openstack
/
cookbook-openstack-compute
Code Issues Proposed changes

Revert using service role for nova user 

Looks like nova still needs admin role to work.  This is probably
a security bug against nova, but that's being debated.  So, in the
mean time, need to revert this back to using admin role.

Change-Id: If8b58516032f2eb5f9782189744f22abc4ab40b5
Related-Bug: #1436050
This commit is contained in:
Mark Vanderwiel 2015-04-16 15:17:45 -05:00 committed by Ma Wen Cheng
parent 26347683e4
commit a407059888
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
attributes/default.rb
View File

@ -67,7 +67,7 @@ end
default['openstack']['compute']['service_tenant_name'] = 'service'
default['openstack']['compute']['service_user'] = 'nova'
default['openstack']['compute']['service_role'] = 'service'
default['openstack']['compute']['service_role'] = 'admin'
case platform_family
when 'fedora', 'rhel', 'debian'

4
recipes/identity_registration.rb
View File

@ -64,8 +64,8 @@ openstack_identity_register 'Register Service User' do
action :create_user
end
## Grant Service role to Service User for Service Tenant ##
openstack_identity_register "Grant 'service' Role to Service User for Service Tenant" do
## Grant Admin role to Service User for Service Tenant ##
openstack_identity_register "Grant 'admin' Role to Service User for Service Tenant" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name

6
spec/identity_registration_spec.rb
View File

@ -33,15 +33,15 @@ describe 'openstack-compute::identity_registration' do
)
end
it 'grants service role to service user for service tenant' do
it 'grants admin role to service user for service tenant' do
expect(chef_run).to grant_role_openstack_identity_register(
"Grant 'service' Role to Service User for Service Tenant"
"Grant 'admin' Role to Service User for Service Tenant"
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
user_name: 'nova',
role_name: 'service'
role_name: 'admin'
)
end