@@ -86,6 +86,7 @@ end
86 86
 # Register Service User
87 87
 openstack_user service_user do
88 88
   project_name service_tenant_name
89
+  domain_name service_domain_name
89 90
   password service_pass
90 91
   connection_params connection_params
91 92
 end
@@ -97,10 +98,3 @@ openstack_user service_user do
97 98
   connection_params connection_params
98 99
   action :grant_role
99 100
 end
100
-
101
-openstack_user service_user do
102
-  domain_name service_domain_name
103
-  role_name service_role
104
-  connection_params connection_params
105
-  action :grant_domain
106
-end

+ 1
- 10
spec/identity_registration_spec.rb View File

@@ -67,22 +67,13 @@ describe 'openstack-network::identity_registration' do
67 67
       expect(chef_run).to create_openstack_user(
68 68
         service_user
69 69
       ).with(
70
+        domain_name: domain_name,
70 71
         project_name: project_name,
71 72
         password: password,
72 73
         connection_params: connection_params
73 74
       )
74 75
     end
75 76
 
76
-    it do
77
-      expect(chef_run).to grant_domain_openstack_user(
78
-        service_user
79
-      ).with(
80
-        domain_name: domain_name,
81
-        role_name: role_name,
82
-        connection_params: connection_params
83
-      )
84
-    end
85
-
86 77
     it do
87 78
       expect(chef_run).to grant_role_openstack_user(
88 79
         service_user

Loading…
Cancel
Save