summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoger Luethi <rl@patchworkscience.org>2017-11-09 13:53:36 +0100
committerRoger Luethi <rl@patchworkscience.org>2017-11-13 15:09:39 +0000
commitd82d6a9f7c7e66040aaf1cae63cfc16e298a8228 (patch)
treea4d8ba38ff72e97cc9f9a13217efd344bf174e56
parentcb414a9655e1229faffe74ffb555247739d1b920 (diff)
Remove domain role from nova, placement service users
This patch removes the openstack_user resource with :grant_domain action. A user is always created within a specific domain; such a membership cannot be tacked on later. This resource gave the users the role intended for their project for the domain (i.e., for the Default domain instead of for the service project). We add the domain_name attribute that creates the nova and placement users in the desired domain. Note that this change needs a sufficiently recent openstackclient cookbook -- otherwise the domain_name attribute is ignored (which does not matter as long as the users are to be created in the Default domain). Change-Id: I333da4d0d93c8a0065c6c1001b5ebed8cd6eab5c
Notes
Notes (review): Code-Review+2: Christoph Albers <c.albers@x-ion.de> Code-Review+2: Samuel Cassiba <s@cassiba.com> Workflow+1: Samuel Cassiba <s@cassiba.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 17 Nov 2017 20:28:22 +0000 Reviewed-on: https://review.openstack.org/519382 Project: openstack/cookbook-openstack-compute Branch: refs/heads/master
-rw-r--r--recipes/identity_registration.rb10
-rw-r--r--spec/identity_registration_spec.rb11
2 files changed, 3 insertions, 18 deletions
diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb
index c98660d..f211aa7 100644
--- a/recipes/identity_registration.rb
+++ b/recipes/identity_registration.rb
@@ -101,12 +101,14 @@ end
101# Register Service Users 101# Register Service Users
102openstack_user service_user do 102openstack_user service_user do
103 project_name service_project_name 103 project_name service_project_name
104 domain_name service_domain_name
104 password service_pass 105 password service_pass
105 connection_params connection_params 106 connection_params connection_params
106end 107end
107 108
108openstack_user placement_service_user do 109openstack_user placement_service_user do
109 project_name service_project_name 110 project_name service_project_name
111 domain_name service_domain_name
110 password placement_service_pass 112 password placement_service_pass
111 connection_params connection_params 113 connection_params connection_params
112end 114end
@@ -119,12 +121,4 @@ end
119 connection_params connection_params 121 connection_params connection_params
120 action :grant_role 122 action :grant_role
121 end 123 end
122
123 openstack_user user do
124 domain_name service_domain_name
125 role_name service_role
126 user_name user
127 connection_params connection_params
128 action :grant_domain
129 end
130end 124end
diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb
index 94d7741..2120dc9 100644
--- a/spec/identity_registration_spec.rb
+++ b/spec/identity_registration_spec.rb
@@ -104,6 +104,7 @@ describe 'openstack-compute::identity_registration' do
104 expect(chef_run).to create_openstack_user( 104 expect(chef_run).to create_openstack_user(
105 placement_service_user 105 placement_service_user
106 ).with( 106 ).with(
107 domain_name: domain_name,
107 project_name: project_name, 108 project_name: project_name,
108 password: placement_password, 109 password: placement_password,
109 connection_params: connection_params 110 connection_params: connection_params
@@ -113,16 +114,6 @@ describe 'openstack-compute::identity_registration' do
113 context 'grants user roles' do 114 context 'grants user roles' do
114 [service_user, placement_service_user].each do |user_name| 115 [service_user, placement_service_user].each do |user_name|
115 it do 116 it do
116 expect(chef_run).to grant_domain_openstack_user(
117 user_name
118 ).with(
119 domain_name: domain_name,
120 role_name: role_name,
121 connection_params: connection_params
122 )
123 end
124
125 it do
126 expect(chef_run).to grant_role_openstack_user( 117 expect(chef_run).to grant_role_openstack_user(
127 user_name 118 user_name
128 ).with( 119 ).with(