diff --git a/manifests/federation/openidc.pp b/manifests/federation/openidc.pp index 3fdf663c9..b15e1553b 100644 --- a/manifests/federation/openidc.pp +++ b/manifests/federation/openidc.pp @@ -113,6 +113,24 @@ # authentication. When not specified, no authentication is # performed. Defaults to undef. # +# [*redis_username*] +# (Optional) Username to be used if the Redis server requires +# authentication. +# Defaults to undef +# +# [*redis_database*] +# (Optional) Logical database to select on the Redis server. +# Defaults to undef +# +# [*redis_connect_timeout*] +# (Optional) Timeout (in seconds) for connecting to the Redis servers. +# Defaults to undef +# +# [*redis_timeout*] +# (Optional) Timeout waiting for a response of the Redis servers after +# a request was sent. +# Defaults to undef +# # [*remote_id_attribute*] # (Optional) Value to be used to obtain the entity ID of the Identity # Provider from the environment. @@ -153,6 +171,10 @@ class keystone::federation::openidc ( $memcached_servers = undef, $redis_server = undef, $redis_password = undef, + $redis_username = undef, + $redis_database = undef, + $redis_connect_timeout = undef, + $redis_timeout = undef, $remote_id_attribute = $facts['os_service_default'], $template_order = 331, ) { diff --git a/releasenotes/notes/oidc-redis-opts-5e1bc4cf2f6c4869.yaml b/releasenotes/notes/oidc-redis-opts-5e1bc4cf2f6c4869.yaml new file mode 100644 index 000000000..06a078f0c --- /dev/null +++ b/releasenotes/notes/oidc-redis-opts-5e1bc4cf2f6c4869.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + The following parameters have been added to + the ``keystone::federation::openidc`` class. + + - ``redis_username`` + - ``redis_database`` + - ``redis_timeout`` + - ``redis_connect_timeout`` diff --git a/spec/classes/keystone_federation_openidc_spec.rb b/spec/classes/keystone_federation_openidc_spec.rb index 63d1c0007..2e28af6ac 100644 --- a/spec/classes/keystone_federation_openidc_spec.rb +++ b/spec/classes/keystone_federation_openidc_spec.rb @@ -149,8 +149,12 @@ describe 'keystone::federation::openidc' do context 'with redis options' do before do params.merge!({ - :openidc_cache_type => 'redis', - :redis_password => 'redispass', + :openidc_cache_type => 'redis', + :redis_password => 'redispass', + :redis_username => 'redisuser', + :redis_database => 0, + :redis_timeout => 10, + :redis_connect_timeout => 11, }) end @@ -158,6 +162,10 @@ describe 'keystone::federation::openidc' do content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') expect(content).to match('OIDCCacheType redis') expect(content).to match('OIDCRedisCachePassword "redispass"') + expect(content).to match('OIDCRedisCacheUsername "redisuser"') + expect(content).to match('OIDCRedisCacheDatabase 0') + expect(content).to match('OIDCRedisCacheTimeout 10') + expect(content).to match('OIDCRedisCacheConnectTimeout 11') end end diff --git a/templates/openidc.conf.erb b/templates/openidc.conf.erb index 1b6121e7a..287e821c2 100644 --- a/templates/openidc.conf.erb +++ b/templates/openidc.conf.erb @@ -33,6 +33,18 @@ <%- if scope['::keystone::federation::openidc::redis_password'] != nil -%> OIDCRedisCachePassword "<%= scope['::keystone::federation::openidc::redis_password'] %>" <%- end -%> +<%- if scope['::keystone::federation::openidc::redis_username'] != nil -%> + OIDCRedisCacheUsername "<%= scope['::keystone::federation::openidc::redis_username'] %>" +<%- end -%> +<%- if scope['::keystone::federation::openidc::redis_database'] != nil -%> + OIDCRedisCacheDatabase <%= scope['::keystone::federation::openidc::redis_database'] %> +<%- end -%> +<%- if scope['::keystone::federation::openidc::redis_connect_timeout'] != nil -%> + OIDCRedisCacheConnectTimeout <%= scope['::keystone::federation::openidc::redis_connect_timeout'] %> +<%- end -%> +<%- if scope['::keystone::federation::openidc::redis_timeout'] != nil -%> + OIDCRedisCacheTimeout <%= scope['::keystone::federation::openidc::redis_timeout'] %> +<%- end -%> <%- if scope['::keystone::federation::openidc::openidc_claim_delimiter'] != nil -%> OIDCClaimDelimiter "<%= scope['::keystone::federation::openidc::openidc_claim_delimiter'] %>" <%- end -%>