Per-Role krb-service-principal for CompactServices
Filter krb-service-principals for the CompactServices
based on the networks associated with the role.
Filtering for the IndividualServices was added in previous
fix https://review.openstack.org/646005, which did'nt
fully fix the bug.
Closes-Bug: #1821377
Change-Id: Id54477ca5581e1f5fe8a09c3bc60a238d114dbb2
(cherry picked from commit 578bcb2ffa
)
This commit is contained in:
parent
9c3a9c3b14
commit
f72d576f67
|
@ -53,9 +53,20 @@ resources:
|
|||
yaql:
|
||||
# Filter null values and values that contain don't contain
|
||||
# 'metadata_settings', get the values from that key and get the
|
||||
# unique ones.
|
||||
expression: list(coalesce($.data, []).where($ != null).where($.containsKey('metadata_settings')).metadata_settings.flatten().distinct())
|
||||
data: {get_param: RoleData}
|
||||
# unique ones. Also, filter values for networks not associated with
|
||||
# this role.
|
||||
expression: let(role_networks => $.data.role_networks) -> list(coalesce($.data.role_data, []).where($ != null).where($.containsKey('metadata_settings')).metadata_settings.flatten().distinct().where($ != null and $.containsKey('network')).where($role_networks.contains($.network)))
|
||||
data:
|
||||
role_data: {get_param: RoleData}
|
||||
role_networks:
|
||||
- ctlplane
|
||||
{%- for network in networks if network.vip|default(false) and network.name in role.networks %}
|
||||
{%- if network.service_net_map_replace is defined %}
|
||||
- {{network.service_net_map_replace}}
|
||||
{%- else %}
|
||||
- {{network.name_lower}}
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
|
||||
# Generates entries for nova metadata with the following format:
|
||||
# 'managed_service_<id>' : <service>/<fqdn>
|
||||
|
|
Loading…
Reference in New Issue