Allow customizing project/system roles

Change-Id: Id3b65ff4dcc973b74298ea91f9da7cbafa0f5da7
2022-05-18 19:44:31 +09:00 · 2022-05-18 19:44:31 +09:00 · 333acdd956
parent 1309ff7e3c
commit 333acdd956
2 changed files with 27 additions and 0 deletions
--- a/puppet-{{cookiecutter.project_name}}/manifests/keystone/auth.pp
+++ b/puppet-{{cookiecutter.project_name}}/manifests/keystone/auth.pp
@ -23,6 +23,18 @@
 #   (Optional) Tenant for {{cookiecutter.project_name}} user.
 #   Defaults to 'services'.
 #
+# [*roles*]
+#   (Optional) List of roles assigned to aodh user.
+#   Defaults to ['admin']
+#
+# [*system_scope*]
+#   (Optional) Scope for system operations.
+#   Defaults to 'all'
+#
+# [*system_roles*]
+#   (Optional) List of system roles assigned to aodh user.
+#   Defaults to []
+#
 # [*configure_endpoint*]
 #   (Optional) Should {{cookiecutter.project_name}} endpoint be configured?
 #   Defaults to true.
@ -71,6 +83,9 @@ class {{cookiecutter.project_name}}::keystone::auth (
  $auth_name           = '{{cookiecutter.project_name}}',
  $email               = '{{cookiecutter.project_name}}@localhost',
  $tenant              = 'services',
+  $roles               = ['admin'],
+  $system_scope        = 'all',
+  $system_roles        = [],
  $configure_endpoint  = true,
  $configure_user      = true,
  $configure_user_role = true,
@ -104,6 +119,9 @@ class {{cookiecutter.project_name}}::keystone::auth (
    auth_name           => $auth_name,
    password            => $password,
    email               => $email,
+    roles               => $roles,
+    system_scope        => $system_scope,
+    system_roles        => $system_roles,
    tenant              => $tenant,
    public_url          => $public_url,
    internal_url        => $internal_url,
--- a/puppet-{{cookiecutter.project_name}}/spec/classes/{{cookiecutter.project_name}}_keystone_auth_spec.rb
+++ b/puppet-{{cookiecutter.project_name}}/spec/classes/{{cookiecutter.project_name}}_keystone_auth_spec.rb
@ -23,6 +23,9 @@ describe '{{cookiecutter.project_name}}::keystone::auth' do
        :password            => '{{cookiecutter.project_name}}_password',
        :email               => '{{cookiecutter.project_name}}@localhost',
        :tenant              => 'services',
+        :roles               => ['admin'],
+        :system_scope        => 'all',
+        :system_roles        => [],
        :public_url          => 'http://127.0.0.1:FIXME',
        :internal_url        => 'http://127.0.0.1:FIXME',
        :admin_url           => 'http://127.0.0.1:FIXME',
@ -35,6 +38,9 @@ describe '{{cookiecutter.project_name}}::keystone::auth' do
          :auth_name           => 'alt_{{cookiecutter.project_name}}',
          :email               => 'alt_{{cookiecutter.project_name}}@alt_localhost',
          :tenant              => 'alt_service',
+          :roles               => ['admin', 'service'],
+          :system_scope        => 'alt_all',
+          :system_roles        => ['admin', 'member', 'reader'],
          :configure_endpoint  => false,
          :configure_user      => false,
          :configure_user_role => false,
@ -59,6 +65,9 @@ describe '{{cookiecutter.project_name}}::keystone::auth' do
        :password            => '{{cookiecutter.project_name}}_password',
        :email               => 'alt_{{cookiecutter.project_name}}@alt_localhost',
        :tenant              => 'alt_service',
+        :roles               => ['admin', 'service'],
+        :system_scope        => 'alt_all',
+        :system_roles        => ['admin', 'member', 'reader'],
        :public_url          => 'https://10.10.10.10:80',
        :internal_url        => 'http://10.10.10.11:81',
        :admin_url           => 'http://10.10.10.12:81',