Merge "Support service tokens"

defaults/main.yml

@@ -87,11 +87,21 @@ placement_service_internalurl: "{{ placement_service_internaluri_proto }}://{{ i
 placement_service_adminurl: "{{ placement_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ placement_service_port }}"
 placement_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"
 
+# List of roles assigned to placement_service_user_name
+placement_service_role_names:
+  - admin
+  - service
+
+# List of roles for which service tokens will be accepted
+placement_service_token_roles:
+  - service
+
+placement_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
+
 placement_auth_strategy: keystone
 
 ## Keystone authentication middleware
 placement_keystone_auth_type: password
-placement_role_name: admin
 
 # Common pip packages
 placement_pip_packages:

tasks/main.yml

@@ -108,7 +108,7 @@
     _service_users:
       - name: "{{ placement_service_user_name }}"
         password: "{{ placement_service_password }}"
-        role: "{{ placement_role_name }}"
+        role: "{{ placement_service_role_names }}"
     _service_endpoints:
       - service: "{{ placement_service_name }}"
         interface: "public"

templates/placement.conf.j2

@@ -17,6 +17,9 @@ region_name = {{ keystone_service_region }}
 memcached_servers = {{ placement_memcached_servers }}
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcached_encryption_key }}
+service_token_roles_required = {{ placement_service_token_roles_required | bool }}
+service_token_roles = {{ placement_service_token_roles | join(',') }}
+service_type = {{ placement_service_type }}
 
 [placement_database]
 connection = mysql+pymysql://{{ placement_galera_user }}:{{ placement_galera_password }}@{{ placement_galera_address }}/{{ placement_galera_database }}?charset=utf8{% if placement_galera_use_ssl | bool %}&ssl_verify_cert=true{% if placement_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ placement_galera_ssl_ca_cert }}{% endif %}{% endif +%}