Merge "keystone: handle OIDC metadata & attribute mappings as template"

2024-12-10 07:52:43 +00:00 · 2024-12-10 07:52:43 +00:00 · 6d9bcfd078
commit 6d9bcfd078
parent 4e2af1872d 7223bb75c9
2 changed files with 13 additions and 4 deletions
--- a/ansible/roles/keystone/tasks/config-federation-oidc.yml
+++ b/ansible/roles/keystone/tasks/config-federation-oidc.yml
@ -28,11 +28,11 @@
  when:
    - inventory_hostname in groups[keystone.group]
- name: Copying OpenID Identity Providers metadata
+- name: Templating OpenID Identity Providers metadata
  vars:
    keystone: "{{ keystone_services['keystone'] }}"
  become: true
-  copy:
+  template:
    src: "{{ item.metadata_folder }}/"
    dest: "{{ keystone_host_federation_oidc_metadata_folder }}"
    mode: "0660"
@ -55,11 +55,11 @@
    - item.certificate_file is defined
    - inventory_hostname in groups[keystone.group]
- name: Copying OpenStack Identity Providers attribute mappings
+- name: Templating OpenStack Identity Providers attribute mappings
  vars:
    keystone: "{{ keystone_services['keystone'] }}"
  become: true
-  copy:
+  template:
    src: "{{ item.file }}"
    dest: "{{ keystone_host_federation_oidc_attribute_mappings_folder }}/{{ item.file | basename }}"
    mode: "0660"
--- a/releasenotes/notes/template-config-federation-oidc-8e62742de5fcb376.yaml
+++ b/releasenotes/notes/template-config-federation-oidc-8e62742de5fcb376.yaml
@ -0,0 +1,9 @@
 ---
 features:
  - |
    In the Keystone role files for the
    ``keystone_host_federation_oidc_metadata_folder`` and
    ``keystone_host_federation_oidc_attribute_mappings_folder`` directories
    are now handled as templates. This relates to the OpenID Identity Providers
    metadata and the OpenStack Identity Providers attribute mappings as part of
    the identity federation with OIDC.