Merge "Add new parameter required for secure RBAC configuration"

This commit is contained in:
Zuul 2021-04-16 17:35:03 +00:00 committed by Gerrit Code Review
commit 4f39c259d2
3 changed files with 14 additions and 0 deletions

View File

@ -122,6 +122,10 @@
# (optional) CA certificate file to use to verify connecting clients
# Defaults to $::os_service_default
#
# [*enforce_secure_rbac*]
# (optional) Enabled enforcing authorization based on common RBAC personas.
# Defaults to $::os_service_default
#
# [*enabled_backends*]
# (optional) List of Key:Value pairs of store identifier and store type.
# Example: ['swift:swift', 'ceph1:ceph', 'ceph2:ceph']
@ -315,6 +319,7 @@ class glance::api(
$cert_file = $::os_service_default,
$key_file = $::os_service_default,
$ca_file = $::os_service_default,
$enforce_secure_rbac = $::os_service_default,
$enabled_backends = undef,
$default_backend = undef,
$container_formats = $::os_service_default,
@ -432,6 +437,7 @@ removed in a future realse. Use glance::api::db::database_max_overflow instead')
'DEFAULT/location_strategy': value => $location_strategy;
'DEFAULT/scrub_time': value => $scrub_time;
'DEFAULT/delayed_delete': value => $delayed_delete;
'DEFAULT/enforce_secure_rbac': value => $enforce_secure_rbac;
'DEFAULT/cache_prefetcher_interval': value => $cache_prefetcher_interval;
'DEFAULT/image_cache_dir': value => $image_cache_dir;
'DEFAULT/image_cache_stall_time': value => $image_cache_stall_time;

View File

@ -0,0 +1,5 @@
---
features:
- |
Add ``enforce_secure_rbac`` parameter to enable enforcing authorization
based on common RBAC personas.

View File

@ -23,6 +23,7 @@ describe 'glance::api' do
:purge_config => false,
:delayed_delete => '<SERVICE DEFAULT>',
:scrub_time => '<SERVICE DEFAULT>',
:enforce_secure_rbac => '<SERVICE DEFAULT>',
:image_cache_dir => '/var/lib/glance/image-cache',
:image_import_plugins => '<SERVICE DEFAULT>',
:image_conversion_output_format => '<SERVICE DEFAULT>',
@ -65,6 +66,7 @@ describe 'glance::api' do
:location_strategy => 'store_type',
:delayed_delete => 'true',
:scrub_time => '10',
:enforce_secure_rbac => 'true',
:image_cache_dir => '/tmp/glance',
:image_import_plugins => 'image_conversion',
:image_conversion_output_format => 'raw',
@ -125,6 +127,7 @@ describe 'glance::api' do
'location_strategy',
'delayed_delete',
'scrub_time',
'enforce_secure_rbac',
'image_cache_dir',
'image_cache_stall_time',
'image_cache_max_size',