Support service tokens

Implement support for service_tokens. For that we convert role_name to be a list along with renaming corresponding variable. Additionally service_type is defined now for keystone_authtoken which enables to validate tokens with restricted access rules Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690 Change-Id: Ie5ebb4d68ed06cff26462dc55092fda8a9ad2f44
2022-06-15 19:11:22 +02:00 · 2022-06-15 19:11:22 +02:00 · f728ca5707
commit f728ca5707
parent 0db9f1f959
3 changed files with 11 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -133,7 +133,12 @@ manila_service_project_domain_id: default
 manila_service_user_domain_id: default
 manila_service_user_name: manila
 manila_service_project_name: service
-manila_service_role_name: admin
+manila_service_role_names:
+  - admin
+  - service
+manila_service_token_roles:
+  - service
+manila_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
 manila_service_region: "{{ service_region | default('RegionOne') }}"
 manila_service_description: "Openstack Shared File Systems"
 manila_service_port: 8786
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -181,7 +181,7 @@
    _service_users:
      - name: "{{ manila_service_user_name }}"
        password: "{{ manila_service_password }}"
-        role: "{{ manila_service_role_name }}"
+        role: "{{ manila_service_role_names }}"
    _service_catalog:
      - name: "{{ manila_service_name }}"
        type: "{{ manila_service_type }}"
--- a/templates/manila.conf.j2
+++ b/templates/manila.conf.j2
@ -80,6 +80,10 @@ username = {{ manila_service_user_name }}
 password = {{ manila_service_password }}
 region_name = {{ keystone_service_region }}

+service_token_roles_required = {{ manila_service_token_roles_required | bool }}
+service_token_roles = {{ manila_service_token_roles | join(',') }}
+service_type = {{ manila_service_v2_type }}
+
 memcached_servers = {{ manila_memcached_servers }}

 token_cache_time = 300