Remove dependency on the Keystone admin auth token

Now that auth token usage is deprecated, prefer the admin user and password for all barbican setup tasks run against keystone. Change-Id: I7c839b52c04bc7e889d10f52c08d1b4453eabc5d
2016-03-17 14:52:53 -07:00 · 2016-03-17 14:52:53 -07:00 · d8583df31c
parent f26e994bf9
commit d8583df31c
2 changed files with 20 additions and 5 deletions
--- a/README.rst
+++ b/README.rst
@ -15,9 +15,13 @@ Default Variables
 Required Variables
 ==================

-barbican_service_password
+barbican_galera_address
 barbican_galera_password
 barbican_rabbitmq_password
+barbican_service_password
+keystone_admin_user_name
+keystone_auth_admin_password
+keystone_admin_tenant_name

 Example Playbook
 ================
@ -36,3 +40,6 @@ Example Playbook
       barbican_service_password: SuperSecretePassword1
       barbican_galera_password: SuperSecretePassword2
       barbican_rabbitmq_password: SuperSecretePassword3
+       keystone_admin_user_name: admin
+       keystone_auth_admin_password: SuperSecretePassword4
+       keystone_admin_tenant_name: admin
--- a/tasks/service-setup.yml
+++ b/tasks/service-setup.yml
@ -16,8 +16,10 @@
 - name: Ensure the service for Barbican exists
  keystone:
    command: "ensure_service"
-    token: "{{ keystone_auth_admin_token }}"
    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
    service_name: "{{ barbican_service_name }}"
    service_type: "{{ barbican_service_type }}"
@ -34,8 +36,10 @@
 - name: Ensure the Barbican user exists
  keystone:
    command: "ensure_user"
-    token: "{{ keystone_auth_admin_token }}"
    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
    user_name: "{{ barbican_service_user_name }}"
    tenant_name: "{{ barbican_service_project_name }}"
@ -53,8 +57,10 @@
 - name: Ensure the Barbican user has the admin role
  keystone:
    command: "ensure_user_role"
-    token: "{{ keystone_auth_admin_token }}"
    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
    user_name: "{{ barbican_service_user_name }}"
    tenant_name: "{{ barbican_service_project_name }}"
    role_name: "{{ item }}"
@ -72,8 +78,10 @@
 - name: Ensure the Barbican endpoint is registered
  keystone:
    command: "ensure_endpoint"
-    token: "{{ keystone_auth_admin_token }}"
    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
    region_name: "{{ barbican_service_region }}"
    service_name: "{{ barbican_service_name }}"