From 0a27c38dec1e23e776effc06ef080a44cc89484e Mon Sep 17 00:00:00 2001
From: Tobias Urdin <tobias.urdin@binero.se>
Date: Wed, 27 Apr 2022 06:49:21 +0000
Subject: [PATCH] rgw/auth: Add service token accepted role config opt

Signed-off-by: Tobias Urdin <tobias.urdin@binero.com>
---
 src/common/options/rgw.yaml.in | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/common/options/rgw.yaml.in b/src/common/options/rgw.yaml.in
index caf759145071..2301e42cb672 100644
--- a/src/common/options/rgw.yaml.in
+++ b/src/common/options/rgw.yaml.in
@@ -681,6 +681,16 @@ options:
   services:
   - rgw
   with_legacy: true
+- name: rgw_keystone_service_token_accepted_roles
+  type: str
+  level: advanced
+  desc: Only users with one of these roles will be valid for service users.
+  fmt_desc: The users that created the service token given must have one of
+    these roles to be considered a valid service user.
+  default: admin
+  services:
+  - rgw
+  with_legacy: true
 - name: rgw_keystone_barbican_user
   type: str
   level: advanced
-- 
2.47.3