From f65531282e52b6ac1f05f5369ac6a1e7315af0a6 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 25 Jan 2022 17:10:57 +0900 Subject: [PATCH] barbican_service_user: Accept system scope credential This change allows usage of system scope credentials in addition to project scope credentials, to use service user token when accessing Barbican API. Depends-on: https://review.opendev.org/823883 Change-Id: I6adf315b5d512ff5ed2b6a85c605f8aaadbb37ae --- manifests/key_manager/barbican/service_user.pp | 6 ++++++ ...ystem_scope-barbincan_service_user-855ece0e25484297.yaml | 5 +++++ spec/classes/nova_key_manager_barbican_service_user_spec.rb | 3 +++ 3 files changed, 14 insertions(+) create mode 100644 releasenotes/notes/system_scope-barbincan_service_user-855ece0e25484297.yaml diff --git a/manifests/key_manager/barbican/service_user.pp b/manifests/key_manager/barbican/service_user.pp index e12988f17..2c18e4079 100644 --- a/manifests/key_manager/barbican/service_user.pp +++ b/manifests/key_manager/barbican/service_user.pp @@ -27,6 +27,10 @@ # (Optional) Name of domain for $project_name # Defaults to 'Default' # +# [*system_scope*] +# (Optional) Scope for system operations. +# Defaults to $::os_service_default +# # [*insecure*] # (Optional) If true, explicitly allow TLS without checking server cert # against any certificate authorities. WARNING: not recommended. Use with @@ -65,6 +69,7 @@ class nova::key_manager::barbican::service_user( $project_name = 'services', $user_domain_name = 'Default', $project_domain_name = 'Default', + $system_scope = $::os_service_default, $insecure = $::os_service_default, $auth_type = 'password', $auth_version = $::os_service_default, @@ -83,6 +88,7 @@ class nova::key_manager::barbican::service_user( project_name => $project_name, user_domain_name => $user_domain_name, project_domain_name => $project_domain_name, + system_scope => $system_scope, insecure => $insecure, auth_type => $auth_type, auth_version => $auth_version, diff --git a/releasenotes/notes/system_scope-barbincan_service_user-855ece0e25484297.yaml b/releasenotes/notes/system_scope-barbincan_service_user-855ece0e25484297.yaml new file mode 100644 index 000000000..927dbbcb7 --- /dev/null +++ b/releasenotes/notes/system_scope-barbincan_service_user-855ece0e25484297.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The ``nova::key_manager::barbican::service_user`` class now supports + the ``system_scope`` parameter. diff --git a/spec/classes/nova_key_manager_barbican_service_user_spec.rb b/spec/classes/nova_key_manager_barbican_service_user_spec.rb index b824f6f6d..f4ec4f556 100644 --- a/spec/classes/nova_key_manager_barbican_service_user_spec.rb +++ b/spec/classes/nova_key_manager_barbican_service_user_spec.rb @@ -16,6 +16,7 @@ describe 'nova::key_manager::barbican::service_user' do :project_name => 'services', :user_domain_name => 'Default', :project_domain_name => 'Default', + :system_scope => '', :insecure => '', :auth_type => 'password', :auth_version => '', @@ -35,6 +36,7 @@ describe 'nova::key_manager::barbican::service_user' do :project_name => 'alt_services', :user_domain_name => 'Domain1', :project_domain_name => 'Domain2', + :system_scope => 'all', :insecure => false, :auth_type => 'v3password', :auth_version => 'v3', @@ -53,6 +55,7 @@ describe 'nova::key_manager::barbican::service_user' do :project_name => 'alt_services', :user_domain_name => 'Domain1', :project_domain_name => 'Domain2', + :system_scope => 'all', :insecure => false, :auth_type => 'v3password', :auth_version => 'v3',