Allow customizing roles of the ceilometer service user
This change introduces the capability to customize project-scoped and system-scoped roles assigned to the ceilometer service user. Change-Id: I6221fa85ad1fd0388c49f2ed49db1b6645dec3f5
This commit is contained in:
Takashi Kajinami
parent
bcb4265b2b
commit
68d6a51931
@ -31,6 +31,18 @@
|
|||||||
# (Optional) Tenant for Ceilometer user.
|
# (Optional) Tenant for Ceilometer user.
|
||||||
# Defaults to 'services'.
|
# Defaults to 'services'.
|
||||||
#
|
#
|
||||||
|
# [*roles*]
|
||||||
|
# (Optional) List of roles assigned to aodh user.
|
||||||
|
# Defaults to ['admin']
|
||||||
|
#
|
||||||
|
# [*system_scope*]
|
||||||
|
# (Optional) Scope for system operations.
|
||||||
|
# Defaults to 'all'
|
||||||
|
#
|
||||||
|
# [*system_roles*]
|
||||||
|
# (Optional) List of system roles assigned to aodh user.
|
||||||
|
# Defaults to []
|
||||||
|
#
|
||||||
# === Examples:
|
# === Examples:
|
||||||
#
|
#
|
||||||
# class { 'ceilometer::keystone::auth':
|
# class { 'ceilometer::keystone::auth':
|
||||||
@ -45,6 +57,9 @@ class ceilometer::keystone::auth (
|
|||||||
$configure_user_role = true,
|
$configure_user_role = true,
|
||||||
$region = 'RegionOne',
|
$region = 'RegionOne',
|
||||||
$tenant = 'services',
|
$tenant = 'services',
|
||||||
|
$roles = ['admin'],
|
||||||
|
$system_scope = 'all',
|
||||||
|
$system_roles = [],
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include ceilometer::deps
|
include ceilometer::deps
|
||||||
@ -63,5 +78,8 @@ class ceilometer::keystone::auth (
|
|||||||
password => $password,
|
password => $password,
|
||||||
email => $email,
|
email => $email,
|
||||||
tenant => $tenant,
|
tenant => $tenant,
|
||||||
|
roles => $roles,
|
||||||
|
system_scope => $system_scope,
|
||||||
|
system_roles => $system_roles,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The ``ceilometer::keystone::auth`` class now supports customizing roles
|
||||||
|
assigned to the ceilometer service user.
|
||||||
|
|
||||||
|
- |
|
||||||
|
The ``ceilometer::keystone::auth`` class now supports defining assignment
|
||||||
|
of system-scoped roles to the ceilometer user.
|
||||||
@ -21,6 +21,9 @@ describe 'ceilometer::keystone::auth' do
|
|||||||
:password => 'ceilometer_password',
|
:password => 'ceilometer_password',
|
||||||
:email => 'ceilometer@localhost',
|
:email => 'ceilometer@localhost',
|
||||||
:tenant => 'services',
|
:tenant => 'services',
|
||||||
|
:roles => ['admin'],
|
||||||
|
:system_scope => 'all',
|
||||||
|
:system_roles => [],
|
||||||
) }
|
) }
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -30,6 +33,9 @@ describe 'ceilometer::keystone::auth' do
|
|||||||
:auth_name => 'alt_ceilometer',
|
:auth_name => 'alt_ceilometer',
|
||||||
:email => 'alt_ceilometer@alt_localhost',
|
:email => 'alt_ceilometer@alt_localhost',
|
||||||
:tenant => 'alt_service',
|
:tenant => 'alt_service',
|
||||||
|
:roles => ['admin', 'service'],
|
||||||
|
:system_scope => 'alt_all',
|
||||||
|
:system_roles => ['admin', 'member', 'reader'],
|
||||||
:configure_user => false,
|
:configure_user => false,
|
||||||
:configure_user_role => false,
|
:configure_user_role => false,
|
||||||
:region => 'RegionTwo' }
|
:region => 'RegionTwo' }
|
||||||
@ -45,6 +51,9 @@ describe 'ceilometer::keystone::auth' do
|
|||||||
:password => 'ceilometer_password',
|
:password => 'ceilometer_password',
|
||||||
:email => 'alt_ceilometer@alt_localhost',
|
:email => 'alt_ceilometer@alt_localhost',
|
||||||
:tenant => 'alt_service',
|
:tenant => 'alt_service',
|
||||||
|
:roles => ['admin', 'service'],
|
||||||
|
:system_scope => 'alt_all',
|
||||||
|
:system_roles => ['admin', 'member', 'reader'],
|
||||||
) }
|
) }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user