openstack/tripleo-heat-templates
Code Issues Proposed changes

Fix ignored HeatConfigureDelegatedRoles

Browse Source 
The HeatConfigureDelegatedRoles parameter has been ignored since
the puppet parameter internally used was renamed[1][2].

This change fixes the ineffective parameter. Also, now management role
is implemented by ansible, instead of puppet, following how keystone
resources are managed now.

[1] 74e874365933b3d7a07d6413762597e78efaaaa8
[2] 1b209d35be143564d4592ef188ea5c0d906a8e96

Closes-Bug: #1979950
Change-Id: I3450f544597b82d053c33ac1b8ecc7d918fd73b0
This commit is contained in:
Takashi Kajinami 2022-06-27 15:50:39 +09:00
parent 154de03fd4
commit 491fefe7c5
3 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
deployment/heat/heat-api-container-puppet.yaml
View File

@ -79,6 +79,14 @@ parameters:
description: Password for heat_stack_domain_admin user. description: Password for heat_stack_domain_admin user.
type: string type: string
hidden: true hidden: true
HeatConfigureDelegatedRoles:
type: boolean
default: false
description: Create delegated roles
HeatDelegatedRoles:
type: comma_delimited_list
default: []
description: List of trustor roles to be delegated to heat.
conditions: conditions:
heat_workers_set: heat_workers_set:
@ -162,7 +170,11 @@ outputs:
region: {get_param: KeystoneRegion} region: {get_param: KeystoneRegion}
service: 'orchestration' service: 'orchestration'
roles: roles:
- heat_stack_user list_concat:
- - heat_stack_user
- if:
- {get_param: HeatConfigureDelegatedRoles}
- {get_param: HeatDelegatedRoles}
domains: domains:
- heat_stack - heat_stack
monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi} monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}

11
deployment/heat/heat-engine-container-puppet.yaml
View File

@ -109,10 +109,10 @@ parameters:
type: comma_delimited_list type: comma_delimited_list
default: [] default: []
description: An array of directories to search for plug-ins. description: An array of directories to search for plug-ins.
HeatConfigureDelegatedRoles: HeatDelegatedRoles:
type: boolean type: comma_delimited_list
default: false default: []
description: Create delegated roles description: List of trustor roles to be delegated to heat.
ClientRetryLimit: ClientRetryLimit:
type: number type: number
default: 2 default: 2
@ -166,8 +166,7 @@ outputs:
map_merge: map_merge:
- get_attr: [HeatBase, role_data, config_settings] - get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false - apache::default_vhost: false
heat::engine::configure_delegated_roles: {get_param: HeatConfigureDelegatedRoles} heat::engine::trusts_delegated_roles: {get_param: HeatDelegatedRoles}
heat::engine::trusts_delegated_roles: []
heat::engine::max_nested_stack_depth: {get_param: HeatMaxNestedStackDepth} heat::engine::max_nested_stack_depth: {get_param: HeatMaxNestedStackDepth}
heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack} heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack}
heat::engine::reauthentication_auth_method: {get_param: HeatReauthenticationAuthMethod} heat::engine::reauthentication_auth_method: {get_param: HeatReauthenticationAuthMethod}

10
releasenotes/notes/fix-HeatConfigureDelegatedRoles-d16ddb5eb037c4c8.yaml Normal file
View File

@ -0,0 +1,10 @@
---
features:
- |
The new ``HeatDelegatedRoles`` parameter has been added. This parameter
defines list of trustor to be delegated to heat.
fixes:
- |
Fixed the ``HeatConfigureDelegatedRoles`` parameter which has had no effect
previously.