From 2a8972b5e8a0938350796edb366fcf09b2c0dff3 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Wed, 15 Jun 2022 19:14:14 +0200
Subject: [PATCH] Support service tokens

Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ie34df51cc0284b23713a897c8bc9d4958a1fe385
---
 defaults/main.yml         | 7 ++++++-
 tasks/main.yml            | 2 +-
 templates/mistral.conf.j2 | 5 +++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index c13a122..fb532bd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -152,7 +152,12 @@ mistral_service_user_domain_id: default
 mistral_service_user_name: mistral
 mistral_service_project_domain_id: default
 mistral_service_project_name: service
-mistral_role_name: admin
+mistral_service_role_names:
+  - admin
+  - service
+mistral_service_token_roles:
+  - service
+mistral_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
 mistral_service_region: "{{ service_region | default('RegionOne') }}"
 mistral_service_proto: http
 mistral_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(mistral_service_proto) }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index dcbafd5..b3df4b8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -160,7 +160,7 @@
     _service_users:
       - name: "{{ mistral_service_user_name }}"
         password: "{{ mistral_service_password }}"
-        role: "{{ mistral_role_name }}"
+        role: "{{ mistral_service_role_names }}"
     _service_endpoints:
       - service: "{{ mistral_service_name }}"
         interface: "public"
diff --git a/templates/mistral.conf.j2 b/templates/mistral.conf.j2
index 5f048d5..b074181 100644
--- a/templates/mistral.conf.j2
+++ b/templates/mistral.conf.j2
@@ -26,6 +26,11 @@ project_name = {{ mistral_service_project_name }}
 username = {{ mistral_service_user_name }}
 password = {{ mistral_service_password }}
 region_name = {{ keystone_service_region }}
+
+service_token_roles_required = {{ mistral_service_token_roles_required | bool }}
+service_token_roles = {{ mistral_service_token_roles | join(',') }}
+service_type = {{ mistral_service_type }}
+
 memcached_servers = {{ mistral_memcached_servers }}
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcached_encryption_key }}