Merge "novajoin: Accept system scope credentials for Keystone API request"
This commit is contained in:
Zuul
@@ -43,6 +43,18 @@
|
||||
# (optional) The tenant to use for the novajoin service user
|
||||
# Defaults to 'services'
|
||||
#
|
||||
# [*roles*]
|
||||
# (Optional) List of roles assigned to the nova service user
|
||||
# Defaults to ['admin']
|
||||
#
|
||||
# [*system_scope*]
|
||||
# Scope for system operations
|
||||
# string; optional: default to 'all'
|
||||
#
|
||||
# [*system_roles*]
|
||||
# List of system roles;
|
||||
# string; optional: default to []
|
||||
#
|
||||
# [*email*]
|
||||
# (optional) The email address for the novajoin service user
|
||||
# Defaults to 'novajoin@localhost'
|
||||
@@ -67,6 +79,9 @@ class nova::metadata::novajoin::auth(
|
||||
$service_description = 'Novajoin vendordata plugin',
|
||||
$region = 'RegionOne',
|
||||
$tenant = 'services',
|
||||
$roles = ['admin'],
|
||||
$system_scope = 'all',
|
||||
$system_roles = [],
|
||||
$email = 'novajoin@localhost',
|
||||
$public_url = 'http://127.0.0.1:9090',
|
||||
$internal_url = 'http://127.0.0.1:9090',
|
||||
@@ -93,6 +108,9 @@ class nova::metadata::novajoin::auth(
|
||||
password => $password,
|
||||
email => $email,
|
||||
tenant => $tenant,
|
||||
roles => $roles,
|
||||
system_scope => $system_scope,
|
||||
system_roles => $system_roles,
|
||||
public_url => $public_url,
|
||||
admin_url => $admin_url,
|
||||
internal_url => $internal_url,
|
||||
|
||||
@@ -28,6 +28,10 @@
|
||||
# (Optional) Name of domain for $project_domain_name
|
||||
# Defaults to 'Default'
|
||||
#
|
||||
# [*system_scope*]
|
||||
# (Optional) Scope for system operations
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*insecure*]
|
||||
# (Optional) If true, explicitly allow TLS without checking server cert
|
||||
# against any certificate authorities. WARNING: not recommended. Use with
|
||||
@@ -198,6 +202,7 @@ class nova::metadata::novajoin::authtoken(
|
||||
$project_name = 'services',
|
||||
$user_domain_name = 'Default',
|
||||
$project_domain_name = 'Default',
|
||||
$system_scope = $::os_service_default,
|
||||
$insecure = $::os_service_default,
|
||||
$auth_section = $::os_service_default,
|
||||
$auth_type = 'password',
|
||||
@@ -251,6 +256,7 @@ class nova::metadata::novajoin::authtoken(
|
||||
auth_section => $auth_section,
|
||||
user_domain_name => $user_domain_name,
|
||||
project_domain_name => $project_domain_name,
|
||||
system_scope => $system_scope,
|
||||
insecure => $insecure,
|
||||
cache => $cache,
|
||||
cafile => $cafile,
|
||||
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The ``system_scope`` parameter has been added to
|
||||
the ``nova::metadata::novajoin::authtoken`` class.
|
||||
|
||||
- |
|
||||
The ``nova::metadata::novajoin::auth`` class now supports customizing roles
|
||||
assigned to the novajoin service user.
|
||||
|
||||
- |
|
||||
The ``nova::metadata::novajoinkeystone::auth`` class now supports defining
|
||||
assignmet of system-scoped roles to the novajoin service user.
|
||||
@@ -23,6 +23,9 @@ describe 'nova::metadata::novajoin::auth' do
|
||||
:password => 'novajoin_password',
|
||||
:email => 'novajoin@localhost',
|
||||
:tenant => 'services',
|
||||
:roles => ['admin'],
|
||||
:system_scope => 'all',
|
||||
:system_roles => [],
|
||||
:public_url => 'http://127.0.0.1:9090',
|
||||
:internal_url => 'http://127.0.0.1:9090',
|
||||
:admin_url => 'http://127.0.0.1:9090',
|
||||
@@ -42,6 +45,9 @@ describe 'nova::metadata::novajoin::auth' do
|
||||
:service_name => 'alt_service',
|
||||
:service_type => 'alt_compute-vendordata-plugin',
|
||||
:region => 'RegionTwo',
|
||||
:roles => ['admin', 'service'],
|
||||
:system_scope => 'alt_all',
|
||||
:system_roles => ['admin', 'member', 'reader'],
|
||||
:public_url => 'https://10.10.10.10:80',
|
||||
:internal_url => 'http://10.10.10.11:81',
|
||||
:admin_url => 'http://10.10.10.12:81' }
|
||||
@@ -59,6 +65,9 @@ describe 'nova::metadata::novajoin::auth' do
|
||||
:password => 'novajoin_password',
|
||||
:email => 'alt_novajoin@alt_localhost',
|
||||
:tenant => 'alt_service',
|
||||
:roles => ['admin', 'service'],
|
||||
:system_scope => 'alt_all',
|
||||
:system_roles => ['admin', 'member', 'reader'],
|
||||
:public_url => 'https://10.10.10.10:80',
|
||||
:internal_url => 'http://10.10.10.11:81',
|
||||
:admin_url => 'http://10.10.10.12:81',
|
||||
|
||||
@@ -18,6 +18,7 @@ describe 'nova::metadata::novajoin::authtoken' do
|
||||
:project_name => 'services',
|
||||
:user_domain_name => 'Default',
|
||||
:project_domain_name => 'Default',
|
||||
:system_scope => '<SERVICE DEFAULT>',
|
||||
:insecure => '<SERVICE DEFAULT>',
|
||||
:auth_section => '<SERVICE DEFAULT>',
|
||||
:auth_type => 'password',
|
||||
@@ -62,6 +63,7 @@ describe 'nova::metadata::novajoin::authtoken' do
|
||||
:project_name => 'service_project',
|
||||
:user_domain_name => 'domainX',
|
||||
:project_domain_name => 'domainX',
|
||||
:system_scope => 'all',
|
||||
:insecure => false,
|
||||
:auth_section => 'new_section',
|
||||
:auth_type => 'password',
|
||||
@@ -103,6 +105,7 @@ describe 'nova::metadata::novajoin::authtoken' do
|
||||
:project_name => 'service_project',
|
||||
:user_domain_name => 'domainX',
|
||||
:project_domain_name => 'domainX',
|
||||
:system_scope => 'all',
|
||||
:insecure => false,
|
||||
:auth_section => 'new_section',
|
||||
:auth_type => 'password',
|
||||
|
||||
Reference in New Issue
Block a user