openstack/puppet-cinder
Code Issues Proposed changes

Add service role by default

Browse Source 
This is the role created to be used by service users. At this moment
several services/functionalities still need the admin role so is kept.

Change-Id: I42de8d85ab6b7fb338675d35bcaec10af94cc224
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2025-10-11 12:10:58 +09:00
parent 447958095b
commit b55d8e8c66
3 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/keystone/auth.pp
View File

@@ -73,7 +73,7 @@
# #
# [*roles*] # [*roles*]
# (Optional) List of roles assigned to Cinder user # (Optional) List of roles assigned to Cinder user
# Defaults to ['admin'] # Defaults to ['admin', 'service']
# #
# [*system_scope*] # [*system_scope*]
# (Optional) Scope for system operations used by Cinder v3 user. # (Optional) Scope for system operations used by Cinder v3 user.
@@ -110,7 +110,7 @@ class cinder::keystone::auth (
String[1] $password, String[1] $password,
String[1] $auth_name = 'cinder', String[1] $auth_name = 'cinder',
String[1] $tenant = 'services', String[1] $tenant = 'services',
Array[String[1]] $roles = ['admin'], Array[String[1]] $roles = ['admin', 'service'],
String[1] $system_scope = 'all', String[1] $system_scope = 'all',
Array[String[1]] $system_roles = [], Array[String[1]] $system_roles = [],
String[1] $email = 'cinder@localhost', String[1] $email = 'cinder@localhost',

5
releasenotes/notes/service-role-3e5cd92e56d7de88.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
features:
- |
The ``cinder::keystone::auth`` class now adds the ``service`` role by
default. Set the ``roles`` parameter not to add the role.

6
spec/classes/cinder_keystone_auth_spec.rb
View File

@@ -24,7 +24,7 @@ describe 'cinder::keystone::auth' do
:password => 'cinder_password', :password => 'cinder_password',
:email => 'cinder@localhost', :email => 'cinder@localhost',
:tenant => 'services', :tenant => 'services',
:roles => ['admin'], :roles => ['admin', 'service'],
:system_scope => 'all', :system_scope => 'all',
:system_roles => [], :system_roles => [],
:public_url => 'http://127.0.0.1:8776/v3', :public_url => 'http://127.0.0.1:8776/v3',
@@ -53,7 +53,7 @@ describe 'cinder::keystone::auth' do
:auth_name => 'alt_cinder', :auth_name => 'alt_cinder',
:email => 'alt_cinder@alt_localhost', :email => 'alt_cinder@alt_localhost',
:tenant => 'alt_service', :tenant => 'alt_service',
:roles => ['admin', 'service'], :roles => ['admin'],
:system_scope => 'alt_all', :system_scope => 'alt_all',
:system_roles => ['admin', 'member', 'reader'], :system_roles => ['admin', 'member', 'reader'],
:configure_user => false, :configure_user => false,
@@ -88,7 +88,7 @@ describe 'cinder::keystone::auth' do
:password => 'cinder_password', :password => 'cinder_password',
:email => 'alt_cinder@alt_localhost', :email => 'alt_cinder@alt_localhost',
:tenant => 'alt_service', :tenant => 'alt_service',
:roles => ['admin', 'service'], :roles => ['admin'],
:system_scope => 'alt_all', :system_scope => 'alt_all',
:system_roles => ['admin', 'member', 'reader'], :system_roles => ['admin', 'member', 'reader'],
:public_url => 'https://10.10.10.10:80', :public_url => 'https://10.10.10.10:80',