This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: Ifbe407233c0739038f23c645f2bd544a409bb1cd
The authtoken parameters are not managed directly but managed by
the keystone::resource::authtoken class. Thus we should avoid testing
parameters directly otherwise any change in the resource type can
cause test failures.
Change-Id: Ice1f04385b779a71742ff636103efeb1189f726c
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].
[1] 5c38281e1b698f157f03bf1815733277c541c30b
Change-Id: I94165c0ae8ff082e4900e5c09bc2da53a5d7c9db
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I02f2b0cfe4641616a59043c947c65d373597da55
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: Ifa0f44dfb516b98eb051f536bf900e6b05c11f2f
Closes-Bug: 1778198
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: I5dafdade9ff8ea6d786f28b49b181880855f3780
Closes-Bug: #1804562
Closes-Bug: #1804720
Now that the v2.0 API has been removed, we don't have a reason to
include deployment instructions for two separate applications on
different ports.
Change-Id: Ideba7e85f92803b1ecc059287bf0237c1485fdd5
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Ie5ea4578879fc8aa21bb27e228b1eea52200cdb7
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: I801e932bb6fef3bfa4846ca27cf10a8cc8af216b
Closes-Bug: #1717144
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.
Change-Id: Ib6fede2f42f618f0a2fcbacf3da5f9b7e8606be5
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.
Change-Id: I26180ba65060b2af6ee610e4fe438b26cb5580e9
Closes-Bug: #1652700
Like other projects see aodh/ceilometer, we should set the
default to the user and project domain name settings to
Default for keystone v3 auth to work
Change-Id: I2d1f5c3197bc873e1eb5208c4be7cd9e683da6e8
Create a new class to handle the keystone authtoken configuration
utilizing the keystone::resource::authtoken resource.
Some deprecations:
- gnocchi::api::keystone_user is deprecated in favor of
gnocchi::keystone::authtoken::username.
- gnocchi::api::keystone_password is deprecated in favor of
gnocchi::keystone::authtoken::password.
- gnocchi::api::keystone_tenant is deprecated in favor of
gnocchi::keystone::authtoken::project_name
- gnocchi::api::keystone_identity_uri is deprecated in favor of
gnocchi::keystone::authtoken::auth_url.
- gnocchi::api::keystone_auth_uri is deprecated in favor of
gnocchi::keystone::authtoken::auth_uri
Change-Id: I7be1c8f471472e74642e25508c6871d0f948d75b
Related-Bug: #1604463
Takashi Kajinami
ZhongShengping
ZhijunWei
Matthew J. Black
Pradeep Kilambi