Use service tokens

Change-Id: If81d59cb848ae7e07eb7bcb8d594b5005a7d5528
2023-07-23 14:15:08 +03:30 · 2023-07-23 14:15:08 +03:30 · 91c8a5baf2
parent fcac5812ec
commit 91c8a5baf2
15 changed files with 24 additions and 9 deletions
--- a/cinder/Chart.yaml
+++ b/cinder/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Cinder
 name: cinder
-version: 0.3.12
+version: 0.3.13
 home: https://docs.openstack.org/cinder/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
 sources:
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@ -826,6 +826,8 @@ conf:
    database:
      max_retries: -1
    keystone_authtoken:
+      service_token_roles: service
+      service_token_roles_required: true
      auth_version: v3
      auth_type: password
      memcache_security_strategy: ENCRYPT
@ -848,7 +850,7 @@ conf:
      backend_url: file:///var/lib/cinder/coordination
    service_user:
      auth_type: password
-      send_service_user_token: false
+      send_service_user_token: true
  logging:
    loggers:
      keys:
@ -1224,7 +1226,7 @@ endpoints:
        user_domain_name: default
        project_domain_name: default
      cinder:
-        role: admin
+        role: admin,service
        region_name: RegionOne
        username: cinder
        password: password
--- a/glance/Chart.yaml
+++ b/glance/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Glance
 name: glance
-version: 0.4.8
+version: 0.4.9
 home: https://docs.openstack.org/glance/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
 sources:
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -255,6 +255,8 @@ conf:
    oslo_middleware:
      enable_proxy_headers_parsing: true
    keystone_authtoken:
+      service_token_roles: service
+      service_token_roles_required: true
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.3.15
+version: 0.3.16
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -1814,6 +1814,8 @@ conf:
    ironic:
      endpoint_type: internal
    keystone_authtoken:
+      service_token_roles: service
+      service_token_roles_required: true
      memcache_security_strategy: ENCRYPT
      auth_type: password
      auth_version: v3
--- a/nova/Chart.yaml
+++ b/nova/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nova
 name: nova
-version: 0.3.15
+version: 0.3.16
 home: https://docs.openstack.org/nova/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
 sources:
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -1396,6 +1396,8 @@ conf:
    cell0_database:
      max_retries: -1
    keystone_authtoken:
+      service_token_roles: service
+      service_token_roles_required: true
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
@ -1404,7 +1406,7 @@ conf:
      notify_on_state_change: vm_and_task_state
    service_user:
      auth_type: password
-      send_service_user_token: false
+      send_service_user_token: true
    libvirt:
      connection_uri: "qemu+unix:///system?socket=/run/libvirt/libvirt-sock"
      images_type: qcow2
@ -1694,7 +1696,7 @@ endpoints:
        user_domain_name: default
        project_domain_name: default
      nova:
-        role: admin
+        role: admin,service
        region_name: RegionOne
        username: nova
        password: password
--- a/placement/Chart.yaml
+++ b/placement/Chart.yaml
@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Placement
 name: placement
-version: 0.3.6
+version: 0.3.7
 home: https://docs.openstack.org/placement/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
 sources:
--- a/placement/values.yaml
+++ b/placement/values.yaml
@ -82,6 +82,8 @@ conf:
    placement_database:
      connection: null
    keystone_authtoken:
+      service_token_roles: service
+      service_token_roles_required: true
      auth_version: v3
      auth_type: password
      memcache_security_strategy: ENCRYPT
--- a/releasenotes/notes/cinder.yaml
+++ b/releasenotes/notes/cinder.yaml
@ -62,4 +62,5 @@ cinder:
  - 0.3.10 Define service_type in keystone_authtoken to support application credentials with access rules
  - 0.3.11 Add Zed overrides
  - 0.3.12 Add 2023.1 overrides
+  - 0.3.13 Use service tokens
 ...
--- a/releasenotes/notes/glance.yaml
+++ b/releasenotes/notes/glance.yaml
@ -42,4 +42,5 @@ glance:
  - 0.4.6 Define service_type in keystone_authtoken to support application credentials with access rules
  - 0.4.7 Add Zed overrides
  - 0.4.8 Add 2023.1 overrides
+  - 0.4.9 Use service tokens
 ...
--- a/releasenotes/notes/neutron.yaml
+++ b/releasenotes/notes/neutron.yaml
@ -57,4 +57,5 @@ neutron:
  - 0.3.13 Remove duplicated argument when running a liveness check
  - 0.3.14 Add 2023.1 overrides
  - 0.3.15 Add asap2 support
+  - 0.3.16 Use service tokens
 ...
--- a/releasenotes/notes/nova.yaml
+++ b/releasenotes/notes/nova.yaml
@ -84,4 +84,5 @@ nova:
  - 0.3.13 Add Zed overrides
  - 0.3.14 Add 2023.1 overrides
  - 0.3.15 Ensure that the health check script handles cases where the PID file exists but is empty or does not contain the expected data structure.
+  - 0.3.16 Use service tokens
 ...
--- a/releasenotes/notes/placement.yaml
+++ b/releasenotes/notes/placement.yaml
@ -29,4 +29,5 @@ placement:
  - 0.3.4 Define service_type in keystone_authtoken to support application credentials with access rules
  - 0.3.5 Add Zed overrides
  - 0.3.6 Add 2023.1 overrides
+  - 0.3.7 Use service tokens
 ...