Merge "Adding required monasca roles so users can query the apis."
This commit is contained in:
commit
18c5d9f1dc
|
@ -37,6 +37,8 @@ monasca_service_description: "OpenStack Monitoring Service (Monasca)"
|
|||
monasca_service_project_name: service
|
||||
monasca_service_role_names:
|
||||
- admin
|
||||
monasca_role_names:
|
||||
- monasca-user
|
||||
monasca_service_region: RegionOne
|
||||
monasca_service_host: "0.0.0.0"
|
||||
monasca_bind_port: 8070
|
||||
|
|
|
@ -77,6 +77,23 @@
|
|||
- monasca-user-add
|
||||
- monasca-setup
|
||||
|
||||
- name: Ensure the monasca role exists
|
||||
keystone:
|
||||
command: "ensure_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ monasca_service_user_name }}"
|
||||
tenant_name: "{{ monasca_service_project_name }}"
|
||||
role_name: "{{ item }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: ensure_monasca_roles
|
||||
until: ensure_monasca_roles |success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: "{{ monasca_role_names }}"
|
||||
|
||||
- name: Ensure the monasca user has the admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
|
@ -88,8 +105,8 @@
|
|||
tenant_name: "{{ monasca_service_project_name }}"
|
||||
role_name: "{{ item }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: ensure_monasca_roles
|
||||
until: ensure_monasca_roles |success
|
||||
register: ensure_monasca_service_roles
|
||||
until: ensure_monasca_service_roles |success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: "{{ monasca_service_role_names }}"
|
||||
|
|
|
@ -20,7 +20,7 @@ dimension_names = monasca_api.v2.reference.metrics:DimensionNames
|
|||
notification_method_types = monasca_api.v2.reference.notificationstype:NotificationsType
|
||||
|
||||
[security]
|
||||
default_authorized_roles = user, domainuser, domainadmin, {{ monasca_service_user_name }}
|
||||
default_authorized_roles = user, domainuser, domainadmin, {{ monasca_service_role_names | join(', ') }}, {{ monasca_role_names | join(', ') }}
|
||||
agent_authorized_roles = {{ monasca_service_user_name }}
|
||||
read_only_authorized_roles = {{ monasca_readonly_user_name }}
|
||||
delegate_authorized_roles = admin
|
||||
|
|
|
@ -16,7 +16,7 @@ kafka_topics = log
|
|||
[roles_middleware]
|
||||
path = /v2.0/log
|
||||
path = /v3.0/logs
|
||||
default_roles = user, domainuser, domainadmin, {{ monasca_service_user_name }}
|
||||
default_roles = user, domainuser, domainadmin, {{ monasca_service_role_names | join(', ') }}, {{ monasca_role_names | join(', ') }}
|
||||
agent_roles = {{ monasca_service_user_name }}, admin
|
||||
|
||||
[dispatcher]
|
||||
|
|
Loading…
Reference in New Issue