KeystoneRequires.ep_changed() now returns a dictionary rather than
json. As a result KeystoneRequires.endpoint_checksums now throws an
exception when it tries to decode the return from ep_changed.
Change-Id: I440104679c900ce8b67ff1fca1d0ce003e5f0ef4
The new keystone-k8s operator uses the application data bag and
more up-to-date key names for endpoint and authentication information.
Check for this information and then fallback to the existing
keystone charm unit data bag data set if not found.
Update register_endpoints to also provide new application data
bag JSON encoded data when this method is called from a lead
unit. This relies on the type and description of the endpoint
being provided which will require a charm change on adoption.
Change-Id: I921d173c64b12c35f5ffc17270a0fc2bb83891c4
The RelationBase class has been deprecated for some time and
provides no support for interaction with the application data
bag.
Migrate requires interface to Endpoint base class and refactor
as needed.
Change-Id: I82fe7df6c7c3658dd334a830442f1dcbd1e7d7e4
The service_type needs to be added to keystone_authtoken
for access rules (application credentials) to work so it
is now a required parameter.
Related-Bug: #1965967
Change-Id: Ic90de9de13ad2728b9ce9de075c03f7854c417ca
A charm joined to keystone via the identity-service relation can
now specify additional roles that can be granted to admin. This
is done by setting the relation data key `add_role_to_admin` the
value is a comma seperated list of roles that should be granted
to admin.
Change-Id: I5495c350c7ac65f8a67125734dff368577c983f4
Most reactive charms react on identity-service.available but the
current interface distinguishes between available and available.auth. It
is somewhat assumed by most charms that identity-service.available is
equivalent to identity-service.available.auth, as what charms are
concerned with is the ability to authenticate against the cloud.
Collapse the difference between identity-service.available and
identity-service.available.auth.
Continue to set identity-service.available.auth for any charms that may
rely on it.
Change-Id: I494feea5f3ef8706140ce712b1e025e52b0dfbd1
Closes-Bug: #1818113
The keystone charm may provide ID information about the admin
user, project and domain.
These are used to build trusts between service accounts and the
main cloud admin account to allow priviledge escalation for
cloud applications (such as backups).
Change-Id: I9c7a9a4d218059de2ad24c8481fd263f8125a8e3
Add support for recent changes to keystone to allow consuming
charms to request notification about endpoint changes.
Change-Id: Icacca3445980cdb866cb0dad90b288ce96e8c460
service_domain_id might be required by dependant charms
such as aodh and should be exposed as an accessor attribute.
Partial-Bug: #1831181
Change-Id: Idae7aec048b9203d2b1a75da8d68cf97271f1b53
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@canonical.com>
When passing ``requested_roles`` down the ``identity-service``
relation the Keystone charm will create the listed roles for you.
Useful for charm authors implementing charms with specific role
requirements.
Change-Id: I7c1eedb1e78ffc53ac3e0df81f6b52358dd8dfa5
Closes-Bug: #1813602
Adding code for supporting service_domain.
Some charms need to get service_domain
from keystone relation.
Change-Id: Ic9a8ae558482cda8f28de8ff465dab15fc85f9e3
The api version that keystone is uing is advertised via the
api_version key in the identity-service relation but the interface
does not currently set it as a property.
Change-Id: I3b0ee1f22d1c6afee54e1faf315400ca1f8adf77
This adds unit tests to the interface-keystone and provides ostestr
support, and a makefile to allow easy 'make lint' and 'make test'
commands. All tests are performed in tox environments. At present this
is py27.