Fixes for service tokens

* Make admin role configurable * Move keystone_authtoken configuration from mitaka version to base version * Sync service_user config with keystone_authtoken for the base version
juju · Oct 13, 2022 · 7bcb194 · 7bcb194
1 parent f8c8861
commit 7bcb194
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 10 deletions.
diff --git a/charmhelpers/contrib/openstack/context.py b/charmhelpers/contrib/openstack/context.py
@@ -493,6 +493,7 @@ def __call__(self):
                 int_host = format_ipv6_addr(int_host) or int_host
                 svc_protocol = rdata.get('service_protocol') or 'http'
                 auth_protocol = rdata.get('auth_protocol') or 'http'
+                admin_role = rdata.get('admin_role') or 'Admin'
                 int_protocol = rdata.get('internal_protocol') or 'http'
                 api_version = rdata.get('api_version') or '2.0'
                 ctxt.update({'service_port': rdata.get('service_port'),
@@ -504,6 +505,7 @@ def __call__(self):
                              'admin_tenant_name': rdata.get('service_tenant'),
                              'admin_user': rdata.get('service_username'),
                              'admin_password': rdata.get('service_password'),
+                             'admin_role': admin_role,
                              'service_protocol': svc_protocol,
                              'auth_protocol': auth_protocol,
                              'internal_protocol': int_protocol,

diff --git a/charmhelpers/contrib/openstack/templates/section-keystone-authtoken b/charmhelpers/contrib/openstack/templates/section-keystone-authtoken
@@ -12,4 +12,6 @@ signing_dir = {{ signing_dir }}
 {% if service_type -%}
 service_type = {{ service_type }}
 {% endif -%}
+service_token_roles = {{ admin_role }}
+service_token_roles_required = True
 {% endif -%}
diff --git a/charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka b/charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka
@@ -22,6 +22,4 @@ signing_dir = {{ signing_dir }}
 {% if use_memcache == true %}
 memcached_servers = {{ memcache_url }}
 {% endif -%}
-service_token_roles = Admin
-service_token_roles_required = True
 {% endif -%}
diff --git a/charmhelpers/contrib/openstack/templates/section-service-user b/charmhelpers/contrib/openstack/templates/section-service-user
@@ -2,15 +2,9 @@
 [service_user]
 send_service_user_token = true
 auth_type = password
-{% if api_version == "3" -%}
-auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/v3
-project_domain_name = {{ admin_domain_name }}
-user_domain_name = {{ admin_domain_name }}
-{% else -%}
 auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
-project_domain_name = default
-user_domain_name = default
-{% endif -%}
+project_domain_id = default
+user_domain_id = default
 project_name = {{ admin_tenant_name }}
 username = {{ admin_user }}
 password = {{ admin_password }}