21 Commits

Author SHA1 Message Date
Takashi Kajinami
69eb2582c1 Simplify definition to ensure keystone resource creation
Use the whole resource type instead of its individual resources, to
rely on interface instead of implementation of the dependent module.

Change-Id: Ida8de2bfea71a3c783f4b0e4503f284e0b89aeec
2022-02-07 00:22:42 +09:00
Takashi Kajinami
95f5169393 Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I6907dd4b41dfe009a69fecd3ee5d8332c4c6a424
2022-01-25 10:54:14 +09:00
Tobias Urdin
a053d4e86e Convert all class usage to relative names
Change-Id: Ic7b8f4e584e3f1ed1d5c6c568cc6caf67493cdda
2019-12-08 23:24:12 +01:00
ZhongShengping
325bcb9a97 Cleanup documentation
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.

Change-Id: I2db292c8f4501d358c19cd8c0276c6b9ea1f6d11
2018-12-13 17:10:02 +08:00
ZhongShengping
c73ca7742c Fix the tag of trove service
The service tag should be trove-service, not trove-server.

Change-Id: If15575547307b649f5503e8ca1ec2b5a8eceaf02
2017-01-12 19:31:10 +08:00
Marcellin Fom Tchassem
e99cc9e7ce Change default service_name to 'trove'
While we were already able to pick an independent auth_name and
service_name; the service_name was defaulting to auth_name. Now it
has a value of its own to be consistent with other modules.

Change-Id: If3f29c1f4efe2eeb5ff9173628403dfcc7f48e57
Related-Bug: #1590040
2016-06-07 21:17:19 -05:00
Denis Egorenko
45503b548a Remove deprecated keystone::auth options
Change-Id: I69df2e6ef68c79bdc6d564c78489cec555af396b
2016-06-01 18:37:42 +03:00
Praveen
c780bfc964 Providing an option to disable configure_user in Keystone
Currently configure_user and configure_user_role parameters are set to true.
There should be an option to configure the parameter with appropriate values.

For Example, If we are using Keystone User entries from LDAP,
We can't create/update the user.

Change-Id: Ifecd56e3d1f0d82d45436025497746bb6394e188
Closes-Bug: #1583920
2016-05-24 06:00:34 -04:00
Matt Fischer
59f75e6085 Trove external dependency management
Move all dependency tracking to an external class which simplifies the
relationships and allows managing Trove without necessarily using
packages.

This change also cleans up how the client is handled to make
it more configurable and match other modules.

Finally the reference to the deprecated and non-functional
keystone::python class is dropped.

Change-Id: I943685fbeb114dead80b7465b8f5c564a0bc9fe0
2016-03-21 19:42:26 -06:00
Matt Fischer
08723f9ddc Use tag not name for service collector
There is no service named trove-server, but there is a tag with
that name. That's what we should be using, originally I believe
this was a typo.

Change-Id: I7e2fb304644287a5cbe45725cdd6f7464630fca8
Closes-Bug: #1528786
2016-02-05 18:03:51 +00:00
Emilien Macchi
c73c228ae7 Make Keystone_endpoint match service by name/type
Since a chance in puppet-keystone (1], we now match an endpoint with a
service name/type.
)
[1] http://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=0a4e06abb0f5b3f324464ff5219d2885816311ce

Also:
require package before config file Before trying to build the guestagent
config file from the template with Puppet, first install the package so
we make sure /etc/trove is ready. Otherwise, Puppet will randomly fail
to create the file, if the package is not installed yet.

We need to squash the two changes otherwise CI will never pass.
Change-Id: I9662c684c83933ffe6ede0337bc1770dd65b0ce7
Closes-Bug: #1528308
2016-01-06 12:08:28 -05:00
Jenkins
4ce651ef07 Merge "Fix catalog compilation when not configuring endpoint" 2015-07-28 13:04:02 +00:00
Emilien Macchi
39867dcd31 Fix catalog compilation when not configuring endpoint
Previously when you set $configure_endpoint to false and did not have a
keystone_endpoint resource with the same name as is defined by
neutron::keystone::auth, the catalog would not be compiled. This was
because a relationship was being established where one resource in the
relationship didn't exist. This changes this so that the relationship
involving the Keystone endpoint is only defined if $configure_endpoint
is set to true.

Change-Id: I1ee51f33ffd1bf20578cd56120ee5be8e6fa0133
Co-Authored-By: Risto Laurikainen <risto.laurikainen@csc.fi>
Co-Authored-By: Gael Chamoulaud <gchamoul@redhat.com>
Closes-Bug: 1368686
2015-07-23 18:30:29 -04:00
Sebastien Badia
d1f751bcfd keystone/auth: make service description configurable
This commit adds the service description as a class parameter in order to allow
users to update from a previous version if the service description is changed
(incorrectly spelled or wrong description)

Change-Id: Id87939c9723fce5303182fff0c98dc4c2f3072b1
Closes-Bug: #1468407
2015-06-26 17:58:23 +00:00
Mathieu Gagné
df63776cec Introduce public_url, internal_url and admin_url
This change deprecates the following parameters:
- port (replaced by public/internal/admin_url)
- public_protocol (replaced by public_url)
- public_address (replaced by public_url)
- public_port (replaced by public_url)
- internal_protocol (replaced by internal_url)
- internal_address (replaced by internal_url)
- admin_protocol (replaced by admin_url)
- admin_address (replaced by admin_url)

Add deprecation warnings if any of those values are provided
while maintaining full backward compatibility.

Closes-bug: #1274979
Change-Id: I94f331877150df25e64bfb9bb6ceb6bdb8c15805
2015-06-11 17:26:18 -04:00
Rico Lin
57755f18d0 Adds ability to override service name for service catalog
Instead of forcing the name of the service in the service catalog to
match auth_name, this allows the ability to explicitly set the service
name, spearately from auth_name.
If service_name is not specified, it's value defaults to the value
of auth_name (which maintains the current behavior.)

Change-Id: Ic1699df4bf562390bd8c3196df03c2483cdf6ff1
Closes-bug: #1359755
2015-03-23 10:05:35 +08:00
Emilien Macchi
4fe79ee6c3 Refactorise Keystone resources management
Refactorise the code of Keystone resources management with backward
compatibility since we don't modify the unit tests.

Change-Id: I34f0f55a9a4e3873d4f988c311bdcbd54b33e459
Implements: blueprint common-openstack-identity-resource
2014-11-21 11:07:34 -05:00
Sebastien Badia
eda9844c01 keystone/auth: Fix puppetdoc typos
Update puppetdoc to reference on Trove instead of Neutron

Change-Id: If0bae23c536461edba3da08da4bb17cc09676b0b
2014-10-06 17:23:28 +02:00
Sebastien Badia
24b23d05af [keystone/auth] Fix port number (thanks @fghaas) 2014-06-17 18:11:23 +02:00
Sebastien Badia
25f3836186 [keystone/auth] Fix service type 2014-06-17 18:10:18 +02:00
Emilien Macchi
2f4abc06c4 introduce trove::keystone::auth class 2014-05-30 18:04:09 +02:00