- Migrate away from using the log resource to using converge_by. This finally
fixes idempotency issues we were having with all of these resources
- Fix :delete action in openstack_domain by disabling the domain prior to
destroying it
- Add missing references to new_resource parameters
- Fix :delete action in openstack_endpoint resource
- Add domain_name property in openstack_project resource. This is required and
would throw a deprecation warning in the backend system.
- Fix logic around user grant/revoke actions
- Cookstyle fixes
Depends-On: https://review.opendev.org/c/openstack/openstack-chef/+/838415
Change-Id: I33601eb5595c794a9a025417ed3bc88cfa6cfaf0
Signed-off-by: Lance Albertson <lance@osuosl.org>
Also loosen the fog-openstack dependency a bit since this is now included in
Chef Workstation and will likely cause issues when doing testing.
Depends-On: https://review.opendev.org/747503
Depends-On: https://review.opendev.org/740342
Change-Id: Iaa0ccfa7dd47a729423fc7ce1115849a282d2511
Signed-off-by: Lance Albertson <lance@osuosl.org>
As project and user names are only unique for each domain and some
Keystone settings may filter user listing, any user or project search by
name needs to include the associated domain.
This change fixes any search done by name of a project or user in the
openstack_user resource. It is
assumed that if no domain is specified and there are multiple elements
with the same name, the first search result is
chosen.
Closes-Bug: #1871144
Change-Id: I0ed3ffabab5f8b0959c3b2c50a3619f378e59c9e
Signed-off-by: Henrique Santos <hfigueiredosantos@tecnico.ulisboa.pt>
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Update delivery configuration to exclude integration cookbooks
Depends-On: https://review.opendev.org/701027
Change-Id: I0bda5cd86c7c3afc89f7a813b5bb2baa56eb3ed8
This partially reverts commit 1379c2a8c9 and pins the gem to the latest stable release.
Depends-On: https://review.openstack.org/607683
Change-Id: I70c37040ff3a50f61d738e7a6a3111bcefc15a79
Unlike the rest of the library, openstack_user's grant_domain and
revoke_domain actions bypass the fog models and call directly into the
requests. It works, but it is inconsistent and confusing.
This patch uses user.grant_role instead of directly calling
connection.grant_domain_user_role. Likewise for revoke_domain.
The new comments try to clarify the purpose of the ":grant_domain"
action of the openstack_user resource.
In contrast to what the name may suggest, the action does not grant a
domain (which is not possible). Instead, it grants a role to a user who
is already in a specific domain. The domain attribute is merely used to
identify the user.
For reasonably recent OpenStack releases, users are always created in a
domain (by default in the aptly named 'Default' domain). With this
patch, a new domain name attribute can be passed to the openstack_user's
:create action in order to create a user in a specific domain.
If the project tenant is given when creating the user account,
honor it by assigning that as the _default_ project tenant.
This is especially helpful when creating initial service accounts and
assigning them to the `service` project).
Ghanshyam Mann