Remove domain role from heat service user
This patch removes the openstack_user resource with :grant_domain action. A user is always created within a specific domain; such a membership cannot be tacked on later. This resource gave the heat user the role intended for its project for the domain (i.e., for the Default domain instead of for the service project). We add the domain_name attribute that creates the heat user in the desired domain. Note that this change needs a sufficiently recent openstackclient cookbook -- otherwise the domain_name attribute is ignored (which does not matter as long as the heat user is to be created in the Default domain). Change-Id: Ifa3d344a3d9094dd1272b126a4dc9ab951c00972
This commit is contained in:
parent
b3983a8bd6
commit
00341ef50a
|
@ -101,6 +101,7 @@ end
|
|||
# Register Service User
|
||||
openstack_user service_user do
|
||||
project_name service_project_name
|
||||
domain_name service_domain_name
|
||||
password service_pass
|
||||
connection_params connection_params
|
||||
end
|
||||
|
@ -113,14 +114,6 @@ openstack_user service_user do
|
|||
action :grant_role
|
||||
end
|
||||
|
||||
openstack_user service_user do
|
||||
domain_name service_domain_name
|
||||
role_name service_role
|
||||
user_name service_user
|
||||
connection_params connection_params
|
||||
action :grant_domain
|
||||
end
|
||||
|
||||
# TODO: (MRV) Revert this change until a better solution can be found
|
||||
# Bug: #1309123 reverts 1279577
|
||||
# if node.run_list.include?('openstack-orchestration::api-cfn')
|
||||
|
|
|
@ -65,22 +65,13 @@ describe 'openstack-orchestration::identity_registration' do
|
|||
expect(chef_run).to create_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
domain_name: domain_name,
|
||||
project_name: project_name,
|
||||
password: password,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to grant_domain_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
domain_name: domain_name,
|
||||
role_name: role_name,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to create_openstack_role(
|
||||
'heat_stack_owner'
|
||||
|
|
Loading…
Reference in New Issue