Merge "Allow customizing roles of the ceilometer service user"

This commit is contained in:
Zuul 2022-01-24 18:11:15 +00:00 committed by Gerrit Code Review
commit 2101af92df
3 changed files with 36 additions and 0 deletions

View File

@ -31,6 +31,18 @@
# (Optional) Tenant for Ceilometer user.
# Defaults to 'services'.
#
# [*roles*]
# (Optional) List of roles assigned to aodh user.
# Defaults to ['admin']
#
# [*system_scope*]
# (Optional) Scope for system operations.
# Defaults to 'all'
#
# [*system_roles*]
# (Optional) List of system roles assigned to aodh user.
# Defaults to []
#
# === Examples:
#
# class { 'ceilometer::keystone::auth':
@ -45,6 +57,9 @@ class ceilometer::keystone::auth (
$configure_user_role = true,
$region = 'RegionOne',
$tenant = 'services',
$roles = ['admin'],
$system_scope = 'all',
$system_roles = [],
) {
include ceilometer::deps
@ -63,5 +78,8 @@ class ceilometer::keystone::auth (
password => $password,
email => $email,
tenant => $tenant,
roles => $roles,
system_scope => $system_scope,
system_roles => $system_roles,
}
}

View File

@ -0,0 +1,9 @@
---
features:
- |
The ``ceilometer::keystone::auth`` class now supports customizing roles
assigned to the ceilometer service user.
- |
The ``ceilometer::keystone::auth`` class now supports defining assignment
of system-scoped roles to the ceilometer user.

View File

@ -21,6 +21,9 @@ describe 'ceilometer::keystone::auth' do
:password => 'ceilometer_password',
:email => 'ceilometer@localhost',
:tenant => 'services',
:roles => ['admin'],
:system_scope => 'all',
:system_roles => [],
) }
end
@ -30,6 +33,9 @@ describe 'ceilometer::keystone::auth' do
:auth_name => 'alt_ceilometer',
:email => 'alt_ceilometer@alt_localhost',
:tenant => 'alt_service',
:roles => ['admin', 'service'],
:system_scope => 'alt_all',
:system_roles => ['admin', 'member', 'reader'],
:configure_user => false,
:configure_user_role => false,
:region => 'RegionTwo' }
@ -45,6 +51,9 @@ describe 'ceilometer::keystone::auth' do
:password => 'ceilometer_password',
:email => 'alt_ceilometer@alt_localhost',
:tenant => 'alt_service',
:roles => ['admin', 'service'],
:system_scope => 'alt_all',
:system_roles => ['admin', 'member', 'reader'],
) }
end
end