From 7223bb75c9578026e83949bd06c89d1a1d3e4b6f Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Thu, 5 Dec 2024 09:02:35 +0100 Subject: [PATCH] keystone: handle OIDC metadata & attribute mappings as template Change-Id: Id5305aae4e92fbb9a12aa0f569fb7600b5f2d069 --- ansible/roles/keystone/tasks/config-federation-oidc.yml | 8 ++++---- ...template-config-federation-oidc-8e62742de5fcb376.yaml | 9 +++++++++ 2 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/template-config-federation-oidc-8e62742de5fcb376.yaml diff --git a/ansible/roles/keystone/tasks/config-federation-oidc.yml b/ansible/roles/keystone/tasks/config-federation-oidc.yml index 81384931d0..51cd41d4e1 100644 --- a/ansible/roles/keystone/tasks/config-federation-oidc.yml +++ b/ansible/roles/keystone/tasks/config-federation-oidc.yml @@ -28,11 +28,11 @@ when: - inventory_hostname in groups[keystone.group] -- name: Copying OpenID Identity Providers metadata +- name: Templating OpenID Identity Providers metadata vars: keystone: "{{ keystone_services['keystone'] }}" become: true - copy: + template: src: "{{ item.metadata_folder }}/" dest: "{{ keystone_host_federation_oidc_metadata_folder }}" mode: "0660" @@ -55,11 +55,11 @@ - item.certificate_file is defined - inventory_hostname in groups[keystone.group] -- name: Copying OpenStack Identity Providers attribute mappings +- name: Templating OpenStack Identity Providers attribute mappings vars: keystone: "{{ keystone_services['keystone'] }}" become: true - copy: + template: src: "{{ item.file }}" dest: "{{ keystone_host_federation_oidc_attribute_mappings_folder }}/{{ item.file | basename }}" mode: "0660" diff --git a/releasenotes/notes/template-config-federation-oidc-8e62742de5fcb376.yaml b/releasenotes/notes/template-config-federation-oidc-8e62742de5fcb376.yaml new file mode 100644 index 0000000000..ac95b70520 --- /dev/null +++ b/releasenotes/notes/template-config-federation-oidc-8e62742de5fcb376.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + In the Keystone role files for the + ``keystone_host_federation_oidc_metadata_folder`` and + ``keystone_host_federation_oidc_attribute_mappings_folder`` directories + are now handled as templates. This relates to the OpenID Identity Providers + metadata and the OpenStack Identity Providers attribute mappings as part of + the identity federation with OIDC.