Support service tokens
Implement support for service_tokens. For that we convert role_name to be a list along with renaming corresponding variable. Additionally service_type is defined now for keystone_authtoken which enables to validate tokens with restricted access rules Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690 Change-Id: I1d0156a2ad829aa730419e1d9dfa1cd49026a6be Related-Bug: #1948456
This commit is contained in:
parent
091b2dfa72
commit
f755eadadf
|
@ -145,7 +145,12 @@ cinder_service_project_domain_id: default
|
|||
cinder_service_user_domain_id: default
|
||||
cinder_service_user_name: cinder
|
||||
cinder_service_project_name: service
|
||||
cinder_service_role_name: admin
|
||||
cinder_service_role_names:
|
||||
- admin
|
||||
- service
|
||||
cinder_service_token_roles:
|
||||
- service
|
||||
cinder_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
|
||||
cinder_service_region: "{{ service_region | default('RegionOne') }}"
|
||||
cinder_service_description: "Cinder Volume Service"
|
||||
cinder_service_port: 8776
|
||||
|
|
|
@ -180,7 +180,7 @@
|
|||
_service_users:
|
||||
- name: "{{ cinder_service_user_name }}"
|
||||
password: "{{ cinder_service_password }}"
|
||||
role: "{{ cinder_service_role_name }}"
|
||||
role: "{{ cinder_service_role_names }}"
|
||||
when:
|
||||
- "_cinder_is_first_play_host"
|
||||
tags:
|
||||
|
|
|
@ -165,6 +165,10 @@ token_cache_time = 300
|
|||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcached_encryption_key }}
|
||||
|
||||
service_token_roles_required = {{ cinder_service_token_roles_required | bool }}
|
||||
service_token_roles = {{ cinder_service_token_roles | join(',') }}
|
||||
service_type = {{ cinder_service_type }}
|
||||
|
||||
[nova]
|
||||
interface = internal
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
|
|
Loading…
Reference in New Issue