Allow cluster user trusts to be configured
By default, cluster user trusts are disabled however they are needed if you want to have fully automated LBaaS integration. This patch allows a user to enable or disable that option easily, leaving it to the service default by default for security. Change-Id: If6828e344855a06a650ec4c3fffbf89c5177eca8
This commit is contained in:
parent
bc08223503
commit
0f8b9f024e
manifests/keystone
releasenotes/notes
spec/classes
@ -4,6 +4,9 @@
|
|||||||
#
|
#
|
||||||
# === Parameters
|
# === Parameters
|
||||||
#
|
#
|
||||||
|
# [*cluster_user_trust*]
|
||||||
|
# enable creation of a user trust for clusters. Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
# [*domain_name*]
|
# [*domain_name*]
|
||||||
# magnum domain name. Defaults to 'magnum'.
|
# magnum domain name. Defaults to 'magnum'.
|
||||||
#
|
#
|
||||||
@ -31,6 +34,7 @@
|
|||||||
# Defaults to 'true'.
|
# Defaults to 'true'.
|
||||||
#
|
#
|
||||||
class magnum::keystone::domain (
|
class magnum::keystone::domain (
|
||||||
|
$cluster_user_trust = $::os_service_default,
|
||||||
$domain_name = 'magnum',
|
$domain_name = 'magnum',
|
||||||
$domain_admin = 'magnum_admin',
|
$domain_admin = 'magnum_admin',
|
||||||
$domain_admin_email = 'magnum_admin@localhost',
|
$domain_admin_email = 'magnum_admin@localhost',
|
||||||
@ -69,6 +73,7 @@ class magnum::keystone::domain (
|
|||||||
}
|
}
|
||||||
|
|
||||||
magnum_config {
|
magnum_config {
|
||||||
|
'trust/cluster_user_trust': value => $cluster_user_trust;
|
||||||
'trust/trustee_domain_name': value => $domain_name;
|
'trust/trustee_domain_name': value => $domain_name;
|
||||||
'trust/trustee_domain_admin_name': value => $domain_admin;
|
'trust/trustee_domain_admin_name': value => $domain_admin;
|
||||||
'trust/trustee_domain_admin_password': value => $domain_password, secret => true;
|
'trust/trustee_domain_admin_password': value => $domain_password, secret => true;
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- Added configuration option to allow configuring a user trust for clusters
|
||||||
|
which can be accessed at magnum::keystone::domain::cluster_user_trust
|
@ -3,6 +3,7 @@ require 'spec_helper'
|
|||||||
describe 'magnum::keystone::domain' do
|
describe 'magnum::keystone::domain' do
|
||||||
|
|
||||||
let :params do {
|
let :params do {
|
||||||
|
:cluster_user_trust => true,
|
||||||
:domain_name => 'magnum',
|
:domain_name => 'magnum',
|
||||||
:domain_admin => 'magnum_admin',
|
:domain_admin => 'magnum_admin',
|
||||||
:domain_admin_email => 'magnum_admin@localhost',
|
:domain_admin_email => 'magnum_admin@localhost',
|
||||||
@ -12,6 +13,7 @@ describe 'magnum::keystone::domain' do
|
|||||||
|
|
||||||
shared_examples_for 'magnum keystone domain' do
|
shared_examples_for 'magnum keystone domain' do
|
||||||
it 'configure magnum.conf' do
|
it 'configure magnum.conf' do
|
||||||
|
is_expected.to contain_magnum_config('trust/cluster_user_trust').with_value(params[:cluster_user_trust])
|
||||||
is_expected.to contain_magnum_config('trust/trustee_domain_admin_name').with_value(params[:domain_admin])
|
is_expected.to contain_magnum_config('trust/trustee_domain_admin_name').with_value(params[:domain_admin])
|
||||||
is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_value(params[:domain_password])
|
is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_value(params[:domain_password])
|
||||||
is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_secret(true)
|
is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_secret(true)
|
||||||
|
Loading…
Reference in New Issue
Block a user