openstack/puppet-neutron
Code Issues Proposed changes
Files
0d92d0a9d6417af12802f589fdce4d2a1d947c50
puppet-neutron/manifests/server/placement.pp
Takashi Kajinami 8decdbaeff Accept system scope credential for Placement API request 
When SRBAC is enforced, Placement API requires system admin/reader role
for (almost) all operations. This change allows usage of system-scoped
credential for access to Placement API.

Change-Id: I51f2cf770dc53b88bc5842cc72e855be2c0cdc1e
2021-12-17 01:10:25 +09:00

104 lines
3.4 KiB
Puppet
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: neutron::server::placement
#
# Configure Placement API Options
#
# === Parameters
#
# [*password*]
# (required) Password for user used when talking to placement.
#
# [*auth_type*]
# (optional) An authentication type to use with an OpenStack Identity server.
# The value should contain auth plugin name
# Defaults to 'password'
#
# [*project_domain_name*]
# (Optional) Name of domain for $project_name
# Defaults to 'Default'
#
# [*project_name*]
# (optional) Project name for configured user.
# Defaults to 'services'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*user_domain_name*]
# (Optional) Name of domain for $username
# Defaults to 'Default'
#
# [*username*]
# (optional) Username when talking to placement.
# Defaults to 'nova'
#
# [*auth_url*]
# (optional) Keystone auth URL.
# If version independent identity plugin is used available versions will be
# determined using auth_url
# Defaults to 'http://127.0.0.1:5000'
#
# [*region_name*]
# (optional) Name of region to use. Useful if keystone manages more than
# one region.
# Defaults to $::os_service_default
#
# [*endpoint_type*]
# (optional) The type endpoint to use when looking up in
# the keystone catalog.
# Defaults to $::os_service_default
#
class neutron::server::placement (
$password,
$auth_type = 'password',
$project_domain_name = 'Default',
$project_name = 'services',
$system_scope = $::os_service_default,
$user_domain_name = 'Default',
$username = 'nova',
$auth_url = 'http://127.0.0.1:5000',
$region_name = $::os_service_default,
$endpoint_type = $::os_service_default,
) {
include neutron::deps
# TODO(tobias-urdin): Update default value to placement in next release.
if $username == 'nova' {
warning('The default value of username will change to placement in the next release')
}
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
neutron_config {
'placement/auth_type': value => $auth_type;
'placement/project_domain_name': value => $project_domain_name_real;
'placement/project_name': value => $project_name_real;
'placement/system_scope': value => $system_scope;
'placement/user_domain_name': value => $user_domain_name;
'placement/username': value => $username;
'placement/password': value => $password, secret => true;
'placement/auth_url': value => $auth_url;
'placement/region_name': value => $region_name;
'placement/endpoint_type': value => $endpoint_type;
}
}
View Git Blame Copy Permalink