Use the whole resource type instead of its individual resources, to
rely on interface instead of implementation of the dependent module.
Change-Id: I21e05882b2685d8d312f4d6cc516ebcaf2ba6677
To use the keystone notification feature, we need an independent
keyston-listner service. This change implements the missing capability
to manage the service and its package.
Closes-Bug: #1956397
Change-Id: Iedda0e9fe7b091b510ea9033db86921e4d2b4184
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: Ifbdde0718d1b6a6782c4f098fd152c3f636aa2c4
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].
[1] 5c38281e1b698f157f03bf1815733277c541c30b
Change-Id: I1ee5f6f36dce3429261b77a4c91b4732ced4a591
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I5068505afbaf57e66d28f7cf472ab09bb8355f04
This patch introduces a new hieradata to configure service_token_roles
in keystone authtoken middleware configuration, so that we can use
a customized role for user who uses service token feature.
Change-Id: Ife07d55390390e9dd62fe4df0393010b9aa40030
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.
Change-Id: Ibf3bd406b7d6c62290d6e5ba61914e76f96c5a09
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: I654cf1564607f6c4ac47db0987d2a86e335a3f89
Closes-Bug: 1778198
This commit adds the service description as a class parameter in order to allow
users to update from a previous version if the service description is changed
(incorrectly spelled or wrong description)
Change-Id: I689b27bcc358e6c4797b97fb3a7ef8e9aee152fe
Closes-Bug: #1468407
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.
Change-Id: Icff5eab9ee9c59be99fb3029612bdb8602778093
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: I5a0a697afbabe6312e2a2b46f70f51964649a9da
Closes-Bug: #1804562
Closes-Bug: #1804720
Now that the v2.0 API has been removed, we don't have a reason to
include deployment instructions for two separate applications on
different ports.
Change-Id: Id4cccbb31bcaef6343e90b504438e31bbc0f69db
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: I34a4a90e23683f5938b3047c31899ffae1dadd73
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
Keystone v2.0 API was removed so we have no choice but configuring
user_domain_name and project_domain_name otherwise it fallbacks to
Keystone v2.0 and it fails. This patch sets the default value so we make
sure Keystone v3 will be used out of the box for our users.
Change-Id: I27631d4c6a81e7fa50b2f5154d87d0def8e3a875
Co-Authored-By: Harry Rybacki <hrybacki@redhat.com>
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: Ie4e84d00ba741c394eaca459e4e1d7beca5375f4
Closes-Bug: #1717144
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.
Change-Id: I7aeccac5720adbaf7791ae9f782d223e9a2aaaf9
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.
Change-Id: Ibabd9a446078d38ec7c12a5a4a21a97d992881ff
Closes-Bug: #1652700
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain. This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.
Change-Id: If0175f5719ec72871febcec04785d63f56fd3d2b
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section
Change-Id: I4d44e7a6e1623acfd73345e0877a9fcd8f128ca8
Create a new class to handle all configuration for
keystone_authtoken section in configuration file using
keystone::resource::authtoken
This patch is not backward compatible:
- we have change auth_type in api.pp to auth_strategy,
because auth_type is related to keystone authentication.
- removed all parameters related to keystone_authtoken
from api.pp and moved to authtoken.pp
Change-Id: I2dee8a3d1c399234941f96d8f21f49526777f501
Depends-On: I94914ed5a8b5c1447606547b31ed46bb72b4de01
Related-Bug: #1604463
While we were already able to pick an independent auth_name and
service_name; the service_name was defaulting to auth_name. Now it
has a value of its own to be consistent with other modules.
Related-Bug: #1590040
Change-Id: Ied45e546667b7c04e9b511a3ae23c529ad78e7df
The acceptance test now has a barbican API server that runs in
a gunicorn instance that uses keystone as an authentication source.
We specify the snakeoil plugin because its a more useful and realistic
plugin to use in acceptance tests.
Fixed barbican manifest to not require including barbican::api,
and fixed typo in dogtag spec.
Added option to not autocreate the database. This allows use of
mysql and dbsync when creating the database.
Fixed a couple of package tags.
Change-Id: I7c25f8692a4388874b05ab561602553f37e4961b
Depends-On: Ia79f3d1bed0c2a66ed17ae2ee91ca70c73f6c434
Depends-On: Ic36fd606fe06202b0ca5b8eeaf5c5bdc2a5708fd