Support service tokens
Implement support for service_tokens. For that we convert role_name to be a list along with renaming corresponding variable. Additionally service_type is defined now for keystone_authtoken which enables to validate tokens with restricted access rules Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690 Change-Id: I7b01de89b459b4992ed9531e6c81259af21ba997
This commit is contained in:
3 changed files with 12 additions and 6 deletions
@@ -44,6 +44,10 @@ trove_service_description: "OpenStack DBaaS (Trove)"
trove_service_project_name:service
trove_service_admin_role_names:
- admin
- service
trove_service_token_roles:
- service
trove_service_token_roles_required:"{{ openstack_service_token_roles_required | default(True) }}"
trove_service_region:"{{ service_region | default('RegionOne') }}"
trove_service_endpoint_type:internal
trove_service_host:"{{ openstack_service_bind_address | default('0.0.0.0') }}"
@@ -174,12 +174,10 @@
_service_in_ldap:"{{ trove_service_in_ldap }}"
_service_project_name:"{{ trove_service_project_name }}"
_service_region:"{{ trove_service_region }}"
_service_users:|-
{% set users = [{'name': trove_service_user_name, 'password': trove_service_password}] %}
{% for role in trove_service_admin_role_names %}
{% set _ = users.append({'name': trove_service_user_name, 'role': role}) %}
{% endfor %}
{{ users }}
_service_users:
- name:"{{ trove_service_user_name }}"
password:"{{ trove_service_password }}"
role:"{{ trove_service_admin_role_names }}"
_service_endpoints:
- service:"{{ trove_service_name }}"
interface:"public"
@@ -87,6 +87,10 @@ password = {{ trove_service_password }}
region_name = {{ keystone_service_region }}
interface = {{ trove_service_endpoint_type }}
service_token_roles_required = {{ trove_service_token_roles_required | bool }}
service_token_roles = {{ trove_service_token_roles | join(',') }}
service_type = {{ trove_service_type }}
memcached_servers = {{ trove_memcached_servers }}
token_cache_time = 300
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.