json_rpc: accept system scope credential

This change allows users to use system-scoped credential for [json_rpc]
parameters, instead of project-scoped credential.

Change-Id: I4523b0dc508d7c3f6fc1bcbfb85bbd8f7b599038
This commit is contained in:
Takashi Kajinami 2022-02-18 01:12:35 +09:00
parent e992425e01
commit 37ac047e9d
3 changed files with 37 additions and 2 deletions

View File

@ -65,6 +65,10 @@
# (optional) The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*allowed_roles*]
# (optional) List of roles allowed to use JSON RPC.
# Defaults to $::os_service_default
@ -91,11 +95,22 @@ class ironic::json_rpc (
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$allowed_roles = $::os_service_default,
$endpoint_override = $::os_service_default,
$region_name = $::os_service_default,
) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config {
'json_rpc/auth_strategy': value => $auth_strategy;
'json_rpc/http_basic_auth_user_file': value => $http_basic_auth_user_file;
@ -106,9 +121,10 @@ class ironic::json_rpc (
'json_rpc/username': value => $username;
'json_rpc/password': value => $password, secret => true;
'json_rpc/auth_url': value => $auth_url;
'json_rpc/project_name': value => $project_name;
'json_rpc/project_name': value => $project_name_real;
'json_rpc/user_domain_name': value => $user_domain_name;
'json_rpc/project_domain_name': value => $project_domain_name;
'json_rpc/project_domain_name': value => $project_domain_name_real;
'json_rpc/system_scope': value => $system_scope;
'json_rpc/allowed_roles': value => join(any2array($allowed_roles), ',');
'json_rpc/endpoint_override': value => $endpoint_override;
'json_rpc/region_name': value => $region_name;

View File

@ -0,0 +1,4 @@
---
features:
- |
The new ``ironic::json_rpc::system_scope`` parameter has been added.

View File

@ -48,6 +48,7 @@ describe 'ironic::json_rpc' do
is_expected.to contain_ironic_config('json_rpc/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('json_rpc/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('json_rpc/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('json_rpc/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('json_rpc/allowed_roles').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('json_rpc/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('json_rpc/region_name').with_value('<SERVICE DEFAULT>')
@ -71,12 +72,26 @@ describe 'ironic::json_rpc' do
is_expected.to contain_ironic_config('json_rpc/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_config('json_rpc/username').with_value(p[:username])
is_expected.to contain_ironic_config('json_rpc/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('json_rpc/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('json_rpc/allowed_roles').with_value('admin,service')
is_expected.to contain_ironic_config('json_rpc/endpoint_override').with_value(p[:endpoint_override])
is_expected.to contain_ironic_config('json_rpc/region_name').with_value(p[:region_name])
end
end
context 'when system_scope is set' do
before :each do
params.merge!(
:system_scope => 'all',
)
end
it 'should configure system-scoped credential' do
is_expected.to contain_ironic_config('json_rpc/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('json_rpc/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('json_rpc/system_scope').with_value('all')
end
end
end
on_supported_os({