Use the whole resource type instead of its individual resources, to
rely on interface instead of implementation of the dependent module.
Change-Id: Ida8de2bfea71a3c783f4b0e4503f284e0b89aeec
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I6907dd4b41dfe009a69fecd3ee5d8332c4c6a424
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.
Change-Id: I2db292c8f4501d358c19cd8c0276c6b9ea1f6d11
While we were already able to pick an independent auth_name and
service_name; the service_name was defaulting to auth_name. Now it
has a value of its own to be consistent with other modules.
Change-Id: If3f29c1f4efe2eeb5ff9173628403dfcc7f48e57
Related-Bug: #1590040
Currently configure_user and configure_user_role parameters are set to true.
There should be an option to configure the parameter with appropriate values.
For Example, If we are using Keystone User entries from LDAP,
We can't create/update the user.
Change-Id: Ifecd56e3d1f0d82d45436025497746bb6394e188
Closes-Bug: #1583920
Move all dependency tracking to an external class which simplifies the
relationships and allows managing Trove without necessarily using
packages.
This change also cleans up how the client is handled to make
it more configurable and match other modules.
Finally the reference to the deprecated and non-functional
keystone::python class is dropped.
Change-Id: I943685fbeb114dead80b7465b8f5c564a0bc9fe0
There is no service named trove-server, but there is a tag with
that name. That's what we should be using, originally I believe
this was a typo.
Change-Id: I7e2fb304644287a5cbe45725cdd6f7464630fca8
Closes-Bug: #1528786
Since a chance in puppet-keystone (1], we now match an endpoint with a
service name/type.
)
[1] http://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=0a4e06abb0f5b3f324464ff5219d2885816311ce
Also:
require package before config file Before trying to build the guestagent
config file from the template with Puppet, first install the package so
we make sure /etc/trove is ready. Otherwise, Puppet will randomly fail
to create the file, if the package is not installed yet.
We need to squash the two changes otherwise CI will never pass.
Change-Id: I9662c684c83933ffe6ede0337bc1770dd65b0ce7
Closes-Bug: #1528308
Previously when you set $configure_endpoint to false and did not have a
keystone_endpoint resource with the same name as is defined by
neutron::keystone::auth, the catalog would not be compiled. This was
because a relationship was being established where one resource in the
relationship didn't exist. This changes this so that the relationship
involving the Keystone endpoint is only defined if $configure_endpoint
is set to true.
Change-Id: I1ee51f33ffd1bf20578cd56120ee5be8e6fa0133
Co-Authored-By: Risto Laurikainen <risto.laurikainen@csc.fi>
Co-Authored-By: Gael Chamoulaud <gchamoul@redhat.com>
Closes-Bug: 1368686
This commit adds the service description as a class parameter in order to allow
users to update from a previous version if the service description is changed
(incorrectly spelled or wrong description)
Change-Id: Id87939c9723fce5303182fff0c98dc4c2f3072b1
Closes-Bug: #1468407
This change deprecates the following parameters:
- port (replaced by public/internal/admin_url)
- public_protocol (replaced by public_url)
- public_address (replaced by public_url)
- public_port (replaced by public_url)
- internal_protocol (replaced by internal_url)
- internal_address (replaced by internal_url)
- admin_protocol (replaced by admin_url)
- admin_address (replaced by admin_url)
Add deprecation warnings if any of those values are provided
while maintaining full backward compatibility.
Closes-bug: #1274979
Change-Id: I94f331877150df25e64bfb9bb6ceb6bdb8c15805
Instead of forcing the name of the service in the service catalog to
match auth_name, this allows the ability to explicitly set the service
name, spearately from auth_name.
If service_name is not specified, it's value defaults to the value
of auth_name (which maintains the current behavior.)
Change-Id: Ic1699df4bf562390bd8c3196df03c2483cdf6ff1
Closes-bug: #1359755
Refactorise the code of Keystone resources management with backward
compatibility since we don't modify the unit tests.
Change-Id: I34f0f55a9a4e3873d4f988c311bdcbd54b33e459
Implements: blueprint common-openstack-identity-resource