Browse Source

Remove domain role from heat service user

This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the heat user
the role intended for its project for the domain (i.e., for the Default
domain instead of for the service project).

We add the domain_name attribute that creates the heat user in the
desired domain. Note that this change needs a sufficiently recent
openstackclient cookbook -- otherwise the domain_name attribute is
ignored (which does not matter as long as the heat user is to be created
in the Default domain).

Change-Id: Ifa3d344a3d9094dd1272b126a4dc9ab951c00972
Roger Luethi 1 year ago
parent
commit
00341ef50a
2 changed files with 2 additions and 18 deletions
  1. 1
    8
      recipes/identity_registration.rb
  2. 1
    10
      spec/identity_registration_spec.rb

+ 1
- 8
recipes/identity_registration.rb View File

@@ -101,6 +101,7 @@ end
101 101
 # Register Service User
102 102
 openstack_user service_user do
103 103
   project_name service_project_name
104
+  domain_name service_domain_name
104 105
   password service_pass
105 106
   connection_params connection_params
106 107
 end
@@ -113,14 +114,6 @@ openstack_user service_user do
113 114
   action :grant_role
114 115
 end
115 116
 
116
-openstack_user service_user do
117
-  domain_name service_domain_name
118
-  role_name service_role
119
-  user_name service_user
120
-  connection_params connection_params
121
-  action :grant_domain
122
-end
123
-
124 117
 # TODO: (MRV) Revert this change until a better solution can be found
125 118
 # Bug: #1309123   reverts 1279577
126 119
 # if node.run_list.include?('openstack-orchestration::api-cfn')

+ 1
- 10
spec/identity_registration_spec.rb View File

@@ -65,22 +65,13 @@ describe 'openstack-orchestration::identity_registration' do
65 65
       expect(chef_run).to create_openstack_user(
66 66
         service_user
67 67
       ).with(
68
+        domain_name: domain_name,
68 69
         project_name: project_name,
69 70
         password: password,
70 71
         connection_params: connection_params
71 72
       )
72 73
     end
73 74
 
74
-    it do
75
-      expect(chef_run).to grant_domain_openstack_user(
76
-        service_user
77
-      ).with(
78
-        domain_name: domain_name,
79
-        role_name: role_name,
80
-        connection_params: connection_params
81
-      )
82
-    end
83
-
84 75
     it do
85 76
       expect(chef_run).to create_openstack_role(
86 77
         'heat_stack_owner'

Loading…
Cancel
Save