Enabling support for Thales Luna user id and group id.

The new client software version requires the use of a specific group
called "hsmusers", and for consistency reasons, we are specifying both,
the user id and the group id, and inserting the Barbican username inside
of such a group.

More information can be found on
https://www.thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/client_install/linux_install.htm

Change-Id: Ib7d0c879b3741ca472cd0bbf3a9a88a0fee25cac
Signed-off-by: Mauricio Harley <mharley@redhat.com>

docker/barbican/barbican-base/Dockerfile.j2

@@ -7,7 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{{ macros.configure_user(name='barbican', groups='nfast') }}
+{{ macros.configure_user(name='barbican', groups='nfast,hsmusers') }}
 
 {{ macros.install_packages(barbican_base_packages | customizable("packages")) }}
 

kolla/common/users.py

@@ -341,5 +341,9 @@ USERS = {
     'opensearch-dashboards-user': {
         'uid': 42492,
         'gid': 42492,
+    },
+    'hsmusers-user': {
+        'uid': 42493,  # This is not used, but the group ID is required.
+        'gid': 42493,
     }
 }

releasenotes/notes/fix-luna-hsm-deployment-permissions-issue-dfc2d8c92d2eaf57.yaml

@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    Fixes a bug with Thales Luna HSM deployments.
+    The new client software version requires the use of a specific group
+    called "hsmusers", and for consistency reasons, we are specifying
+    both, the user id and the group id, and inserting the Barbican username
+    inside of such a group.
+    More information can be found at
+    `LP#Luna <https://www.thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/client_install/linux_install.htm>`__