environments:
  -
    name: enable-federation-openidc
    title: Enable keystone federation with OpenID Connect
    files:
      deployment/keystone/keystone-container-puppet.yaml:
        parameters:
          - KeystoneFederationEnable
          - KeystoneAuthMethods
          - KeystoneTrustedDashboards
          - KeystoneOpenIdcEnable
          - KeystoneOpenIdcIdpName
          - KeystoneOpenIdcProviderMetadataUrl
          - KeystoneOpenIdcClientId
          - KeystoneOpenIdcClientSecret
          - KeystoneOpenIdcCryptoPassphrase
          - KeystoneOpenIdcResponseType
          - KeystoneOpenIdcRemoteIdAttribute
      deployment/horizon/horizon-container-puppet.yaml:
        parameters:
          - WebSSOEnable
          - WebSSOInitialChoice
          - WebSSOChoices
          - WebSSOIDPMapping
    sample_values:
      KeystoneFederationEnable: True
      KeystoneOpenIdcEnable: True
      WebSSOEnable: True
      KeystoneAuthMethods: 'password,token,openid'
      KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/'
      KeystoneOpenIdcIdpName: 'myidp'
      KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration'
      KeystoneOpenIdcClientId: 'myclientid'
      KeystoneOpenIdcClientSecret: 'myclientsecret'
    static:
      - KeystoneFederationEnable
      - KeystoneOpenIdcEnable
      - WebSSOEnable
    description: |
      This is an example template on how to configure keystone federation for
      the OpenID Connect protocol.  You must modify the parameters to use
      values appropriate for your identity provider.