openstack/puppet-ceilometer
Code Issues Proposed changes
Files
68d6a5193136746690f7e7e59733942945249e40
puppet-ceilometer/manifests/keystone/auth.pp
Takashi Kajinami 68d6a51931 Allow customizing roles of the ceilometer service user 
This change introduces the capability to customize project-scoped and
system-scoped roles assigned to the ceilometer service user.

Change-Id: I6221fa85ad1fd0388c49f2ed49db1b6645dec3f5
2022-01-22 21:24:57 +09:00

86 lines
2.3 KiB
Puppet
Raw Blame History

# == Class: ceilometer::keystone::auth
#
# Configures Ceilometer user, service and endpoint in Keystone.
#
# === Parameters:
#
# [*password*]
# (Required) Password for Ceilometer user.
#
# [*email*]
# (Optional) Email for Ceilometer user.
# Defaults to 'ceilometer@localhost'.
#
# [*auth_name*]
# (Optional) Username for Ceilometer service.
# Defaults to 'ceilometer'.
#
# [*configure_user*]
# (Optional) Should Ceilometer service user be configured?
# Defaults to true.
#
# [*configure_user_role*]
# (Optional) Should roles be configured on Ceilometer service user?
# Defaults to true.
#
# [*region*]
# (Optional) Region for endpoint.
# Defaults to 'RegionOne'.
#
# [*tenant*]
# (Optional) Tenant for Ceilometer user.
# Defaults to 'services'.
#
# [*roles*]
# (Optional) List of roles assigned to aodh user.
# Defaults to ['admin']
#
# [*system_scope*]
# (Optional) Scope for system operations.
# Defaults to 'all'
#
# [*system_roles*]
# (Optional) List of system roles assigned to aodh user.
# Defaults to []
#
# === Examples:
#
# class { 'ceilometer::keystone::auth':
# password => 'secrete',
# }
#
class ceilometer::keystone::auth (
$password = false,
$email = 'ceilometer@localhost',
$auth_name = 'ceilometer',
$configure_user = true,
$configure_user_role = true,
$region = 'RegionOne',
$tenant = 'services',
$roles = ['admin'],
$system_scope = 'all',
$system_roles = [],
) {
include ceilometer::deps
validate_legacy(String, 'validate_string', $password)
# Ceilometer rquires only its user, project, and role assignment.
# service and endpoint should be disabled since ceilometer-api has been removed.
keystone::resource::service_identity { 'ceilometer':
configure_user => $configure_user,
configure_user_role => $configure_user_role,
configure_endpoint => false,
configure_service => false,
region => $region,
auth_name => $auth_name,
password => $password,
email => $email,
tenant => $tenant,
roles => $roles,
system_scope => $system_scope,
system_roles => $system_roles,
}
}
View Git Blame Copy Permalink