Enable notification from Keystone when Barbican is enabled
Barbican, especially the barbican-keystone-listener service, consumes notifications from Keystone so that secrets associated with deleted users are purged. This change ensures notification is enabled in Keystone when Barbican is enabled to use that feature properly. Closes-Bug: #1956400 Change-Id: I9322cd2a2f274daba1d02d5bf98e5abbca795df0
This commit is contained in:
parent
894bd5b8c9
commit
3a04690cda
@ -182,6 +182,12 @@ parameters:
|
||||
type: comma_delimited_list
|
||||
default: 'noop'
|
||||
description: Driver or drivers to handle sending notifications.
|
||||
KeystoneNotificationDriver:
|
||||
type: comma_delimited_list
|
||||
default: []
|
||||
description: |
|
||||
Driver or drivers to handle sending notifications. This parameter is
|
||||
specific to Keystone.
|
||||
KeystoneEnableDBPurge:
|
||||
default: true
|
||||
description: |
|
||||
@ -464,6 +470,7 @@ conditions:
|
||||
unique_last_password_count_set: {not: {equals: [{get_param: KeystoneUniqueLastPasswordCount}, '']}}
|
||||
cors_allowed_origin_set: {not: {equals : [{get_param: KeystoneCorsAllowedOrigin}, '']}}
|
||||
admin_token_set: {not: {equals: [{get_param: AdminToken}, '']}}
|
||||
keystone_notification_driver_set: {not: {equals: [{get_param: KeystoneNotificationDriver}, []]}}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -525,7 +532,11 @@ outputs:
|
||||
- {get_param: KeystoneDebug}
|
||||
- true
|
||||
- {get_param: Debug }
|
||||
keystone::notification_driver: {get_param: NotificationDriver}
|
||||
keystone::notification_driver:
|
||||
if:
|
||||
- keystone_notification_driver_set
|
||||
- {get_param: KeystoneNotificationDriver}
|
||||
- {get_param: NotificationDriver}
|
||||
keystone::notification_format: {get_param: KeystoneNotificationFormat}
|
||||
tripleo::profile::base::keystone::extra_notification_topics: {get_param: KeystoneNotificationTopics}
|
||||
keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
|
||||
|
@ -2,3 +2,6 @@
|
||||
# Barbican with the default secret store backend.
|
||||
resource_registry:
|
||||
OS::TripleO::Services::BarbicanApi: ../../deployment/barbican/barbican-api-container-puppet.yaml
|
||||
|
||||
parameter_defaults:
|
||||
KeystoneNotificationDriver: messagingv2
|
||||
|
@ -2,3 +2,6 @@
|
||||
# Barbican with the default secret store backend.
|
||||
resource_registry:
|
||||
OS::TripleO::Services::BarbicanApi: ../../deployment/barbican/barbican-api-container-puppet.yaml
|
||||
|
||||
parameter_defaults:
|
||||
KeystoneNotificationDriver: messagingv2
|
||||
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The new ``KeystoneNotificationDriver`` parameter has been added.
|
||||
This parameter overrides the global ``NotificationDriver`` parameter and
|
||||
allows customizing notification driver only in Keystone, which is required
|
||||
to use notification listner function in Barbican.
|
Loading…
Reference in New Issue
Block a user