Support service tokens
Implement support for service_tokens. For that we convert role_name to be a list along with renaming corresponding variable. Additionally service_type is defined now for keystone_authtoken which enables to validate tokens with restricted access rules Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690 Change-Id: I7eafa6b989a2fd726369b3959b5e6ba024b82274
This commit is contained in:
parent
79b0b8e1ee
commit
50ee7fe8a9
|
@ -103,9 +103,6 @@ designate_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | default('
|
|||
# TODO(ansmith): Change structure when more backends will be supported
|
||||
designate_oslomsg_amqp1_enabled: "{{ designate_oslomsg_rpc_transport == 'amqp' }}"
|
||||
|
||||
# Designate services info
|
||||
designate_role_name: admin
|
||||
|
||||
## DNS Backend Configuration
|
||||
# Configuration for the DNS backend that Designate will talk to, Designate
|
||||
# supports lots of backends, bind9, powerdns, nsd, djb, dyn, akamai, etc.
|
||||
|
@ -166,7 +163,12 @@ designate_service_user_domain_id: default
|
|||
designate_service_user_name: designate
|
||||
designate_keystone_auth_type: password
|
||||
designate_service_project_name: service
|
||||
|
||||
designate_service_role_names:
|
||||
- admin
|
||||
- service
|
||||
designate_service_token_roles:
|
||||
- service
|
||||
designate_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
|
||||
designate_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(designate_service_proto) }}"
|
||||
designate_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(designate_service_proto) }}"
|
||||
designate_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(designate_service_proto) }}"
|
||||
|
|
|
@ -144,7 +144,7 @@
|
|||
_service_users:
|
||||
- name: "{{ designate_service_user_name }}"
|
||||
password: "{{ designate_service_password }}"
|
||||
role: "{{ designate_role_name }}"
|
||||
role: "{{ designate_service_role_names }}"
|
||||
_service_endpoints:
|
||||
- service: "{{ designate_service_name }}"
|
||||
interface: "public"
|
||||
|
|
|
@ -144,6 +144,10 @@ project_name = {{ designate_service_project_name }}
|
|||
username = {{ designate_service_user_name }}
|
||||
password = {{ designate_service_password }}
|
||||
|
||||
service_token_roles_required = {{ designate_service_token_roles_required | bool }}
|
||||
service_token_roles = {{ designate_service_token_roles | join(',') }}
|
||||
service_type = {{ designate_service_type }}
|
||||
|
||||
memcached_servers = {{ designate_memcached_servers }}
|
||||
|
||||
#-----------------------
|
||||
|
|
Loading…
Reference in New Issue