Enable notification from Keystone when Barbican is enabled

Barbican, especially the barbican-keystone-listener service, consumes
notifications from Keystone so that secrets associated with deleted
users are purged. This change ensures notification is enabled in
Keystone when Barbican is enabled to use that feature properly.

Closes-Bug: #1956400
Change-Id: I9322cd2a2f274daba1d02d5bf98e5abbca795df0
This commit is contained in:
Takashi Kajinami 2022-01-05 09:48:29 +09:00
parent 894bd5b8c9
commit 3a04690cda
4 changed files with 25 additions and 1 deletions

View File

@ -182,6 +182,12 @@ parameters:
type: comma_delimited_list
default: 'noop'
description: Driver or drivers to handle sending notifications.
KeystoneNotificationDriver:
type: comma_delimited_list
default: []
description: |
Driver or drivers to handle sending notifications. This parameter is
specific to Keystone.
KeystoneEnableDBPurge:
default: true
description: |
@ -464,6 +470,7 @@ conditions:
unique_last_password_count_set: {not: {equals: [{get_param: KeystoneUniqueLastPasswordCount}, '']}}
cors_allowed_origin_set: {not: {equals : [{get_param: KeystoneCorsAllowedOrigin}, '']}}
admin_token_set: {not: {equals: [{get_param: AdminToken}, '']}}
keystone_notification_driver_set: {not: {equals: [{get_param: KeystoneNotificationDriver}, []]}}
outputs:
role_data:
@ -525,7 +532,11 @@ outputs:
- {get_param: KeystoneDebug}
- true
- {get_param: Debug }
keystone::notification_driver: {get_param: NotificationDriver}
keystone::notification_driver:
if:
- keystone_notification_driver_set
- {get_param: KeystoneNotificationDriver}
- {get_param: NotificationDriver}
keystone::notification_format: {get_param: KeystoneNotificationFormat}
tripleo::profile::base::keystone::extra_notification_topics: {get_param: KeystoneNotificationTopics}
keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}

View File

@ -2,3 +2,6 @@
# Barbican with the default secret store backend.
resource_registry:
OS::TripleO::Services::BarbicanApi: ../../deployment/barbican/barbican-api-container-puppet.yaml
parameter_defaults:
KeystoneNotificationDriver: messagingv2

View File

@ -2,3 +2,6 @@
# Barbican with the default secret store backend.
resource_registry:
OS::TripleO::Services::BarbicanApi: ../../deployment/barbican/barbican-api-container-puppet.yaml
parameter_defaults:
KeystoneNotificationDriver: messagingv2

View File

@ -0,0 +1,7 @@
---
features:
- |
The new ``KeystoneNotificationDriver`` parameter has been added.
This parameter overrides the global ``NotificationDriver`` parameter and
allows customizing notification driver only in Keystone, which is required
to use notification listner function in Barbican.