31 Commits

Author SHA1 Message Date
Takashi Kajinami
8b8601618a Use a 'params' hash for authtoken parameters
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].

[1] 5c38281e1b698f157f03bf1815733277c541c30b

Change-Id: Iae359ee38cac10190f9813b14cd3a2f92a59d1b6
2021-08-27 15:08:50 +09:00
Takashi Kajinami
010790e3c1 Add support for the keystone_authtoken/service_type parameter
Change-Id: If76bf361fe554761729fc16bacf9c3ca1d959bfa
2020-11-03 17:40:59 +09:00
Takashi Kajinami
a6eae2f39e Add support for the interface parameter in authtoken middleware
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.

Change-Id: I74d848da4f2e923f224786fd55b35cb063bb59a1
2020-07-09 15:34:36 +09:00
Takashi Kajinami
58bb3d444f Add support for service_token_roles in authtoken
Add support for service_token_roles in authtoken middleware, so that
we can customize roles assigned to users, which use service user token
feature.

Change-Id: I4376f16e11e9749e55ad36a124777ea0d8686e45
2020-02-16 21:22:35 +09:00
Tobias Urdin
ce76a91f62 Convert all class usage to relative names
Change-Id: Ieb9a1d2c1dcef360ca7a323fe4f6cdbb61feecfe
2019-12-08 23:26:05 +01:00
ZhongShengping
84e31f0c3d Remove deprecated pki related options
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.

Change-Id: I1b9c60080b1fefe82bec1ebff4158c0586869d79
2019-08-15 11:51:37 +08:00
Zuul
16e5b962ef Merge "Use validate_legacy" 2019-02-26 02:36:44 +00:00
Tobias Urdin
0cfd8f689c Use validate_legacy
This changes all the puppet 3 validate_* functions
to use the validate_legacy function.

The validate_legacy function has been available since
about three years but require Puppet >= 4.4.0 and since
there is Puppet 4.10.12 as latest we should assume people
are running a fairly new Puppet 4 version.

This is the first step to then remove all validate function
calls and use proper types for parameter as described in spec [1].

[1] https://review.openstack.org/#/c/568929/

Change-Id: Ib31134bb604e32fd274b41dc78c4356500f71ab0
2019-02-23 23:17:56 +01:00
ZhongShengping
7640153684 Service_token_roles_required missing in the server config file
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: I751b3a94c3aac7a0faf638afea0168769589b71d
Closes-Bug: 1778198
2019-02-15 10:03:11 +08:00
ZhongShengping
dc4aae5fc6 Cleanup documentation
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.

Change-Id: I04fb9ead983cc8f7df40093b6404cac15cc9ac07
2018-12-13 17:10:59 +08:00
Tobias Urdin
00c52b2fba Remove auth_uri
Change-Id: I922316436583432ac705379ff68cb6247b27aba2
2018-11-29 00:33:04 +01:00
ZhongShengping
84c8ba02af Deprecate pki related options
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.

Change-Id: I0ad17b24278372f9f3648450f23957413a1f40d3
Closes-Bug: #1804562
Closes-Bug: #1804720
2018-11-23 10:24:14 +08:00
Tobias Urdin
d03c7d6ee6 Replace port 35357 with 5000
Change-Id: I981e0545bb0722b324ae792c82601f7b0534ae49
2018-07-18 10:29:33 +02:00
zhubingbing
596c91afe0 neat: missing : in $::os_service_default
Change-Id: Iceff6ad742623e181c29dce01a726be5d34f5b23
2018-05-11 14:02:40 +08:00
ZhongShengping
19dc2c1e2f Deprecate auth_uri option
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.

[1]https://review.openstack.org/#/c/508522/

Change-Id: Icf6c42182b10cdfb07461923f7fd41fccb0f9013
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
2018-04-03 16:55:05 +08:00
ZhongShengping
afbc7455bb Remove deprecated keystone authtoken revocation_cache_time option
Change-Id: I6e864bc01bcdd61172906d42e37661f5e3dfc66f
2018-03-27 10:33:24 +08:00
5691df168e Set *_domain_name vars to 'Default' by default
Keystone v2 api's are removed in [1], so it's required
to set user_domain_name and project_domain_name otherwise
all requests fallbacks to keystone v2.0 and fails.

[1] https://review.openstack.org/#/c/499783/

Change-Id: Id3737874408887900e1d8b6b87758f64469892b0
2017-10-06 11:30:53 +05:30
ZhongShengping
200fe99e63 Deprecate revocation_cache_time option
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.

Change-Id: Ib7caf25e92ebc2dc11ddc3b952da2f2c9ff616cb
Closes-Bug: #1717144
2017-09-14 12:26:58 +08:00
Thomas Herve
9b0dd8fed5 Allow configuration of trust notifier
To be able to use the trust notifier, we need to fill the trustee
section in the configuration.

Change-Id: Ibba7af4983303f3b85aa399f77391ba6bc984e8d
2017-07-19 14:25:26 +02:00
ZhongShengping
673da3b664 Remove deprecated keystone authtoken signing_dir option
Change-Id: I7127fa24716b12f44e77f76dda83952a4b73efc2
2017-07-07 10:01:29 +08:00
Thomas Herve
c7354c9934 Allow configuration of Zaqar keystone roles
To be able to use the swift backend, we may need to configure Zaqar to
have the proper role to access Swift. This exposes the roles parameter
to allow that.

Change-Id: I9ce1bbc18d02383a5cdd3edbcf8c65c90165fb53
2017-03-02 11:52:22 +01:00
Matthew J. Black
aaaa38c198 Allow python-memcache install from authtoken class
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.

Change-Id: Id0d980618cd3816172e491b20058d540d6d1ed41
2017-01-11 18:36:16 -05:00
ZhongShengping
fa7c8ba473 Deprecate signing_dir option
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.

Change-Id: If82b345969da11d2187a7919fd213275f1cf8339
Closes-Bug: #1652700
2016-12-28 14:43:37 +08:00
ZhongShengping
c54428f524 Add hooks for external install & svc management
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain.  This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.

Change-Id: If4f585264f5f5a15549855d97b532866d91f5215
2016-12-07 16:49:58 +08:00
Iury Gregory Melo Ferreira
641be0c1e0 Remove old authtoken options
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section

Change-Id: I4950c5dba0eb257412fe2d2d39f1780b431c05d4
2016-11-18 00:54:16 +00:00
Iury Gregory Melo Ferreira
a95b356f0f Move authtoken to class
Update module to work with the new schema for authtoken

Change-Id: If7eca0a769651b13a996558e6318ac682eff24f6
Closes-Bug: #1604463
2016-08-04 12:25:34 -03:00
Dan Prince
837dad71f2 Add zaqar::keystone::auth_websocket
Adds a new zaqar::keystone::auth_websocket class to help
create a 'messaging-websocket' Keystone endpoint. Users of
zaqar websockets currently have to do substring replacement on the
Zaqar HTTP URLs... having a dedicated endpoint for websockets will
be much better.

Change-Id: Idd3ca1765604d9a461f68fc7b4a18b23a3c19d5b
2016-07-07 15:56:59 -04:00
ZhongShengping
c2acaba000 Provide default service_name for keystone endpoint
This change updates the zaqar::keystone::auth class to include a default
service_name of 'zaqar' so that if a user changes the auth_name, the
service is still created as being related to 'zaqar'.  This improves the
user experiance when they want to customize the usernames for services.

Change-Id: I2977790c3558732c2a1773aa3ede834c1d62ca16
Closes-Bug: #1590040
2016-06-08 13:52:19 +08:00
Dan Prince
5a0b65b1ea Updated defaults for zaqar::keystone::auth
Update the defaults for keystone::auth so that they are
consistent with the project (python-zaqarclient, etc.)

Change-Id: I317fb47a1326eb577dd0fa8ec5eb2d7ac842c4af
2016-02-11 20:10:45 -05:00
Emilien Macchi
eaf21d19ee Make Keystone_endpoint match service by name/type
Since a chance in puppet-keystone (1], we now match an endpoint with a
service name/type.
)
[1] http://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=0a4e06abb0f5b3f324464ff5219d2885816311ce

Change-Id: Id31829908be2818ba5afe121caf79d97300dd20f
Closes-Bug: #1528308
2015-12-22 18:13:36 +01:00
Richard Raseley
33c0956a92 puppet-zaqar: Initial commit
This is the initial commit for puppet-zaqar.
It has been automatically generated using cookiecutter[1] and msync[2]

[1] https://github.com/openstack/puppet-openstack-cookiecutter
[2] https://github.com/openstack/puppet-modulesync-configs

Change-Id: Iaca8f89dd22320ec0e08bfb8ec9b5912ad68c9fb
Co-Authored-By: yguenane@redhat.com
2015-08-25 09:59:38 -07:00