json_rpc: accept system scope credential
This change allows users to use system-scoped credential for [json_rpc] parameters, instead of project-scoped credential. Change-Id: I4523b0dc508d7c3f6fc1bcbfb85bbd8f7b599038
This commit is contained in:
parent
e992425e01
commit
37ac047e9d
|
@ -65,6 +65,10 @@
|
|||
# (optional) The name of project's domain (required for Identity V3).
|
||||
# Defaults to 'Default'
|
||||
#
|
||||
# [*system_scope*]
|
||||
# (Optional) Scope for system operations
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*allowed_roles*]
|
||||
# (optional) List of roles allowed to use JSON RPC.
|
||||
# Defaults to $::os_service_default
|
||||
|
@ -91,11 +95,22 @@ class ironic::json_rpc (
|
|||
$password = $::os_service_default,
|
||||
$user_domain_name = 'Default',
|
||||
$project_domain_name = 'Default',
|
||||
$system_scope = $::os_service_default,
|
||||
$allowed_roles = $::os_service_default,
|
||||
$endpoint_override = $::os_service_default,
|
||||
$region_name = $::os_service_default,
|
||||
) {
|
||||
|
||||
include ironic::deps
|
||||
|
||||
if is_service_default($system_scope) {
|
||||
$project_name_real = $project_name
|
||||
$project_domain_name_real = $project_domain_name
|
||||
} else {
|
||||
$project_name_real = $::os_service_default
|
||||
$project_domain_name_real = $::os_service_default
|
||||
}
|
||||
|
||||
ironic_config {
|
||||
'json_rpc/auth_strategy': value => $auth_strategy;
|
||||
'json_rpc/http_basic_auth_user_file': value => $http_basic_auth_user_file;
|
||||
|
@ -106,9 +121,10 @@ class ironic::json_rpc (
|
|||
'json_rpc/username': value => $username;
|
||||
'json_rpc/password': value => $password, secret => true;
|
||||
'json_rpc/auth_url': value => $auth_url;
|
||||
'json_rpc/project_name': value => $project_name;
|
||||
'json_rpc/project_name': value => $project_name_real;
|
||||
'json_rpc/user_domain_name': value => $user_domain_name;
|
||||
'json_rpc/project_domain_name': value => $project_domain_name;
|
||||
'json_rpc/project_domain_name': value => $project_domain_name_real;
|
||||
'json_rpc/system_scope': value => $system_scope;
|
||||
'json_rpc/allowed_roles': value => join(any2array($allowed_roles), ',');
|
||||
'json_rpc/endpoint_override': value => $endpoint_override;
|
||||
'json_rpc/region_name': value => $region_name;
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
The new ``ironic::json_rpc::system_scope`` parameter has been added.
|
|
@ -48,6 +48,7 @@ describe 'ironic::json_rpc' do
|
|||
is_expected.to contain_ironic_config('json_rpc/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
||||
is_expected.to contain_ironic_config('json_rpc/user_domain_name').with_value('Default')
|
||||
is_expected.to contain_ironic_config('json_rpc/project_domain_name').with_value('Default')
|
||||
is_expected.to contain_ironic_config('json_rpc/system_scope').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_ironic_config('json_rpc/allowed_roles').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_ironic_config('json_rpc/endpoint_override').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_ironic_config('json_rpc/region_name').with_value('<SERVICE DEFAULT>')
|
||||
|
@ -71,12 +72,26 @@ describe 'ironic::json_rpc' do
|
|||
is_expected.to contain_ironic_config('json_rpc/auth_type').with_value(p[:auth_type])
|
||||
is_expected.to contain_ironic_config('json_rpc/username').with_value(p[:username])
|
||||
is_expected.to contain_ironic_config('json_rpc/password').with_value(p[:password]).with_secret(true)
|
||||
is_expected.to contain_ironic_config('json_rpc/system_scope').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_ironic_config('json_rpc/allowed_roles').with_value('admin,service')
|
||||
is_expected.to contain_ironic_config('json_rpc/endpoint_override').with_value(p[:endpoint_override])
|
||||
is_expected.to contain_ironic_config('json_rpc/region_name').with_value(p[:region_name])
|
||||
end
|
||||
end
|
||||
|
||||
context 'when system_scope is set' do
|
||||
before :each do
|
||||
params.merge!(
|
||||
:system_scope => 'all',
|
||||
)
|
||||
end
|
||||
|
||||
it 'should configure system-scoped credential' do
|
||||
is_expected.to contain_ironic_config('json_rpc/project_name').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_ironic_config('json_rpc/project_domain_name').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_ironic_config('json_rpc/system_scope').with_value('all')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
|
|
Loading…
Reference in New Issue