Support service tokens
Implement support for service_tokens. For that we convert role_name to be a list along with renaming corresponding variable. Additionally service_type is defined now for keystone_authtoken which enables to validate tokens with restricted access rules Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690 Change-Id: Icb1de8c7e0a5196a4df457a5d4a3ca524d4622d0
This commit is contained in:
Dmitriy Rabotyagov
committed by
Jonathan Rosser
parent
2d98ac9ec7
commit
b6d15a95cb
3 changed files with 14 additions and 12 deletions
@@ -30,8 +30,6 @@ cloudkitty_service_setup_host_python_interpreter: "{{ openstack_service_setup_ho
cloudkitty_package_state:"{{ package_state | default('latest') }}"
cloudkitty_pip_package_state:"latest"
cloudkitty_service_user_name:cloudkitty
## Oslo Messaging info
# RPC
@@ -79,13 +77,16 @@ cloudkitty_git_constraints:
cloudkitty_notification_topics:notifications
cloudkitty_collector:gnocchi
cloudkitty_service_user_name:cloudkitty
cloudkitty_service_project_domain_id:default
cloudkitty_service_project_name:"service"
cloudkitty_service_user_domain_id:default
cloudkitty_service_in_ldap:"{{ service_ldap_backend_enabled | default(False) }}"
cloudkitty_service_role_name:"admin"
cloudkitty_system_service_name:"cloudkitty-api"
cloudkitty_service_role_names:
- admin
- rating
- service
cloudkitty_service_token_roles_required:"{{ openstack_service_token_roles_required | default(True) }}"
cloudkitty_keystone_auth_plugin:password
cloudkitty_output_backend:cloudkitty.backend.file.FileBackend
cloudkitty_output_pipeline:osrf
@@ -114,6 +115,8 @@ cloudkitty_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0
## Service Type and Data
cloudkitty_service_region:"{{ service_region | default('RegionOne') }}"
cloudkitty_service_name:cloudkitty
cloudkitty_service_type:rating
cloudkitty_service_description:"OpenStack Rating Service"
cloudkitty_service_port:8089
cloudkitty_service_proto:http
cloudkitty_service_publicuri_proto:"{{ openstack_service_publicuri_proto | default(cloudkitty_service_proto) }}"
@@ -140,9 +140,7 @@
_service_users:
- name:"{{ cloudkitty_service_user_name }}"
password:"{{ cloudkitty_service_password }}"
role:"rating"
- name:"{{ cloudkitty_service_user_name }}"
role:"{{ cloudkitty_service_role_name }}"
role:"{{ cloudkitty_service_role_names }}"
_service_endpoints:
- service:"{{ cloudkitty_service_name }}"
interface:"public"
@@ -155,8 +153,8 @@
url:"{{ cloudkitty_service_adminurl }}"
_service_catalog:
- name:"{{ cloudkitty_service_name }}"
type:"rating"
description:"OpenStack Rating Service"
type:"{{ cloudkitty_service_type }}"
description:"{{ cloudkitty_service_description }}"
when:_cloudkitty_is_first_play_host
tags:
- always
@@ -47,8 +47,9 @@ username = {{ cloudkitty_service_user_name }}
auth_url = {{ keystone_service_adminurl }}
auth_type = {{ cloudkitty_keystone_auth_plugin }}
region_name = {{ cloudkitty_service_region }}
service_token_roles_required = True
service_token_roles = {{ cloudkitty_service_role_name }}
service_token_roles_required = {{ cloudkitty_service_token_roles_required | bool }}
service_token_roles = {{ cloudkitty_service_role_names | join(',') }}
service_type = {{ cloudkitty_service_type }}
[oslo_messaging_amqp]
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.