openstack/puppet-placement
Code Issues Proposed changes

Add service role by default

Browse Source 
This is the role created to be used by service users. At this moment
several services/functionalities still need the admin role so is kept.

Change-Id: I484ded98a4863e88e0d1302b9fe4b63df412361d
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2025-10-11 12:03:32 +09:00
parent fe1c5d3dda
commit 76e35e3cce
3 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/keystone/auth.pp
View File

@@ -25,7 +25,7 @@
# #
# [*roles*] # [*roles*]
# (Optional) List of roles assigned to placement user. # (Optional) List of roles assigned to placement user.
# Defaults to ['admin'] # Defaults to ['admin', 'service']
# #
# [*system_scope*] # [*system_scope*]
# (Optional) Scope for system operations. # (Optional) Scope for system operations.
@@ -87,7 +87,7 @@ class placement::keystone::auth (
String[1] $auth_name = 'placement', String[1] $auth_name = 'placement',
String[1] $email = 'placement@localhost', String[1] $email = 'placement@localhost',
String[1] $tenant = 'services', String[1] $tenant = 'services',
Array[String[1]] $roles = ['admin'], Array[String[1]] $roles = ['admin', 'service'],
String[1] $system_scope = 'all', String[1] $system_scope = 'all',
Array[String[1]] $system_roles = [], Array[String[1]] $system_roles = [],
Boolean $configure_endpoint = true, Boolean $configure_endpoint = true,

5
releasenotes/notes/service-role-d76e69b8ce249866.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
features:
- |
The ``placement::keystone::auth`` class now adds the ``service`` role by
default. Set the ``roles`` parameter not to add the role.

6
spec/classes/placement_keystone_auth_spec.rb
View File

@@ -24,7 +24,7 @@ describe 'placement::keystone::auth' do
:password => 'placement_password', :password => 'placement_password',
:email => 'placement@localhost', :email => 'placement@localhost',
:tenant => 'services', :tenant => 'services',
:roles => ['admin'], :roles => ['admin', 'service'],
:system_scope => 'all', :system_scope => 'all',
:system_roles => [], :system_roles => [],
:public_url => 'http://127.0.0.1:8778', :public_url => 'http://127.0.0.1:8778',
@@ -39,7 +39,7 @@ describe 'placement::keystone::auth' do
:auth_name => 'alt_placement', :auth_name => 'alt_placement',
:email => 'alt_placement@alt_localhost', :email => 'alt_placement@alt_localhost',
:tenant => 'alt_service', :tenant => 'alt_service',
:roles => ['admin', 'service'], :roles => ['admin'],
:system_scope => 'alt_all', :system_scope => 'alt_all',
:system_roles => ['admin', 'member', 'reader'], :system_roles => ['admin', 'member', 'reader'],
:configure_endpoint => false, :configure_endpoint => false,
@@ -68,7 +68,7 @@ describe 'placement::keystone::auth' do
:password => 'placement_password', :password => 'placement_password',
:email => 'alt_placement@alt_localhost', :email => 'alt_placement@alt_localhost',
:tenant => 'alt_service', :tenant => 'alt_service',
:roles => ['admin', 'service'], :roles => ['admin'],
:system_scope => 'alt_all', :system_scope => 'alt_all',
:system_roles => ['admin', 'member', 'reader'], :system_roles => ['admin', 'member', 'reader'],
:public_url => 'https://10.10.10.10:80', :public_url => 'https://10.10.10.10:80',