Customize roles assigned to ironic user
This patch introduces a new hieradata ironic::keystone::auth::roles,
to configure customized role assigned to ironic user.
This is required to configure service token feature, as it requires
special role is assigned to the user who uses the feature.
Change-Id: If7e71bb3acaaa6f74279031730b18a7f129edb51
(cherry picked from commit a9da71c39d
)
This commit is contained in:
parent
8fe69788e7
commit
2f91ad1584
|
@ -36,6 +36,10 @@
|
||||||
# (Optional) Tenant for Ironic user.
|
# (Optional) Tenant for Ironic user.
|
||||||
# Defaults to 'services'.
|
# Defaults to 'services'.
|
||||||
#
|
#
|
||||||
|
# [*roles*]
|
||||||
|
# (Optional) List of roles assigned to the ironic service user
|
||||||
|
# Defaults to ['admin']
|
||||||
|
#
|
||||||
# [*configure_endpoint*]
|
# [*configure_endpoint*]
|
||||||
# (Optional) Should Ironic endpoint be configured?
|
# (Optional) Should Ironic endpoint be configured?
|
||||||
# Defaults to true.
|
# Defaults to true.
|
||||||
|
@ -92,6 +96,7 @@ class ironic::keystone::auth (
|
||||||
$auth_name = 'ironic',
|
$auth_name = 'ironic',
|
||||||
$email = 'ironic@localhost',
|
$email = 'ironic@localhost',
|
||||||
$tenant = 'services',
|
$tenant = 'services',
|
||||||
|
$roles = ['admin'],
|
||||||
$configure_endpoint = true,
|
$configure_endpoint = true,
|
||||||
$configure_user = true,
|
$configure_user = true,
|
||||||
$configure_user_role = true,
|
$configure_user_role = true,
|
||||||
|
@ -124,6 +129,7 @@ class ironic::keystone::auth (
|
||||||
password => $password,
|
password => $password,
|
||||||
email => $email,
|
email => $email,
|
||||||
tenant => $tenant,
|
tenant => $tenant,
|
||||||
|
roles => $roles,
|
||||||
public_url => $public_url,
|
public_url => $public_url,
|
||||||
internal_url => $internal_url,
|
internal_url => $internal_url,
|
||||||
admin_url => $admin_url,
|
admin_url => $admin_url,
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
New parameter, ironic::keystone::auth::roles is introduced to configure
|
||||||
|
customized role for ironic user in keystone identity.
|
|
@ -66,6 +66,18 @@ describe 'ironic::keystone::auth' do
|
||||||
#FIXME it { should contain_keystone_endpoint('RegionOne/ironic').with_notify('Service[ironic-server]') }
|
#FIXME it { should contain_keystone_endpoint('RegionOne/ironic').with_notify('Service[ironic-server]') }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'with overrided roles' do
|
||||||
|
let :params do
|
||||||
|
{ :password => 'ironic_password',
|
||||||
|
:roles => ['admin', 'service']}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { is_expected.to contain_keystone_user_role('ironic@services').with(
|
||||||
|
:ensure => 'present',
|
||||||
|
:roles => ['admin', 'service']
|
||||||
|
)}
|
||||||
|
end
|
||||||
|
|
||||||
describe 'with endpoint parameters' do
|
describe 'with endpoint parameters' do
|
||||||
let :params do
|
let :params do
|
||||||
{ :password => 'ironic_password',
|
{ :password => 'ironic_password',
|
||||||
|
|
Loading…
Reference in New Issue