openstack/charm-keystone
Code Issues Proposed changes
Files
5de1770931e886732870da1909f08279a0b804b4
charm-keystone/templates/mitaka/keystone.conf
Frode Nordahl 10e3d84eff Refresh keystone.conf and policy.json for Mitaka and Newton 
keystone.conf:
- Change log_config to log_config_append DEPRECATED
- Remove verbose DEPRECATED
- Remove eventlet_server section DEPRECATED
- Remove ec2 section, no longer available in Keystone
  It has been moved to the keystonemiddleware package
- Update driver names. Using full module path is DEPRECATED
- Add resource section and specify admin_project_domain_name
  and admin_project_name

mitaka/policy.json:
- Refresh from upstream stable/mitaka
- Apply stricter rule:service_role
- Allow identity:list_projects to rule:service_role

newton/policy.json:
- Refresh from upstream stable/newton
- Apply stricter rule:service_role
- Allow identity:list_projects to rule:service_role

hooks/keystone_context.py:
- Add admin_domain_name to Keystone context

tests/basic_deployment.py:
- Add config check for changes for Mitaka and newer releases

Partial-Bug: 1636098
Change-Id: Ib267418f34066eaf6e4885627010d2a18e312192
2016-11-24 12:04:04 +01:00

113 lines
2.6 KiB
Plaintext
Raw Blame History

# mitaka
###############################################################################
# [ WARNING ]
# Configuration file maintained by Juju. Local changes may be overwritten.
###############################################################################
[DEFAULT]
admin_token = {{ token }}
use_syslog = {{ use_syslog }}
log_config_append = /etc/keystone/logging.conf
debug = {{ debug }}
public_endpoint = {{ public_endpoint }}
admin_endpoint = {{ admin_endpoint }}
[database]
{% if database_host -%}
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
{% else -%}
connection = sqlite:////var/lib/keystone/keystone.db
{% endif -%}
idle_timeout = 200
[identity]
driver = {{ identity_backend }}
{% if default_domain_id -%}
default_domain_id = {{ default_domain_id }}
{% endif -%}
[credential]
driver = sql
[trust]
driver = sql
[os_inherit]
[catalog]
driver = sql
[endpoint_filter]
[token]
driver = sql
{% if token_provider == 'pki' -%}
provider = keystone.token.providers.pki.Provider
{% elif token_provider == 'pkiz' -%}
provider = keystone.token.providers.pkiz.Provider
{% else -%}
provider = keystone.token.providers.uuid.Provider
{% endif -%}
expiration = {{ token_expiration }}
{% include "parts/section-signing" %}
[cache]
[policy]
driver = sql
[assignment]
driver = {{ assignment_backend }}
[oauth1]
[auth]
methods = external,password,token,oauth1
password = keystone.auth.plugins.password.Password
token = keystone.auth.plugins.token.Token
oauth1 = keystone.auth.plugins.oauth1.OAuth
[paste_deploy]
config_file = /etc/keystone/keystone-paste.ini
[extra_headers]
Distribution = Ubuntu
[ldap]
{% if identity_backend == 'ldap' -%}
url = {{ ldap_server }}
user = {{ ldap_user }}
password = {{ ldap_password }}
suffix = {{ ldap_suffix }}
{% if ldap_config_flags -%}
{% for key, value in ldap_config_flags.iteritems() -%}
{{ key }} = {{ value }}
{% endfor -%}
{% endif -%}
{% if ldap_readonly -%}
user_allow_create = False
user_allow_update = False
user_allow_delete = False
tenant_allow_create = False
tenant_allow_update = False
tenant_allow_delete = False
role_allow_create = False
role_allow_update = False
role_allow_delete = False
group_allow_create = False
group_allow_update = False
group_allow_delete = False
{% endif -%}
{% endif -%}
{% if api_version == 3 -%}
[resource]
admin_project_domain_name = {{ admin_domain_name }}
admin_project_name = admin
{% endif -%}
View Git Blame Copy Permalink