Support service tokens
Implement support for service_tokens. For that we convert role_name to be a list along with renaming corresponding variable. Additionally service_type is defined now for keystone_authtoken which enables to validate tokens with restricted access rules Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690 Change-Id: Icb1de8c7e0a5196a4df457a5d4a3ca524d4622d0
This commit is contained in:
parent
2d98ac9ec7
commit
b6d15a95cb
|
@ -30,8 +30,6 @@ cloudkitty_service_setup_host_python_interpreter: "{{ openstack_service_setup_ho
|
|||
cloudkitty_package_state: "{{ package_state | default('latest') }}"
|
||||
cloudkitty_pip_package_state: "latest"
|
||||
|
||||
cloudkitty_service_user_name: cloudkitty
|
||||
|
||||
## Oslo Messaging info
|
||||
|
||||
# RPC
|
||||
|
@ -79,13 +77,16 @@ cloudkitty_git_constraints:
|
|||
|
||||
cloudkitty_notification_topics: notifications
|
||||
cloudkitty_collector: gnocchi
|
||||
cloudkitty_service_user_name: cloudkitty
|
||||
cloudkitty_service_project_domain_id: default
|
||||
cloudkitty_service_project_name: "service"
|
||||
cloudkitty_service_user_domain_id: default
|
||||
cloudkitty_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"
|
||||
cloudkitty_service_role_name: "admin"
|
||||
cloudkitty_system_service_name: "cloudkitty-api"
|
||||
|
||||
cloudkitty_service_role_names:
|
||||
- admin
|
||||
- rating
|
||||
- service
|
||||
cloudkitty_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
|
||||
cloudkitty_keystone_auth_plugin: password
|
||||
cloudkitty_output_backend: cloudkitty.backend.file.FileBackend
|
||||
cloudkitty_output_pipeline: osrf
|
||||
|
@ -114,6 +115,8 @@ cloudkitty_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0
|
|||
## Service Type and Data
|
||||
cloudkitty_service_region: "{{ service_region | default('RegionOne') }}"
|
||||
cloudkitty_service_name: cloudkitty
|
||||
cloudkitty_service_type: rating
|
||||
cloudkitty_service_description: "OpenStack Rating Service"
|
||||
cloudkitty_service_port: 8089
|
||||
cloudkitty_service_proto: http
|
||||
cloudkitty_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(cloudkitty_service_proto) }}"
|
||||
|
|
|
@ -140,9 +140,7 @@
|
|||
_service_users:
|
||||
- name: "{{ cloudkitty_service_user_name }}"
|
||||
password: "{{ cloudkitty_service_password }}"
|
||||
role: "rating"
|
||||
- name: "{{ cloudkitty_service_user_name }}"
|
||||
role: "{{ cloudkitty_service_role_name }}"
|
||||
role: "{{ cloudkitty_service_role_names }}"
|
||||
_service_endpoints:
|
||||
- service: "{{ cloudkitty_service_name }}"
|
||||
interface: "public"
|
||||
|
@ -155,8 +153,8 @@
|
|||
url: "{{ cloudkitty_service_adminurl }}"
|
||||
_service_catalog:
|
||||
- name: "{{ cloudkitty_service_name }}"
|
||||
type: "rating"
|
||||
description: "OpenStack Rating Service"
|
||||
type: "{{ cloudkitty_service_type }}"
|
||||
description: "{{ cloudkitty_service_description }}"
|
||||
when: _cloudkitty_is_first_play_host
|
||||
tags:
|
||||
- always
|
||||
|
|
|
@ -47,8 +47,9 @@ username = {{ cloudkitty_service_user_name }}
|
|||
auth_url = {{ keystone_service_adminurl }}
|
||||
auth_type = {{ cloudkitty_keystone_auth_plugin }}
|
||||
region_name = {{ cloudkitty_service_region }}
|
||||
service_token_roles_required = True
|
||||
service_token_roles = {{ cloudkitty_service_role_name }}
|
||||
service_token_roles_required = {{ cloudkitty_service_token_roles_required | bool }}
|
||||
service_token_roles = {{ cloudkitty_service_role_names | join(',') }}
|
||||
service_type = {{ cloudkitty_service_type }}
|
||||
|
||||
[oslo_messaging_amqp]
|
||||
|
||||
|
|
Loading…
Reference in New Issue