This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].
[1] 5c38281e1b698f157f03bf1815733277c541c30b
Change-Id: Iae359ee38cac10190f9813b14cd3a2f92a59d1b6
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I74d848da4f2e923f224786fd55b35cb063bb59a1
Add support for service_token_roles in authtoken middleware, so that
we can customize roles assigned to users, which use service user token
feature.
Change-Id: I4376f16e11e9749e55ad36a124777ea0d8686e45
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.
Change-Id: I1b9c60080b1fefe82bec1ebff4158c0586869d79
This changes all the puppet 3 validate_* functions
to use the validate_legacy function.
The validate_legacy function has been available since
about three years but require Puppet >= 4.4.0 and since
there is Puppet 4.10.12 as latest we should assume people
are running a fairly new Puppet 4 version.
This is the first step to then remove all validate function
calls and use proper types for parameter as described in spec [1].
[1] https://review.openstack.org/#/c/568929/
Change-Id: Ib31134bb604e32fd274b41dc78c4356500f71ab0
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: I751b3a94c3aac7a0faf638afea0168769589b71d
Closes-Bug: 1778198
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.
Change-Id: I04fb9ead983cc8f7df40093b6404cac15cc9ac07
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: I0ad17b24278372f9f3648450f23957413a1f40d3
Closes-Bug: #1804562
Closes-Bug: #1804720
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Icf6c42182b10cdfb07461923f7fd41fccb0f9013
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
Keystone v2 api's are removed in [1], so it's required
to set user_domain_name and project_domain_name otherwise
all requests fallbacks to keystone v2.0 and fails.
[1] https://review.openstack.org/#/c/499783/
Change-Id: Id3737874408887900e1d8b6b87758f64469892b0
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: Ib7caf25e92ebc2dc11ddc3b952da2f2c9ff616cb
Closes-Bug: #1717144
To be able to use the swift backend, we may need to configure Zaqar to
have the proper role to access Swift. This exposes the roles parameter
to allow that.
Change-Id: I9ce1bbc18d02383a5cdd3edbcf8c65c90165fb53
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.
Change-Id: Id0d980618cd3816172e491b20058d540d6d1ed41
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.
Change-Id: If82b345969da11d2187a7919fd213275f1cf8339
Closes-Bug: #1652700
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain. This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.
Change-Id: If4f585264f5f5a15549855d97b532866d91f5215
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section
Change-Id: I4950c5dba0eb257412fe2d2d39f1780b431c05d4
Adds a new zaqar::keystone::auth_websocket class to help
create a 'messaging-websocket' Keystone endpoint. Users of
zaqar websockets currently have to do substring replacement on the
Zaqar HTTP URLs... having a dedicated endpoint for websockets will
be much better.
Change-Id: Idd3ca1765604d9a461f68fc7b4a18b23a3c19d5b
This change updates the zaqar::keystone::auth class to include a default
service_name of 'zaqar' so that if a user changes the auth_name, the
service is still created as being related to 'zaqar'. This improves the
user experiance when they want to customize the usernames for services.
Change-Id: I2977790c3558732c2a1773aa3ede834c1d62ca16
Closes-Bug: #1590040
Update the defaults for keystone::auth so that they are
consistent with the project (python-zaqarclient, etc.)
Change-Id: I317fb47a1326eb577dd0fa8ec5eb2d7ac842c4af