Delete service_token from keystone on Fuel Master
Deletes keystone service token after deploying keystone to minimize security risk. Change-Id: I776644f727ce086369954f383a09b48b60bf11a5 Depends-On: Idb7694b19792a6c43c2752867da7c34b995513d0 Closes-Bug: #1582893
This commit is contained in:
parent
1799c20828
commit
4c884a0b56
|
@ -23,6 +23,7 @@ rabbitmq
|
|||
mcollective
|
||||
astute
|
||||
keystone
|
||||
keystone_token_disable
|
||||
nailgun
|
||||
ostf
|
||||
nginx_repo
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
notice('MODULAR: keystone.pp')
|
||||
|
||||
class { 'osnailyfacter::astute::service_token_off': }
|
|
@ -8,7 +8,7 @@ class osnailyfacter::astute::service_token_off {
|
|||
|
||||
$keystone_params_hash = hiera_hash('keystone', {})
|
||||
|
||||
if $keystone_params_hash['service_token_off'] {
|
||||
if str2bool($keystone_params_hash['service_token_off']) {
|
||||
|
||||
include ::keystone::params
|
||||
include ::tweaks::apache_wrappers
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# HIERA: master
|
||||
# FACTS: master_centos7
|
||||
|
||||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'master/keystone_token_disable.pp'
|
||||
|
||||
describe manifest do
|
||||
shared_examples 'catalog' do
|
||||
|
||||
keystone_params = Noop.hiera_structure 'keystone'
|
||||
disable_token = Noop.puppet_function('str2bool', keystone_params['service_token_off'])
|
||||
|
||||
if disable_token
|
||||
it 'should remove admin_token option' do
|
||||
is_expected.to contain_keystone_config('DEFAULT/admin_token').with_ensure('absent')
|
||||
end
|
||||
|
||||
it 'should contain exec of remove AdminTokenAuthMiddleware from pipelines' do
|
||||
paste_ini = '/etc/keystone/keystone-paste.ini'
|
||||
is_expected.to contain_exec('remove_admin_token_auth_middleware').with(
|
||||
:path => ['/bin', '/usr/bin'],
|
||||
:command => "sed -i.dist 's/ admin_token_auth//' #{paste_ini}",
|
||||
:onlyif => "fgrep -q ' admin_token_auth' #{paste_ini}",
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
run_test manifest
|
||||
end
|
Loading…
Reference in New Issue