30 Commits

Author SHA1 Message Date
ZhongShengping
ac9edcb172 Remove deprecated keystone authtoken revocation_cache_time option
Change-Id: I4164b0ed8e51249f7403fcde188a87e24f9e149f
2018-03-27 10:33:20 +08:00
Harry Rybacki
ead9b82454 Configure *_domain_name to Default by default
Keystone v2.0 API was removed so we have no choice but configuring
user_domain_name and project_domain_name otherwise it fallbacks to
Keystone v2.0 and it fails. This patch sets the default value so we make
sure Keystone v3 will be used out of the box for our users.

Change-Id: I6949b5e00ec26ddc66cbe08de7420468d6b34954
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
2017-10-06 09:33:55 -04:00
ZhongShengping
58e125774b Deprecate revocation_cache_time option
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.

Change-Id: I8fea10159dfd4a8c1cee2242a2dbf9abc86b4686
Closes-Bug: #1717144
2017-09-14 11:00:03 +08:00
ZhongShengping
df37477dbd Remove deprecated keystone authtoken signing_dir option
Change-Id: Ib5569de793dd9922c8f723eaadd96aaec8d34beb
2017-07-07 09:58:16 +08:00
Matthew J. Black
3bda006e6e Allow python-memcache install from authtoken class
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.

Change-Id: If8fea78f01e1bf54689f9ac9cb69ae4ca6be19dc
2017-01-11 17:19:23 -05:00
ZhongShengping
776f73c32c Deprecate signing_dir option
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.

Change-Id: I9adf3d2a0301c717321a09240a15352f8712b9d9
Closes-Bug: #1652700
2016-12-27 17:06:18 +08:00
ZhongShengping
fc4a0fd510 Add hooks for external install & svc management
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain.  This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.

Change-Id: I0d18ec6ffe6b54c85773a6dabb0ed7b6f59a12f4
2016-11-29 17:32:37 +08:00
Iury Gregory Melo Ferreira
b39fa37eae Remove old authtoken options
Since we are in ocata lets remove all old parameters
in api to configure the keystone_authtoken section

Change-Id: I101d1d38ad405dd8a418cb63f7345f7fd700cebe
2016-11-05 13:27:25 -03:00
Iury Gregory Melo Ferreira
8742b6fad9 Move ceilometer to authtoken
In ceilometer::api, use keystone::resource::authtoken to configure
keystone_authsection in the configuration file.

Some deprecations:
- ceilometer::api::identity_uri is deprecated in favor of
ceilometer::api::auth_url
- ceilometer::api::keystone_tenant is deprecated in favor of
ceilometer::api::project_name.
- ceilometer::api::keystone_user is deprecated in favor of
ceilometer::api::username.
- ceilometer::api::keystone_password is deprecated in favor of
ceilometer::api::password.

-Remove deprecated parameters

Change-Id: Iebfb4caf7d4675e17b866142292d421dcf62f63b
Related-Bug: #1604463
2016-08-19 08:16:15 +00:00
Alex Schultz
8363e51b3c Provide default service_name for keystone endpoint
This change updates the ceilometer::keystone::auth class to include a
default service_name of 'ceilometer' so that if a user changes the
auth_name, the service is still created as being related to
'ceilometer'.  This improves the user experiance when they want to
customize the usernames for services.

Change-Id: I472dd78c1b4fd8d3d4667aede56358cf6254617d
Closes-Bug: #1590040
2016-06-07 10:53:43 -06:00
Iury Gregory Melo Ferreira
01caa03b57 Remove deprecated keystone::auth options
Change-Id: Ic1764835e9c06623b1aef788485c9cfd9a01284f
2016-06-03 01:33:33 -03:00
Xingchao Yu
27654f3e17 Improve format of the documentations.
This patch is aim to unify format of the documentations in all
ceilometer classes.

Change-Id: I8b617a14146a90758fa6b8898637206bff6d2f29
2016-01-11 22:33:42 +08:00
Emilien Macchi
183b62b35a auth: drop service dependency for Keystone_user_role
Drop service dependency for Keystone_user_role.

Without that patch, Ceilometer & Keystone running in WSGI will fail to compile
the catalog because a dependency cycle:
Anchor[keystone_started] => Keystone_user_role[ceilometer@services] =>
Service[ceilometer-api] => Service[httpd] => Anchor[keystone_started]

The dependency is not really useful because it does not prevent the
service to start.

Change-Id: Id8366cd5d2ddf6da468ecc7adb7d55eb8be4c8d8
2015-10-02 16:17:25 -04:00
Sebastien Badia
e7dfcc85de keystone/auth: make service description configurable
This commit adds the service description as a class parameter in order to allow
users to update from a previous version if the service description is changed
(incorrectly spelled or wrong description)

Change-Id: Ia0ddf657991db1dd82ca063a944132643054d514
Closes-Bug: #1468407
2015-06-24 17:51:15 +02:00
Mathieu Gagné
e984d28464 Deprecate old public, internal and admin parameters
This change deprecates the following parameters:
- port (replaced by public/internal/admin_url)
- public_protocol (replaced by public_url)
- public_address (replaced by public_url)
- internal_protocol (replaced by internal_url)
- internal_address (replaced by internal_url)
- admin_protocol (replaced by admin_url)
- admin_address (replaced by admin_url)

Add deprecation warnings if any of those values are provided
while maintaining full backward compatibility.

Closes-bug: #1274979
Change-Id: Ia20f9d032fada10979383446f78ff57035b9c763
2015-06-11 16:48:19 -04:00
Sebastien Badia
565c78cc7f Add Puppet 4.x lint checks
This changes the puppet-lint requirement to 1.1.x, so that we can use
puppet-lint plugins.  Most of these plugins are for 4.x compat, but some
just catch common errors.

This commit also remove custom metadata rake task (this task is now
provided by puppetlabs_spec_helper).

Conflicts:
	Gemfile

Change-Id: I22369948db6a2f8ddab9b8c93c3a047ff2e229ca
2015-03-11 09:03:59 +01:00
Emilien Macchi
c0318f0e1b Refactorise Keystone resources management
Refactorise the code of Keystone resources management with backward
compatibility since we don't modify the unit tests.

Change-Id: Iafbe248ef0314b8abc31d22a7631df51e23f2c48
Implements: blueprint common-openstack-identity-resource
2014-11-21 10:12:40 -05:00
Mike Dorman
7719ceaff0 Make user creation optional when creating service.
In some cases it is useful to be able to just configure
the service in Keystone and not the service user. This
is the case when e.g. a read only LDAP backend is used.
Added a parameter configure_user (defaults to true).
Closes-Bug: 1360232

Change-Id: I541224b9bf431da957b9de31909e0aad5c9be187
2014-09-11 18:11:51 -05:00
Mike Dorman
ed031af7bf Adds ability to override service name for service catalog
Instead of forcing the name of the service in the service catalog to
match auth_name, this allows the ability to explicitly set the service
name, spearately from auth_name.
If service_name is not specified, it's value defaults to the value
of auth_name (which maintains the current behavior.)

Closes-bug: #1359755
Change-Id: I66dadaebb526cfae2b6c250b2bef97e1e6d6aafe
2014-08-21 09:53:34 -04:00
François Charlier
ebe908365c Allow to set full url for endpoints
This changeset allows to set full url for endpoints. The default is
still to use the {public,admin,internal}_{protocol,host} and port
variables. The {public,admin,internal}_url parameters override the
_protocol, _host & port parameters.

There were previously one parameter for each {public,admin,internal}
endpoint url component (protocol, host), but not port.
Adding more parameters to allow different port would add too much
parameters and still missing the path part.

Fixes Bug#1227742

Change-Id: I834be8ab0f160b24348d218197711e8ecc392f5b
2013-09-23 10:24:13 +02:00
Mathieu Gagné
55f17d53f2 Use Puppet boolean for better consistency
Change-Id: I894af9499f1ea2fc255aa62fa6522c04a32d8a7c
2013-08-09 15:50:41 -04:00
François Charlier
74bbcac98b Merge remote-tracking branch 'mgagne/grizzly' into lint
Conflicts:
	manifests/db/mysql.pp
	manifests/db/mysql/host_access.pp
	manifests/keystone/auth.pp

Update some docs in the process
2013-04-23 10:51:24 +02:00
Mathieu Gagné
f2ff304078 Fix notification relationship
Relationship was referring to Service[ceilometer] which does not exist.
2013-04-21 17:46:58 -04:00
Mathieu Gagné
4e4b00a58a Update puppetdoc for ceilometer::keystone::auth 2013-04-21 17:45:32 -04:00
François Charlier
8e97414369 Ensure passwords/secrets are specified by user 2013-04-20 05:50:29 +02:00
François Charlier
f63fde7ab3 Fix lint errors, add some documentation 2013-04-20 04:28:44 +02:00
François Charlier
f3d57b9e40 Remove version from endpoint.
The client has to specify it.
2013-03-18 14:56:49 +01:00
François Charlier
d3a07cc1ef Fix style 2012-12-14 11:13:44 +01:00
François Charlier
1fa87a3836 Ensure the ceilometer user has ResellerAdmin role
Required to poll swift usage
2012-12-14 11:12:13 +01:00
emilienm
4708b42008 Add auth.pp for keystone 2012-12-07 15:23:14 +01:00