Use public endpoint for [keystone_authtoken] www_authenticate_uri
According to the parameter description, www_authenticate_uri should be complete public Identity endpoint, which is accessible by all end users. This change replaces internal endpoint by public endpoint to meet that requirement. Closes-Bug: #1955397 Change-Id: I30165c8ee5aa4b777b73ad89ac709e2c8a375382
This commit is contained in:
parent
d2850ab047
commit
160936df13
|
@ -178,7 +178,7 @@ outputs:
|
|||
aodh::keystone::authtoken::user_domain_name: 'Default'
|
||||
aodh::keystone::authtoken::project_domain_name: 'Default'
|
||||
aodh::keystone::authtoken::password: {get_param: AodhPassword}
|
||||
aodh::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
aodh::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
@ -228,7 +228,7 @@ outputs:
|
|||
- get_attr: [BarbicanApiLogging, config_settings]
|
||||
- apache::default_vhost: false
|
||||
barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
|
||||
barbican::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::project_name: 'service'
|
||||
barbican::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
@ -165,7 +165,7 @@ outputs:
|
|||
- get_attr: [CinderBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- keystone_resources_managed: false
|
||||
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::password: {get_param: CinderPassword}
|
||||
cinder::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
@ -132,7 +132,7 @@ outputs:
|
|||
# kerberos via puppet.
|
||||
nova::metadata::novajoin::api::configure_kerberos: true
|
||||
nova::metadata::novajoin::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::password: {get_param: NovajoinPassword}
|
||||
nova::metadata::novajoin::authtoken::project_name: 'service'
|
||||
nova::metadata::novajoin::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
@ -104,7 +104,7 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [DesignateBase, role_data, config_settings]
|
||||
- designate::api::enable_proxy_headers_parsing: true
|
||||
designate::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
designate::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
designate::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
designate::keystone::authtoken::project_name: 'service'
|
||||
designate::keystone::authtoken::password: {get_param: DesignatePassword}
|
||||
|
|
|
@ -486,7 +486,7 @@ outputs:
|
|||
read_default_group: tripleo
|
||||
|
||||
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
|
||||
glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
glance::api::enable_v1_api: false
|
||||
glance::api::enable_v2_api: true
|
||||
|
|
|
@ -203,7 +203,7 @@ outputs:
|
|||
gnocchi::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
||||
gnocchi::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||
gnocchi::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
|
||||
gnocchi::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
|
||||
gnocchi::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
@ -191,7 +191,7 @@ outputs:
|
|||
heat::keystone::authtoken::project_name: 'service'
|
||||
heat::keystone::authtoken::user_domain_name: 'Default'
|
||||
heat::keystone::authtoken::project_domain_name: 'Default'
|
||||
heat::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
heat::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
heat::keystone::authtoken::password: {get_param: HeatPassword}
|
||||
heat::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
@ -412,7 +412,7 @@ outputs:
|
|||
- ironic::json_rpc::auth_strategy: {get_param: IronicAuthStrategy}
|
||||
ironic::api::authtoken::password: {get_param: IronicPassword}
|
||||
ironic::api::authtoken::project_name: 'service'
|
||||
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ironic::api::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
ironic::api::authtoken::interface: 'internal'
|
||||
|
|
|
@ -302,7 +302,7 @@ outputs:
|
|||
ironic::inspector::pxe_filter::driver: dnsmasq
|
||||
ironic::inspector::logging::debug: {get_param: Debug}
|
||||
ironic::inspector::always_store_ramdisk_logs: {get_param: Debug}
|
||||
ironic::inspector::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ironic::inspector::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri, uri_no_suffix] }
|
||||
ironic::inspector::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ironic::inspector::authtoken::username: 'ironic'
|
||||
ironic::inspector::authtoken::password: {get_param: IronicPassword}
|
||||
|
|
|
@ -177,7 +177,7 @@ outputs:
|
|||
- get_attr: [ManilaBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
manila::keystone::authtoken::user_domain_name: 'Default'
|
||||
|
|
|
@ -92,7 +92,7 @@ outputs:
|
|||
- get_attr: [ManilaBase, role_data, config_settings]
|
||||
# keystone_authtoken
|
||||
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
manila::keystone::authtoken::user_domain_name: 'Default'
|
||||
|
|
|
@ -319,7 +319,7 @@ outputs:
|
|||
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
neutron::policy::policies: {get_param: NeutronApiPolicies}
|
||||
neutron::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
neutron::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
neutron::server::agent_down_time: {get_param: NeutronAgentDownTime}
|
||||
neutron::server::auth_strategy: {get_param: NeutronAuthStrategy}
|
||||
|
|
|
@ -365,7 +365,7 @@ outputs:
|
|||
nova::keystone::authtoken::user_domain_name: 'Default'
|
||||
nova::keystone::authtoken::project_domain_name: 'Default'
|
||||
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
nova::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
@ -155,7 +155,7 @@ outputs:
|
|||
- apache::default_vhost: false
|
||||
- nova::keystone::authtoken::project_name: 'service'
|
||||
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
nova::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
@ -168,7 +168,7 @@ outputs:
|
|||
- {get_attr: [OctaviaBase, role_data, config_settings]}
|
||||
- {get_attr: [OctaviaWorker, role_data, config_settings]}
|
||||
- {get_attr: [OctaviaProviderConfig, role_data, config_settings]}
|
||||
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
|
||||
|
|
|
@ -153,7 +153,7 @@ outputs:
|
|||
- apache::default_vhost: false
|
||||
placement::keystone::authtoken::project_name: 'service'
|
||||
placement::keystone::authtoken::password: {get_param: PlacementPassword}
|
||||
placement::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
placement::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
placement::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
placement::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
placement::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
@ -165,7 +165,7 @@ outputs:
|
|||
if:
|
||||
- cors_allowed_origin_set
|
||||
- {get_param: SwiftCorsAllowedOrigin}
|
||||
swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
swift::proxy::authtoken::password: {get_param: SwiftPassword}
|
||||
swift::proxy::authtoken::project_name: 'service'
|
||||
|
|
Loading…
Reference in New Issue