openstack/openstack-ansible-os_cinder
Code Issues Proposed changes

Define service_user for cinder services

Browse Source 
In order to cover OSSA-2023-003, a requirement to define service_user
section for all cinder services has been added by cinder.

Change-Id: I19c2b03c61f714fedb593da8489e50d3fa08d933
This commit is contained in:
Dmitriy Rabotyagov 2023-05-22 15:57:41 +02:00
parent f16036e1f1
commit 1af3003e16
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
templates/cinder.conf.j2
View File

@ -145,6 +145,10 @@ hmac_keys = {{ cinder_profiler_hmac_key }}
[barbican]
auth_endpoint = {{ keystone_service_internaluri }}/v3
barbican_endpoint_type = internal
send_service_user_token = {{ cinder_service_token_roles_required | bool }}
[barbican_service_user]
auth_section = keystone_authtoken
[key_manager]
backend = barbican
@ -185,3 +189,15 @@ project_name = {{ cinder_service_project_name }}
region_name = {{ keystone_service_region }}
user_domain_id = {{ cinder_service_user_domain_id }}
username = {{ cinder_service_user_name }}
[service_user]
send_service_user_token = {{ cinder_service_token_roles_required | bool }}
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ cinder_keystone_auth_type }}
auth_url = {{ keystone_service_internalurl }}
password = {{ cinder_service_password }}
project_domain_id = {{ cinder_service_project_domain_id }}
project_name = {{ cinder_service_project_name }}
region_name = {{ keystone_service_region }}
user_domain_id = {{ cinder_service_user_domain_id }}
username = {{ cinder_service_user_name }}