controller_token

Role Documentation

Welcome to the “controller_token” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “controller_token” role.

keystone_conf_file: /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf

Role Variables: main.yml

metadata:
  name: Verify that keystone admin token is disabled
  description: >
    This validation checks that keystone admin token is disabled on both
    undercloud and overcloud controller after deployment.
  groups:
  - post-deployment

Molecule Scenarios

Molecule is being used to test the “controller_token” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default

Driver: podman:
Molecule Platform(s)
- name: centos
  hostname: centos
  image: centos/centos:stream8
  registry:
    url: quay.io
  dockerfile: ../../../../.config/molecule/Dockerfile
  pkg_extras: python*-setuptools python*-pyyaml
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
  privileged: true
  environment:
    http_proxy: "{{ lookup('env', 'http_proxy') }}"
    https_proxy: "{{ lookup('env', 'https_proxy') }}"
  ulimits:
  - host
Molecule Inventory
hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3
Example default playbook
- name: Converge
  hosts: all
  gather_facts: false

  tasks:
  - name: pass validation
    include_role:
      name: controller_token

  - name: fail validation
    block:
    - name: provide configuration file
      copy:
        dest: /keystone.conf
        content: |
          [DEFAULT]
          admin_token = CHANGEME

    - include_role:
        name: controller_token
      vars:
        keystone_conf_file: /keystone.conf
    rescue:
    - name: Clear host errors
      meta: clear_host_errors

    - debug:
        msg: The validation works! End the playbook run

    - name: End play
      meta: end_play

  - name: Fail the test
    fail:
      msg: |
        Controller-token validation failed finding bad configuration!