bd057784d5
Add functionality to keystone to act as a certificate transfer provider. Add actions to add, remove, list CA certs to keystone. Add Certificate Transfer requires handler in ops_sunbeam. Update keystone_auth section cafile option if certificate is available in receive-ca-cert relation. Update metadata.yaml for keystone and rest of k8s charms. Change-Id: I9c800e8f8a0c9197b195331be7b445bafe794780
27 lines
1.2 KiB
Plaintext
27 lines
1.2 KiB
Plaintext
{% if identity_service.internal_auth_url -%}
|
|
auth_url = {{ identity_service.internal_auth_url }}
|
|
interface = internal
|
|
{% elif identity_service.admin_auth_url -%}
|
|
auth_url = {{ identity_service.admin_auth_url }}
|
|
interface = admin
|
|
{% elif identity_service.internal_host -%}
|
|
auth_url = {{ identity_service.internal_protocol }}://{{ identity_service.internal_host }}:{{ identity_service.internal_port }}
|
|
interface = internal
|
|
{% endif -%}
|
|
{% if identity_service.public_auth_url -%}
|
|
www_authenticate_uri = {{ identity_service.public_auth_url }}
|
|
{% elif identity_service.internal_host -%}
|
|
www_authenticate_uri = {{ identity_service.internal_protocol }}://{{ identity_service.internal_host }}:{{ identity_service.internal_port }}
|
|
{% endif -%}
|
|
auth_type = password
|
|
project_domain_name = {{ identity_service.service_domain_name }}
|
|
user_domain_name = {{ identity_service.service_domain_name }}
|
|
project_name = {{ identity_service.service_project_name }}
|
|
username = {{ identity_service.service_user_name }}
|
|
password = {{ identity_service.service_password }}
|
|
{% if receive_ca_cert and receive_ca_cert.ca_bundle -%}
|
|
cafile = /usr/local/share/ca-certificates/ca-bundle.pem
|
|
{% endif -%}
|
|
service_token_roles = {{ identity_service.admin_role }}
|
|
service_token_roles_required = True
|