From 481d43397cafc633d02b1482a3bfd081e4061a7c Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sat, 8 Jan 2022 12:26:30 +0900 Subject: [PATCH] barbican_service_user: Accept system scope credential This change allows usage of system scope credentials in addition to project scope credentials, to use service user token when accessing Barbican API. Depends-on: https://review.opendev.org/823883 Change-Id: Ica38497337a6ae1c4f9f73cde7017551678daead --- manifests/key_manager/barbican/service_user.pp | 6 ++++++ ...system_scope-barbican_service_user-8b435777fa3757d2.yaml | 5 +++++ .../cinder_key_manager_barbican_service_user_spec.rb | 3 +++ 3 files changed, 14 insertions(+) create mode 100644 releasenotes/notes/system_scope-barbican_service_user-8b435777fa3757d2.yaml diff --git a/manifests/key_manager/barbican/service_user.pp b/manifests/key_manager/barbican/service_user.pp index 1bb19b45..0417bddf 100644 --- a/manifests/key_manager/barbican/service_user.pp +++ b/manifests/key_manager/barbican/service_user.pp @@ -27,6 +27,10 @@ # (Optional) Name of domain for $project_name # Defaults to 'Default' # +# [*system_scope*] +# (Optional) Scope for system operations. +# Defaults to $::os_service_default +# # [*insecure*] # (Optional) If true, explicitly allow TLS without checking server cert # against any certificate authorities. WARNING: not recommended. Use with @@ -65,6 +69,7 @@ class cinder::key_manager::barbican::service_user( $project_name = 'services', $user_domain_name = 'Default', $project_domain_name = 'Default', + $system_scope = $::os_service_default, $insecure = $::os_service_default, $auth_type = 'password', $auth_version = $::os_service_default, @@ -83,6 +88,7 @@ class cinder::key_manager::barbican::service_user( project_name => $project_name, user_domain_name => $user_domain_name, project_domain_name => $project_domain_name, + system_scope => $system_scope, insecure => $insecure, auth_type => $auth_type, auth_version => $auth_version, diff --git a/releasenotes/notes/system_scope-barbican_service_user-8b435777fa3757d2.yaml b/releasenotes/notes/system_scope-barbican_service_user-8b435777fa3757d2.yaml new file mode 100644 index 00000000..3d70d7f8 --- /dev/null +++ b/releasenotes/notes/system_scope-barbican_service_user-8b435777fa3757d2.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The ``cinder::key_manager::barbican::service_user`` class now supports + the ``system_scope`` parameter. diff --git a/spec/classes/cinder_key_manager_barbican_service_user_spec.rb b/spec/classes/cinder_key_manager_barbican_service_user_spec.rb index a1747399..787f1463 100644 --- a/spec/classes/cinder_key_manager_barbican_service_user_spec.rb +++ b/spec/classes/cinder_key_manager_barbican_service_user_spec.rb @@ -16,6 +16,7 @@ describe 'cinder::key_manager::barbican::service_user' do :project_name => 'services', :user_domain_name => 'Default', :project_domain_name => 'Default', + :system_scope => '', :insecure => '', :auth_type => 'password', :auth_version => '', @@ -35,6 +36,7 @@ describe 'cinder::key_manager::barbican::service_user' do :project_name => 'alt_services', :user_domain_name => 'Domain1', :project_domain_name => 'Domain2', + :system_scope => 'all', :insecure => false, :auth_type => 'v3password', :auth_version => 'v3', @@ -53,6 +55,7 @@ describe 'cinder::key_manager::barbican::service_user' do :project_name => 'alt_services', :user_domain_name => 'Domain1', :project_domain_name => 'Domain2', + :system_scope => 'all', :insecure => false, :auth_type => 'v3password', :auth_version => 'v3',