Merge "Add service role by default"

2025-10-13 15:12:39 +00:00
parent 38385bc1ea 5657a68c9c
commit 170b5bd513
3 changed files with 10 additions and 5 deletions
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -38,7 +38,7 @@
 #
 # [*roles*]
 #   (Optional) List of roles assigned to trove user.
-#   Defaults to ['admin']
+#   Defaults to ['admin', 'service']
 #
 # [*system_scope*]
 #   (Optional) Scope for system operations.
@@ -108,7 +108,7 @@ class trove::keystone::auth (
  String[1] $auth_name                    = 'trove',
  String[1] $email                        = 'trove@localhost',
  String[1] $tenant                       = 'services',
-  Array[String[1]] $roles                 = ['admin'],
+  Array[String[1]] $roles                 = ['admin', 'service'],
  String[1] $system_scope                 = 'all',
  Array[String[1]] $system_roles          = [],
  Boolean $configure_user                 = true,
--- a/releasenotes/notes/service-role-079d72620074aa7a.yaml
+++ b/releasenotes/notes/service-role-079d72620074aa7a.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The ``trove::keystone::auth`` class now adds the ``service`` role by
+    default. Set the ``roles`` parameter not to add the role.
--- a/spec/classes/trove_keystone_auth_spec.rb
+++ b/spec/classes/trove_keystone_auth_spec.rb
@@ -24,7 +24,7 @@ describe 'trove::keystone::auth' do
        :password            => 'trove_password',
        :email               => 'trove@localhost',
        :tenant              => 'services',
-        :roles               => ['admin'],
+        :roles               => ['admin', 'service'],
        :system_scope        => 'all',
        :system_roles        => [],
        :public_url          => 'http://127.0.0.1:8779/v1.0/%(tenant_id)s',
@@ -39,7 +39,7 @@ describe 'trove::keystone::auth' do
          :auth_name           => 'alt_trove',
          :email               => 'alt_trove@alt_localhost',
          :tenant              => 'alt_service',
-          :roles               => ['admin', 'service'],
+          :roles               => ['admin'],
          :system_scope        => 'alt_all',
          :system_roles        => ['admin', 'member', 'reader'],
          :configure_endpoint  => false,
@@ -68,7 +68,7 @@ describe 'trove::keystone::auth' do
        :password            => 'trove_password',
        :email               => 'alt_trove@alt_localhost',
        :tenant              => 'alt_service',
-        :roles               => ['admin', 'service'],
+        :roles               => ['admin'],
        :system_scope        => 'alt_all',
        :system_roles        => ['admin', 'member', 'reader'],
        :public_url          => 'https://10.10.10.10:80',