openstack/puppet-zaqar
Code Issues Proposed changes
puppet-zaqar/manifests/keystone/auth.pp
Takashi Kajinami fe7da441a6 Accept system scope credentials for Keystone API request 
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I2a54b0d0c03a98b3fe7a3a4a28051247eea7e70a
2022-01-03 15:28:31 +09:00

123 lines
3.3 KiB
Puppet
Raw Blame History

# == Class: zaqar::keystone::auth
#
# Configures zaqar user, service and endpoint in Keystone.
#
# === Parameters
#
# [*password*]
# (Required) Password for zaqar user.
#
# [*auth_name*]
# (Optional) Username for zaqar service.
# Defaults to 'zaqar'.
#
# [*email*]
# (Optional) Email for zaqar user.
# Defaults to 'zaqar@localhost'.
#
# [*tenant*]
# (Optional) Tenant for zaqar user.
# Defaults to 'services'.
#
# [*roles*]
# (Optional) List of roles assigned to neutron user.
# Defaults to ['admin']
#
# [*system_scope*]
# (Optional) Scope for system operations.
# Defaults to 'all'
#
# [*system_roles*]
# (Optional) List of system roles assigned to neutron user.
# Defaults to []
#
# [*configure_endpoint*]
# (Optional) Should zaqar endpoint be configured?
# Defaults to true.
#
# [*configure_user*]
# (Optional) Should the service user be configured?
# Defaults to true.
#
# [*service_type*]
# (Optional) Type of service.
# Defaults to 'messaging'.
#
# [*public_url*]
# (Optional) The endpoint's public url.
# (Defaults to 'http://127.0.0.1:8888')
#
# [*internal_url*]
# (Optional) The endpoint's internal url.
# (Defaults to 'http://127.0.0.1:8888')
#
# [*admin_url*]
# (Optional) The endpoint's admin url.
# (Defaults to 'http://127.0.0.1:8888')
#
# [*region*]
# (Optional) Region for endpoint.
# Defaults to 'RegionOne'.
#
# [*service_name*]
# (Optional) Name of the service.
# Defaults to 'zaqar'
#
# [*configure_service*]
# (Optional) Should zaqar service be configured?
# Defaults to true.
#
# [*service_description*]
# (Optional) Description for keystone service.
# Defaults to 'Openstack Messaging Service'.
#
# [*configure_user_role*]
# (Optional) Whether to configure the admin role for the service user.
# Defaults to true
#
class zaqar::keystone::auth(
$password,
$email = 'zaqar@localhost',
$auth_name = 'zaqar',
$service_name = 'zaqar',
$service_type = 'messaging',
$public_url = 'http://127.0.0.1:8888',
$admin_url = 'http://127.0.0.1:8888',
$internal_url = 'http://127.0.0.1:8888',
$region = 'RegionOne',
$tenant = 'services',
$roles = ['admin'],
$system_scope = 'all',
$system_roles = [],
$configure_endpoint = true,
$configure_service = true,
$configure_user = true,
$configure_user_role = true,
$service_description = 'OpenStack Messaging Service',
) {
include zaqar::deps
validate_legacy(String, 'validate_string', $password)
keystone::resource::service_identity { 'zaqar':
configure_user => $configure_user,
configure_user_role => $configure_user_role,
configure_endpoint => $configure_endpoint,
service_type => $service_type,
service_description => $service_description,
service_name => $service_name,
auth_name => $auth_name,
region => $region,
password => $password,
email => $email,
tenant => $tenant,
roles => $roles,
system_scope => $system_scope,
system_roles => $system_roles,
public_url => $public_url,
admin_url => $admin_url,
internal_url => $internal_url,
}
}
View Git Blame Copy Permalink