This is follow-up of c543bd33ae2389e64f932441c719fcc105a2f2da and
removes some deprecated database parameters still left.
Change-Id: I6325c5d8d290bf6176d17e4aea9058f85feea2f3
The DEFAULT/trusts_delegated_roles parameter is a ListOpt, which
accepts a list value in a comma-separated list format. This change
allows usage of array to define the list value in a native manner.
Change-Id: I9d74fac8cdc4cfe7c7c6f366dba712b8c331b269
The DB purge operation expects the target database is already
initialized. This change ensures db sync is completed before cron job
is enabled.
Closes-Bug: #1955829
Change-Id: I742ea262bde8b9412627a475c53b27d25e132787
... instead of injecting it by vhost_custom_fragment.
Depends-on: https://review.opendev.org/821082
Change-Id: I684e077d03b318cef01688c1b11ea37d7fc2f664
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I1429b2cc6f3c01c07ec26b1a7242e451072be368
... but test interfaces of that resource type. This helps us avoid
direct breakage caused by any change in puppet-keystone.
Change-Id: I68c8a1870c2940e2934ca3b11a71a75f5db179c2
This change introduces the new heat::trustee class to manage
the parameters in the [trustee] options. These options have been set
according to authtoken parameters but it makes maintenance complicated
and the logic doesn't work properly when noauth is used.
This change also removes the [trustee] project_domain_name parameter
because the parameter has never been used actually.
Change-Id: I694a8ea771cc4d4dcfbf8384ece2be10d83ab3f0
... but test interfaces of that resource type. This helps us avoid
direct breakage caused by any change in puppet-keystone.
Change-Id: Icaf4eaabb2249145bfbfb51541d9c9ced1e745bf
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ife9db20f914ae773881f4c78871b8232ecf42d17
The authtoken parameters are not managed directly but managed by
the keystone::resource::authtoken class. Thus we should avoid testing
parameters directly otherwise any change in the resource type can
cause test failures.
Change-Id: I293c28cc9e7decc2149b44b8f9154f088ebf09db
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].
[1] 5c38281e1b698f157f03bf1815733277c541c30b
Change-Id: I62c36a4521ca9b3c5062d88fe9a7ee55c748fbd3
... but test interface of oslo::cache, to make these test cases robust
for any change in oslo::cache.
Change-Id: Ic84202156f487e1b4605b665d02a1ebbecc509aa
... because the max_stacks_per_tenant parameter is used by heat-engine,
and the very similar max_resources_per_stack parameter is implemented
in heat::engine.
Change-Id: I57a8e8b9643d999c8ed379895f998ee1d09fb1a8
This change makes unit test cases for heat::cors, so that these tests
do not test behavir of oslo::cors but how oslo::cors resource type is
called by heat::cors.
Change-Id: Ic1bdb8f8d9b397b17db8c1d7a64a2e2d88e94b62
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Heat API and api-metadata. Therefore, this patch adds
two new heat_api_uwsgi_config and heat_api_cfn_uwsgi_config
providers as well as two new heat::wsgi::uwsgi_api and
heat::wsgi::uwsgi_api_cfn classes.
Change-Id: I0e226046f6e2d69c89681948cee8e8830c186489
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .
Change-Id: I9dea409a46bd8d22388853582de8f64034cf0d03
This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.
Depends-on: https://review.opendev.org/761604
Change-Id: I92552d013db98b972124db901f3f35a326110846
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.
Change-Id: I9118a6d4e1553ee0715f3fda72d625ccdcdf1b0f
Closes-Bug: #1904962