From d16d8f92cccc2f3775453d39ef3b4ad5c3b41dc1 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 17 Sep 2024 00:12:45 +0900 Subject: [PATCH] Do not create manila_v2 keystone user by default Manila service itself does not need the dedicated user to provide share v2 API, and having the single manila user is enough. Change-Id: I392109198247bd032c7c5014935a0c6cb9802f43 --- manifests/keystone/auth.pp | 8 ++++---- .../notes/disable-user-v2-31ceee5fee7653fa.yaml | 9 +++++++++ spec/classes/manila_keystone_auth_spec.rb | 12 ++++++------ 3 files changed, 19 insertions(+), 10 deletions(-) create mode 100644 releasenotes/notes/disable-user-v2-31ceee5fee7653fa.yaml diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp index 137c16e1..5c1163ba 100644 --- a/manifests/keystone/auth.pp +++ b/manifests/keystone/auth.pp @@ -97,11 +97,11 @@ # # [*configure_user_v2*] # (Optional) Should the v2 service user be configured? -# Defaults to true +# Defaults to false # # [*configure_user_role_v2*] # (Optional) Should the admin role be configured for the v2 service user? -# Defaults to true +# Defaults to false # # [*service_type_v2*] # (Optional) Type of service v2. Optional. @@ -150,9 +150,9 @@ class manila::keystone::auth ( Boolean $configure_endpoint = true, Boolean $configure_endpoint_v2 = true, Boolean $configure_user = true, - Boolean $configure_user_v2 = true, + Boolean $configure_user_v2 = false, Boolean $configure_user_role = true, - Boolean $configure_user_role_v2 = true, + Boolean $configure_user_role_v2 = false, String[1] $service_type = 'share', String[1] $service_type_v2 = 'sharev2', String[1] $service_description = 'Manila Service', diff --git a/releasenotes/notes/disable-user-v2-31ceee5fee7653fa.yaml b/releasenotes/notes/disable-user-v2-31ceee5fee7653fa.yaml new file mode 100644 index 00000000..f87f4071 --- /dev/null +++ b/releasenotes/notes/disable-user-v2-31ceee5fee7653fa.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + Default value of the following parameters have been changed from ``true`` + to ``false``. Because of this change, the ``manila::keystone::auth`` class + no longer creates the additional keystone user for v2 API by default. + + - ``manila::keystone::auth::configure_user_v2`` + - ``manila::keystone::auth::configure_user_role_v2`` diff --git a/spec/classes/manila_keystone_auth_spec.rb b/spec/classes/manila_keystone_auth_spec.rb index b2f4de36..ce2480d8 100644 --- a/spec/classes/manila_keystone_auth_spec.rb +++ b/spec/classes/manila_keystone_auth_spec.rb @@ -32,8 +32,8 @@ describe 'manila::keystone::auth' do ) } it { is_expected.to contain_keystone__resource__service_identity('manilav2').with( - :configure_user => true, - :configure_user_role => true, + :configure_user => false, + :configure_user_role => false, :configure_endpoint => true, :service_name => 'manilav2', :service_type => 'sharev2', @@ -75,8 +75,8 @@ describe 'manila::keystone::auth' do :auth_name_v2 => 'alt_manilav2', :email_v2 => 'alt_manilav2@alt_localhost', :configure_endpoint_v2 => false, - :configure_user_v2 => false, - :configure_user_role_v2 => false, + :configure_user_v2 => true, + :configure_user_role_v2 => true, :service_description_v2 => 'Alternative Manila Service v2', :service_name_v2 => 'alt_servicev2', :service_type_v2 => 'alt_sharev2', @@ -106,8 +106,8 @@ describe 'manila::keystone::auth' do ) } it { is_expected.to contain_keystone__resource__service_identity('manilav2').with( - :configure_user => false, - :configure_user_role => false, + :configure_user => true, + :configure_user_role => true, :configure_endpoint => false, :service_name => 'alt_servicev2', :service_type => 'alt_sharev2',