Add service role by default

This is the role created to be used by service users. At this moment several services/functionalities still need the admin role so is kept. Change-Id: Ib2d0cf0ddb164fef1e812519eb03209bac7227b5 Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
2025-10-11 11:48:08 +09:00
parent 41a9b299b6
commit cf7fa0d128
3 changed files with 10 additions and 5 deletions
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -33,7 +33,7 @@
 #
 # [*roles*]
 #   (Optional) List of roles assigned to ceilometer user.
-#   Defaults to ['admin']
+#   Defaults to ['admin', 'service']
 #
 # [*system_scope*]
 #   (Optional) Scope for system operations.
@@ -57,7 +57,7 @@ class ceilometer::keystone::auth (
  $configure_user_role = true,
  $region              = 'RegionOne',
  $tenant              = 'services',
-  $roles               = ['admin'],
+  $roles               = ['admin', 'service'],
  $system_scope        = 'all',
  $system_roles        = [],
 ) {
--- a/releasenotes/notes/service-role-26f7cfdcc7c5c991.yaml
+++ b/releasenotes/notes/service-role-26f7cfdcc7c5c991.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The ``ceilometer::keystone::auth`` class now adds the ``service`` role by
+    default. Set the ``roles`` parameter not to add the role.
--- a/spec/classes/ceilometer_keystone_auth_spec.rb
+++ b/spec/classes/ceilometer_keystone_auth_spec.rb
@@ -21,7 +21,7 @@ describe 'ceilometer::keystone::auth' do
        :password            => 'ceilometer_password',
        :email               => 'ceilometer@localhost',
        :tenant              => 'services',
-        :roles               => ['admin'],
+        :roles               => ['admin', 'service'],
        :system_scope        => 'all',
        :system_roles        => [],
      ) }
@@ -33,7 +33,7 @@ describe 'ceilometer::keystone::auth' do
          :auth_name           => 'alt_ceilometer',
          :email               => 'alt_ceilometer@alt_localhost',
          :tenant              => 'alt_service',
-          :roles               => ['admin', 'service'],
+          :roles               => ['admin'],
          :system_scope        => 'alt_all',
          :system_roles        => ['admin', 'member', 'reader'],
          :configure_user      => false,
@@ -51,7 +51,7 @@ describe 'ceilometer::keystone::auth' do
        :password            => 'ceilometer_password',
        :email               => 'alt_ceilometer@alt_localhost',
        :tenant              => 'alt_service',
-        :roles               => ['admin', 'service'],
+        :roles               => ['admin'],
        :system_scope        => 'alt_all',
        :system_roles        => ['admin', 'member', 'reader'],
      ) }