The redirect URI specified in the Apache config for OIDC
was unintentionally serving a dual purpose as a redirect
URI and a handler for command line auth.
As of mod_auth_openidc v2.4.9 this no longer works.
This change splits the paths for command line auth and
the redirect URI into two to work around this.
Change-Id: I27c612cf8537b401c1195ae0892bf5569e2f3858
Doc jobs for the role are failing now with line being too long. Adding
new line fix the issue as link is treated properly afterwards.
Change-Id: I4deeacd9d953e3bf1bde208a4011455f8dd6fbe0
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.
Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.
Change-Id: I5732f9197902fccb96eb8537050849a1692d3725
Related-Bug: #2029486
Keystone role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: Ib21a5f5caa590daa827e45d26015bf32abe39cf2
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I7f03a145490529e703aced630c49d08b0e59a435
- Standardise use of default as domain id for federated identities
that is necessary for newer ansible collections.
- Add information about OIDC with mod_auth_openidc.
- General updates to SAML / older documentation.
Change-Id: Ife7176bf5b9b7e52ceec6ef8971349222477414e
Add noqa where requried http://paste.openstack.org/show/798685/
Also remove centos-7 jobs as these are not supported for Victoria and
are blocking further patches merging.
Change-Id: I92f9131daf23f5cd38054a0b7c385344994a2aa0
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Iecbe3fa0e8cafb7a69d398d2bb039693c7d24957
New version of openstackdocstheme (Victoria+) respects pygments_style.
Since this repo is using now Victoria (master) requirements but has
not branched for Ussuri yet, it uses the new version.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
Change-Id: I9a8e5558cc159fe476a32c905cde19c7fb7d7099
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove python 2.7 stanza from setup.py
- Remove obsolete sections from setup.cfg
- Cleanup */source/conf.py to remove now obsolete content.
Change-Id: I601d900d4c34565e08d121f4100ebd3b1140b991
Keystone removed support for writable LDAP backends in Ocata. Prior to
that it was deprecated for several releases. This commit removes
references to those configuration options since they are silently
ignored. This cleans up the configuration files and doesn't give the
impression that functionality is still supported.
Relevant release notes that advertize the removal:
https://docs.openstack.org/releasenotes/keystone/ocata.html#relnotes-11-0-0-origin-stable-ocata-other-notes
Change-Id: Id05247d004ee7d189dff3ec867a6ec11dfc40e9b
This patch adds a `pdf-docs` tox target that will build
PDF versions of our docs. As per the Train community goal:
https://governance.openstack.org/tc/goals/selected/train/pdf-doc-generation.html
Add sphinxcontrib-svg2pdfconverter to doc/requirements.txt
to convert our SVGs.
Change-Id: Ie55900a7a2b3f3696588100137847f1950cf72e2
Story: 2006105
sphinxmark is no longer compatible with the latest release of Sphinx
which is causing all of our documentation jobs to fail. This patch
removes it as our current usage of openstacktheme for documentation
already provides watermarks for current branch and notices for which
branch the documentation covers.
Change-Id: I797436280167410215348752540fdb2600cb534c
The keystone service user is never used by the keystone service. Remove
the tasks creating it and related variables.
Change-Id: Iede26cba97ab43cdd0abc3887883e61d40007b34
The keystone_service admin, public, and internal url and v3 variables
were only used in documented examples for federation, not in any tasks.
Change-Id: Ia8a0f8c945f83a5974c4a74890e73002cf219158
With addition of pip_install on every node, we don't
need to have pip_install as a meta dependency.
Depends-On: If3412bb888ebb854874bbc43eb76bfcb3e4a7868
Depends-On: I79ff70c438b44753be2a93f004ebbc46de0a963d
Change-Id: Ie72283fc39355bb798a90ce3347a197d1b8e5e37
This patch implements an initial set of jobs intended to match
the current job execution method. It does not intend to improve
how the jobs are executed - only to replicate what is currently
in openstack-infra/openstack-zuul-jobs and provide the platform
to iterate on.
Change-Id: Ic04b7e658e7755c8e66e47a84442a5f3c791fa78
Currently when clicking on the small bug in the roles'
docs, we land on openstack-manuals launchpad.
This should solve it.
Change-Id: I634be4d1bdf98af7687112fdb2a4dc708ef85703
Added a water mark to the role documentation
to make clear to deployers which release they're
working with.
Modified conf.py that adds watermark to the documentation according
to particular branch. If the current branch is master than
watermark is 'Pre-release' and if the current branch is
stable/<release-name> than watermark is <release-name>.
This is a combined implementation based on the following
patches:
- https://review.openstack.org/372565
- https://review.openstack.org/382637
- https://review.openstack.org/384140
Change-Id: Ibd4e915a3fddc5cee2da0097cbdd99ef629a87fa
Also includes clean up of the pre-existing content.
Update the role documentation to match the newly proposed format. In
the new format, each role project should maintain the configuration
variations for the role project itself.
Change-Id: I68ab9a5e8e305114e023ce23341bc9e11a5dbe7c
The 'docs' tox target executes the doc8 lint test which may result in
failures when testing documentation builds, but OpenStack-CI does not
execute that tox target.
In order to ensure that we catch all standard documentation syntax
errors and prevent them from merging, this patch includes the docs
target in the 'linters' chain of tests.
Fixes for any failures which result from executing this test are also
included in the patch.
Change-Id: I15e21908c9d453256220c304ce85f7488497e719
This patch updates the sphinx configuration for docs and releasenotes
to make it easier to replicate across repositories and to comply with
pep8 testing without exceptions.
Change-Id: I388123b1cbd06955421e69af740b11e559cedb00
Utilizing RST includes to reduce duplication of documentation
effort. All contents of the Ansible defaults/main.yml are
now included in the documentation directly.
Change-Id: Ib3d0caa4a23550f201887b075bb8f0de5d9f6c26
This change makes it so that the OS_keystone role is an independent
role and can be installed / tested stand-alone.
Implements: blueprint independent-role-repositories
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Andrew Bonney