Support service tokens
Implement support for service_tokens. For that we convert role_name to be a list along with renaming corresponding variable. Additionally service_type is defined now for keystone_authtoken which enables to validate tokens with restricted access rules Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690 Change-Id: Ib5d15aaf56112a776e2b9abb2396f9ea4f4fe319
This commit is contained in:
parent
a69fc500fa
commit
1d39c7ab44
|
@ -130,7 +130,12 @@ heat_profiler_trace_sqlalchemy: false
|
|||
heat_service_region: "{{ service_region | default('RegionOne') }}"
|
||||
heat_service_project_name: "service"
|
||||
heat_service_user_name: "heat"
|
||||
heat_service_role_name: admin
|
||||
heat_service_role_names:
|
||||
- admin
|
||||
- service
|
||||
heat_service_token_roles:
|
||||
- service
|
||||
heat_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
|
||||
heat_service_project_domain_id: default
|
||||
heat_service_user_domain_id: default
|
||||
heat_keystone_auth_plugin: password
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
password: "{{ heat_service_password }}"
|
||||
domain: default
|
||||
project: "{{ heat_service_project_name }}"
|
||||
role: "{{ heat_service_role_name }}"
|
||||
role: "{{ heat_service_role_names }}"
|
||||
# We add the keystone role used by heat to delegate to the heat service user
|
||||
# for performing deferred operations via trusts.
|
||||
- name: "{{ heat_service_user_name }}"
|
||||
|
|
|
@ -94,6 +94,10 @@ username = {{ heat_service_user_name }}
|
|||
password = {{ heat_service_password }}
|
||||
region_name = {{ keystone_service_region }}
|
||||
|
||||
service_token_roles_required = {{ heat_service_token_roles_required | bool }}
|
||||
service_token_roles = {{ heat_service_token_roles | join(',') }}
|
||||
service_type = {{ heat_service_type }}
|
||||
|
||||
memcached_servers = {{ heat_memcached_servers }}
|
||||
|
||||
token_cache_time = 300
|
||||
|
|
Loading…
Reference in New Issue