Browse Source

Customize roles assigned to ironic user

This patch introduces a new hieradata ironic::keystone::auth::roles,
to configure customized role assigned to ironic user.

This is required to configure service token feature, as it requires
special role is assigned to the user who uses the feature.

Change-Id: If7e71bb3acaaa6f74279031730b18a7f129edb51
(cherry picked from commit a9da71c39d)
changes/36/703536/1
Takashi Kajinami 1 month ago
parent
commit
2f91ad1584
3 changed files with 23 additions and 0 deletions
  1. +6
    -0
      manifests/keystone/auth.pp
  2. +5
    -0
      releasenotes/notes/keystone-user-roles-9a21ef5f9a74777e.yaml
  3. +12
    -0
      spec/classes/ironic_keystone_auth_spec.rb

+ 6
- 0
manifests/keystone/auth.pp View File

@@ -36,6 +36,10 @@
# (Optional) Tenant for Ironic user.
# Defaults to 'services'.
#
# [*roles*]
# (Optional) List of roles assigned to the ironic service user
# Defaults to ['admin']
#
# [*configure_endpoint*]
# (Optional) Should Ironic endpoint be configured?
# Defaults to true.
@@ -92,6 +96,7 @@ class ironic::keystone::auth (
$auth_name = 'ironic',
$email = 'ironic@localhost',
$tenant = 'services',
$roles = ['admin'],
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
@@ -124,6 +129,7 @@ class ironic::keystone::auth (
password => $password,
email => $email,
tenant => $tenant,
roles => $roles,
public_url => $public_url,
internal_url => $internal_url,
admin_url => $admin_url,

+ 5
- 0
releasenotes/notes/keystone-user-roles-9a21ef5f9a74777e.yaml View File

@@ -0,0 +1,5 @@
---
features:
- |
New parameter, ironic::keystone::auth::roles is introduced to configure
customized role for ironic user in keystone identity.

+ 12
- 0
spec/classes/ironic_keystone_auth_spec.rb View File

@@ -66,6 +66,18 @@ describe 'ironic::keystone::auth' do
#FIXME it { should contain_keystone_endpoint('RegionOne/ironic').with_notify('Service[ironic-server]') }
end

describe 'with overrided roles' do
let :params do
{ :password => 'ironic_password',
:roles => ['admin', 'service']}
end

it { is_expected.to contain_keystone_user_role('ironic@services').with(
:ensure => 'present',
:roles => ['admin', 'service']
)}
end

describe 'with endpoint parameters' do
let :params do
{ :password => 'ironic_password',

Loading…
Cancel
Save