From 333acdd95607d81b21e56762dea96ae9a6b3db17 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 18 May 2022 19:44:31 +0900 Subject: [PATCH] Allow customizing project/system roles Change-Id: Id3b65ff4dcc973b74298ea91f9da7cbafa0f5da7 --- .../manifests/keystone/auth.pp | 18 ++++++++++++++++++ ...cutter.project_name}}_keystone_auth_spec.rb | 9 +++++++++ 2 files changed, 27 insertions(+) diff --git a/puppet-{{cookiecutter.project_name}}/manifests/keystone/auth.pp b/puppet-{{cookiecutter.project_name}}/manifests/keystone/auth.pp index 4b6d7b9..feda24e 100644 --- a/puppet-{{cookiecutter.project_name}}/manifests/keystone/auth.pp +++ b/puppet-{{cookiecutter.project_name}}/manifests/keystone/auth.pp @@ -23,6 +23,18 @@ # (Optional) Tenant for {{cookiecutter.project_name}} user. # Defaults to 'services'. # +# [*roles*] +# (Optional) List of roles assigned to aodh user. +# Defaults to ['admin'] +# +# [*system_scope*] +# (Optional) Scope for system operations. +# Defaults to 'all' +# +# [*system_roles*] +# (Optional) List of system roles assigned to aodh user. +# Defaults to [] +# # [*configure_endpoint*] # (Optional) Should {{cookiecutter.project_name}} endpoint be configured? # Defaults to true. @@ -71,6 +83,9 @@ class {{cookiecutter.project_name}}::keystone::auth ( $auth_name = '{{cookiecutter.project_name}}', $email = '{{cookiecutter.project_name}}@localhost', $tenant = 'services', + $roles = ['admin'], + $system_scope = 'all', + $system_roles = [], $configure_endpoint = true, $configure_user = true, $configure_user_role = true, @@ -104,6 +119,9 @@ class {{cookiecutter.project_name}}::keystone::auth ( auth_name => $auth_name, password => $password, email => $email, + roles => $roles, + system_scope => $system_scope, + system_roles => $system_roles, tenant => $tenant, public_url => $public_url, internal_url => $internal_url, diff --git a/puppet-{{cookiecutter.project_name}}/spec/classes/{{cookiecutter.project_name}}_keystone_auth_spec.rb b/puppet-{{cookiecutter.project_name}}/spec/classes/{{cookiecutter.project_name}}_keystone_auth_spec.rb index 68579d1..607b58a 100644 --- a/puppet-{{cookiecutter.project_name}}/spec/classes/{{cookiecutter.project_name}}_keystone_auth_spec.rb +++ b/puppet-{{cookiecutter.project_name}}/spec/classes/{{cookiecutter.project_name}}_keystone_auth_spec.rb @@ -23,6 +23,9 @@ describe '{{cookiecutter.project_name}}::keystone::auth' do :password => '{{cookiecutter.project_name}}_password', :email => '{{cookiecutter.project_name}}@localhost', :tenant => 'services', + :roles => ['admin'], + :system_scope => 'all', + :system_roles => [], :public_url => 'http://127.0.0.1:FIXME', :internal_url => 'http://127.0.0.1:FIXME', :admin_url => 'http://127.0.0.1:FIXME', @@ -35,6 +38,9 @@ describe '{{cookiecutter.project_name}}::keystone::auth' do :auth_name => 'alt_{{cookiecutter.project_name}}', :email => 'alt_{{cookiecutter.project_name}}@alt_localhost', :tenant => 'alt_service', + :roles => ['admin', 'service'], + :system_scope => 'alt_all', + :system_roles => ['admin', 'member', 'reader'], :configure_endpoint => false, :configure_user => false, :configure_user_role => false, @@ -59,6 +65,9 @@ describe '{{cookiecutter.project_name}}::keystone::auth' do :password => '{{cookiecutter.project_name}}_password', :email => 'alt_{{cookiecutter.project_name}}@alt_localhost', :tenant => 'alt_service', + :roles => ['admin', 'service'], + :system_scope => 'alt_all', + :system_roles => ['admin', 'member', 'reader'], :public_url => 'https://10.10.10.10:80', :internal_url => 'http://10.10.10.11:81', :admin_url => 'http://10.10.10.12:81',