Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / nova / c041be3b62e6b8b778372ca35d917232ac82998c^! / .
commitc041be3b62e6b8b778372ca35d917232ac82998c[log] [tgz]
authorIvan Berezovskiy <iberezovskiy@mirantis.com>Wed Aug 28 20:07:58 2019 +0400
committerIvan Berezovskiy <iberezovskiy@mirantis.com>Wed Aug 28 16:09:39 2019 +0000
treec388c25dc16e4c27c740370d23145761f84814f1
parent15f1dfb0a784a14854fdffd7f865afb39ad5bbc3 [diff]
Ability to define service_token_roles

PROD-32905

Change-Id: I614ed04610524968cdccb3334493ea885d04a5c8

diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index 85749a8..11bbaa7 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian

@@ -5953,12 +5953,18 @@
 # backwards compatibility reasons this currently only affects the allow_expired
 # check. (list value)
 #service_token_roles=service
+{%- if compute.service_token_roles is defined %}
+service_token_roles = {{ compute.service_token_roles }}
+{%- endif %}
 
 # For backwards compatibility reasons we must let valid service tokens pass that
 # don't pass the service_token_roles check as valid. Setting this true will
 # become the default in a future release and should be enabled if possible.
 # (boolean value)
 #service_token_roles_required=false
+{%- if compute.service_token_roles_required is defined %}
+service_token_roles_required = {{ compute.service_token_roles_required }}
+{%- endif %}
 
 # Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
 # (string value)

diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index 92b8bdf..6284bf5 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian

@@ -5975,12 +5975,18 @@
 # backwards compatibility reasons this currently only affects the allow_expired
 # check. (list value)
 #service_token_roles=service
+{%- if controller.service_token_roles is defined %}
+service_token_roles = {{ controller.service_token_roles }}
+{%- endif %}
 
 # For backwards compatibility reasons we must let valid service tokens pass that
 # don't pass the service_token_roles check as valid. Setting this true will
 # become the default in a future release and should be enabled if possible.
 # (boolean value)
 #service_token_roles_required=false
+{%- if controller.service_token_roles_required is defined %}
+service_token_roles_required = {{ controller.service_token_roles_required }}
+{%- endif %}
 
 # Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
 # (string value)