The password parameter is not really optional. This makes it
a required parameter to give more sensible validation error.
Change-Id: I0de636a2ca00757ef24552a0c9a97ee95e485d19
... because the latest lint no longer allows usage of legacy facts and
top scope fact.
This also fixes the wrong wsgi script name introduced by [1] to fix
broken litmus jobs.
[1] d7a1ea5fb7632e58a69f7dead32c28f1a9419a2e
Change-Id: Idb7d655242ccd6f785ea4dfbb94d8ff3ad961b03
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I6907dd4b41dfe009a69fecd3ee5d8332c4c6a424
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: If61e708f68f96ce6c485a681d39e17c3cf737d2a
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.
Change-Id: I1c76eea5b6960cce2fe822aac9fa018c250ecd5d
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: Ie5ad7f2438c922692b4d7df60cd68a6afadb3a72
Closes-Bug: 1778198
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: Ic360bd95c3cf542ca2833e366102950cecd7ef5b
Closes-Bug: #1804562
Closes-Bug: #1804720
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: If7049561c6a9e94fc5074112db9597cd8cb6996e
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Depends-On: I0dd36ef1f1f5dcdc57413736ecb8f2555712c36d
Closes-Bug: #1759098
Now that the v2.0 API has been removed, we don't have a reason to
include deployment instructions for two separate applications on
different ports.
Change-Id: I6267a1b6189601e117d28be342864688d3522aa6
Keystone v2.0 API was removed so we have no choice but configuring
user_domain_name and project_domain_name otherwise it fallbacks to
Keystone v2.0 and it fails. This patch sets the default value so we make
sure Keystone v3 will be used out of the box for our users.
Change-Id: I4d2a5620e7a4dc5c5fddabd3da0299e0f2211102
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: Ib4030f83a9201155e5168c164d257a14b9da16e0
Closes-Bug: #1717144
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.
Change-Id: Iee2b5a00c9eb026a42ebd4bf166d06f6bc5f6e27
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.
Change-Id: I91803e5f2c674e284657bbd40ea32b349a8f393f
Closes-Bug: #1652700
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section
Change-Id: I2ad9c559768324cb494bcbe719195817b3ca4864
In trove::api, use keystone::resource::authtoken to configure
keystone_authtoken section in trove.conf, with all parameters required
to configure keystonemiddleware.
This patch will allow to deploy Trove to use Keystone v3
authentification.
Some deprecations:
- trove::api::keystone_tenant is deprecated in favor of trove::keystone::authtoken::project_name.
- trove::api::keystone_user is deprecated in favor of trove::keystone::authtoken::username.
- trove::api::keystone_password is deprecated in favor of trove::keystone::authtoken::password.
- trove::api::identity_uri is deprecated in favor of trove::keystone::authtoken::auth_url.
- trove::api::auth_uri is deprecated in favor of trove::keystone::authtoken::auth_uri.
Change-Id: I808ebda1c4ec3a5b2ed294eb8af4eecafa861051
Closes-Bug: #1604463