Define service_type in keystone_authtoken

If application credentials with access rules are required, an OpenStack service using keystonemiddleware to authenticate with keystone, needs to define service_type in its configuration file. Change-Id: I7034e82837d724f12d57969857f79d67c962cebe
2023-05-12 23:00:39 +10:00 · 2023-05-12 23:00:39 +10:00 · 423d91d6c3
commit 423d91d6c3
parent bd6a78e983
45 changed files with 45 additions and 15 deletions
--- a/aodh/Chart.yaml
+++ b/aodh/Chart.yaml
@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: Openstack-Helm Aodh
 name: aodh
-version: 0.2.7
+version: 0.2.8
 home: https://docs.openstack.org/aodh/latest/
 sources:
  - https://opendev.org/openstack/aodh
--- a/aodh/values.yaml
+++ b/aodh/values.yaml
@ -468,6 +468,7 @@ conf:
      auth_version: v3
      auth_type: password
      memcache_security_strategy: ENCRYPT
+      service_type: alarming
    service_credentials:
      auth_type: password
      interface: internal
--- a/barbican/Chart.yaml
+++ b/barbican/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Barbican
 name: barbican
-version: 0.3.1
+version: 0.3.2
 home: https://docs.openstack.org/barbican/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
 sources:
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@ -377,6 +377,7 @@ conf:
      auth_version: v3
      memcache_security_strategy: ENCRYPT
      memcache_secret_key: null
+      service_type: key-manager
    database:
      max_retries: -1
    barbican_api:
--- a/cinder/Chart.yaml
+++ b/cinder/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Cinder
 name: cinder
-version: 0.3.9
+version: 0.3.10
 home: https://docs.openstack.org/cinder/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
 sources:
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@ -829,6 +829,7 @@ conf:
      auth_version: v3
      auth_type: password
      memcache_security_strategy: ENCRYPT
+      service_type: volumev3
    nova:
      auth_type: password
      auth_version: v3
--- a/cyborg/Chart.yaml
+++ b/cyborg/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Cyborg
 name: cyborg
-version: 0.1.2
+version: 0.1.3
 home: https://docs.openstack.org/cyborg
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cyborg/OpenStack_Project_Cyborg_vertical.png
 sources:
--- a/cyborg/values.yaml
+++ b/cyborg/values.yaml
@ -511,6 +511,7 @@ conf:
      auth_type: password
      endpoint_type: internal
      www_authenticate_uri: null
+      service_type: accelerator
    agent:
      enabled_drivers:
        - nvidia_gpu_driver
--- a/designate/Chart.yaml
+++ b/designate/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Designate
 name: designate
-version: 0.2.8
+version: 0.2.9
 home: https://docs.openstack.org/designate/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Designate/OpenStack_Project_Designate_vertical.jpg
 sources:
--- a/designate/values.yaml
+++ b/designate/values.yaml
@ -467,6 +467,7 @@ conf:
      auth_version: v3
      auth_type: password
      memcache_security_strategy: ENCRYPT
+      service_type: dns
  logging:
    loggers:
      keys:
--- a/glance/Chart.yaml
+++ b/glance/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Glance
 name: glance
-version: 0.4.5
+version: 0.4.6
 home: https://docs.openstack.org/glance/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
 sources:
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -258,6 +258,7 @@ conf:
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
+      service_type: image
    glance_store:
      cinder_catalog_info: volumev3::internalURL
      rbd_store_chunk_size: 8
--- a/heat/Chart.yaml
+++ b/heat/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Heat
 name: heat
-version: 0.3.2
+version: 0.3.3
 home: https://docs.openstack.org/heat/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
 sources:
--- a/heat/values.yaml
+++ b/heat/values.yaml
@ -351,6 +351,7 @@ conf:
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
+      service_type: orchestration
    database:
      max_retries: -1
    trustee:
--- a/magnum/Chart.yaml
+++ b/magnum/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Magnum
 name: magnum
-version: 0.2.8
+version: 0.2.9
 home: https://docs.openstack.org/magnum/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Magnum/OpenStack_Project_Magnum_vertical.png
 sources:
--- a/magnum/values.yaml
+++ b/magnum/values.yaml
@ -91,6 +91,7 @@ conf:
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
+      service_type: container-infra
    api:
      # NOTE(portdirect): the bind port should not be defined, and is manipulated
      # via the endpoints section.
--- a/manila/Chart.yaml
+++ b/manila/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Manila
 name: manila
-version: 0.1.0
+version: 0.1.1
 home: https://docs.openstack.org/manila/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Manila/OpenStack_Project_Manila_vertical.png
 sources:
--- a/manila/values.yaml
+++ b/manila/values.yaml
@ -702,6 +702,7 @@ conf:
      auth_version: v3
      memcache_security_strategy: ENCRYPT
      endpoint_type: internalURL
+      service_type: sharev2
    neutron:
      auth_type: password
      auth_version: v3
--- a/masakari/Chart.yaml
+++ b/masakari/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Masakari
 name: masakari
-version: 0.1.6
+version: 0.1.7
 home: https://docs.openstack.org/developer/masakari
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Masakari/OpenStack_Project_masakari_vertical.png
 sources:
--- a/masakari/values.yaml
+++ b/masakari/values.yaml
@ -564,6 +564,7 @@ conf:
      api_paste_config: /etc/masakari/api-paste.ini
    keystone_authtoken:
      auth_type: password
+      service_type: instance-ha
    database:
      max_retries: -1
    # Connection string is evaluated though the endpoints for taskflow.
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.3.7
+version: 0.3.8
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -1808,6 +1808,7 @@ conf:
      memcache_security_strategy: ENCRYPT
      auth_type: password
      auth_version: v3
+      service_type: network
    octavia:
      request_poll_timeout: 3000
  logging:
--- a/nova/Chart.yaml
+++ b/nova/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nova
 name: nova
-version: 0.3.9
+version: 0.3.10
 home: https://docs.openstack.org/nova/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
 sources:
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -1399,6 +1399,7 @@ conf:
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
+      service_type: compute
    notifications:
      notify_on_state_change: vm_and_task_state
    service_user:
--- a/octavia/Chart.yaml
+++ b/octavia/Chart.yaml
@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Octavia
 name: octavia
-version: 0.2.7
+version: 0.2.8
 home: https://docs.openstack.org/octavia/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Octavia/OpenStack_Project_Octavia_vertical.png
 sources:
--- a/octavia/values.yaml
+++ b/octavia/values.yaml
@ -222,6 +222,7 @@ conf:
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
+      service_type: load-balancer
    certificates:
      ca_private_key_passphrase: foobar
      ca_private_key: /etc/octavia/certs/private/cakey.pem
--- a/placement/Chart.yaml
+++ b/placement/Chart.yaml
@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Placement
 name: placement
-version: 0.3.3
+version: 0.3.4
 home: https://docs.openstack.org/placement/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
 sources:
--- a/placement/values.yaml
+++ b/placement/values.yaml
@ -85,6 +85,7 @@ conf:
      auth_version: v3
      auth_type: password
      memcache_security_strategy: ENCRYPT
+      service_type: placement
  logging:
    loggers:
      keys:
--- a/releasenotes/notes/aodh.yaml
+++ b/releasenotes/notes/aodh.yaml
@ -10,4 +10,5 @@ aodh:
  - 0.2.5 Added OCI registry authentication
  - 0.2.6 Remove default policy rules
  - 0.2.7 Replace node-role.kubernetes.io/master with control-plane
+  - 0.2.8 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/barbican.yaml
+++ b/releasenotes/notes/barbican.yaml
@ -25,4 +25,5 @@ barbican:
  - 0.2.19 Support SSL offloading at reverse proxy for internal and admin endpoints
  - 0.3.0 Remove support for Train and Ussuri
  - 0.3.1 Replace node-role.kubernetes.io/master with control-plane
+  - 0.3.2 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/cinder.yaml
+++ b/releasenotes/notes/cinder.yaml
@ -59,4 +59,5 @@ cinder:
  - 0.3.7 Allow Ceph pools to use 1x replication
  - 0.3.8 Update all Ceph images to Focal
  - 0.3.9 Replace node-role.kubernetes.io/master with control-plane
+  - 0.3.10 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/cyborg.yaml
+++ b/releasenotes/notes/cyborg.yaml
@ -3,4 +3,5 @@ cyborg:
  - 0.1.0 Initial Chart
  - 0.1.1 Migrated PodDisruptionBudget resource to policy/v1 API version
  - 0.1.2 Added OCI registry authentication
+  - 0.1.3 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/designate.yaml
+++ b/releasenotes/notes/designate.yaml
@ -12,4 +12,5 @@ designate:
  - 0.2.6 Added OCI registry authentication
  - 0.2.7 Use HTTP probe instead of TCP probe
  - 0.2.8 Remove default policy rules
+  - 0.2.9 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/glance.yaml
+++ b/releasenotes/notes/glance.yaml
@ -39,4 +39,5 @@ glance:
  - 0.4.3 Update all Ceph images to Focal
  - 0.4.4 Replace node-role.kubernetes.io/master with control-plane
  - 0.4.5 Fix wrong configFile path in glance bootstrap container.
+  - 0.4.6 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/heat.yaml
+++ b/releasenotes/notes/heat.yaml
@ -28,4 +28,5 @@ heat:
  - 0.3.0 Remove support for Train and Ussuri
  - 0.3.1 Remove default policy rules
  - 0.3.2 Replace node-role.kubernetes.io/master with control-plane
+  - 0.3.3 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/magnum.yaml
+++ b/releasenotes/notes/magnum.yaml
@ -12,4 +12,5 @@ magnum:
  - 0.2.6 Migrated PodDisruptionBudget resource to policy/v1 API version
  - 0.2.7 Added OCI registry authentication
  - 0.2.8 Remove default policy rules
+  - 0.2.9 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/manila.yaml
+++ b/releasenotes/notes/manila.yaml
@ -1,4 +1,5 @@
 ---
 manila:
  - 0.1.0 Initial Chart
+  - 0.1.1 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/masakari.yaml
+++ b/releasenotes/notes/masakari.yaml
@ -7,4 +7,5 @@ masakari:
  - 0.1.4 Migrated PodDisruptionBudget resource to policy/v1 API version
  - 0.1.5 Added OCI registry authentication
  - 0.1.6 Use HTTP probe instead of TCP probe
+  - 0.1.7 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/neutron.yaml
+++ b/releasenotes/notes/neutron.yaml
@ -49,4 +49,5 @@ neutron:
  - 0.3.5 Fix health probe for OVN metadata agent
  - 0.3.6 Fix the issue that ovn metadata not work in muti-node enviroment
  - 0.3.7 Sync neutron db to ovn nb db when neutron-server start
+  - 0.3.8 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/nova.yaml
+++ b/releasenotes/notes/nova.yaml
@ -78,4 +78,5 @@ nova:
  - 0.3.7 Fix live migration without DNS resolution
  - 0.3.8 Fix missing privilege separation directory for nova compute ssh
  - 0.3.9 Fix typo in spice proxy deployment
+  - 0.3.10 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/octavia.yaml
+++ b/releasenotes/notes/octavia.yaml
@ -11,4 +11,5 @@ octavia:
  - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version
  - 0.2.6 Added OCI registry authentication
  - 0.2.7 Use HTTP probe instead of TCP probe
+  - 0.2.8 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/placement.yaml
+++ b/releasenotes/notes/placement.yaml
@ -26,4 +26,5 @@ placement:
  - 0.3.1 Remove support for Train and Ussuri
  - 0.3.2 Remove default policy rules
  - 0.3.3 Replace node-role.kubernetes.io/master with control-plane
+  - 0.3.4 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/releasenotes/notes/senlin.yaml
+++ b/releasenotes/notes/senlin.yaml
@ -11,4 +11,5 @@ senlin:
  - 0.2.6 Add helm.sh/hook annotations for Jobs
  - 0.2.7 Added OCI registry authentication
  - 0.2.8 Remove default policy rules
+  - 0.2.9 Define service_type in keystone_authtoken to support application credentials with access rules
 ...
--- a/senlin/Chart.yaml
+++ b/senlin/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Senlin
 name: senlin
-version: 0.2.8
+version: 0.2.9
 home: https://docs.openstack.org/senlin/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Senlin/OpenStack_Project_Senlin_vertical.png
 sources:
--- a/senlin/values.yaml
+++ b/senlin/values.yaml
@ -137,6 +137,7 @@ conf:
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
+      service_type: clustering
    senlin_api:
      # NOTE(portdirect): the bind port should not be defined, and is manipulated
      # via the endpoints section.