Simplify maintained codebase by getting rid of library/keystone_sp can
use looping instead now.
Updates to openstack collections in terms of naming, as well as using
newer implemented functionalities.
Change-Id: I2f02ca712f309285310693b191f0d1cd1be8e24d
Add noqa where requried http://paste.openstack.org/show/798685/
Also remove centos-7 jobs as these are not supported for Victoria and
are blocking further patches merging.
Change-Id: I92f9131daf23f5cd38054a0b7c385344994a2aa0
The keystone role needed a few updates to deal with modern Ansible.
* The changeset pulls in the needed updates to resolve issues causing
the keystone_sp plugin, which powers federation, to crash.
* The changeset pulls in style changes for keystone cert sync removing
the need for the role to leverage the now deprecated memcached key
module.
Closes-Bug: 1660626
Change-Id: I29d444c9631a7511123aa6cd521a20a0e7588645
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch adds the ability to configure Keystone as a Service
Provider (SP) for a Federated Identity Provider (IdP).
* New variables to configure Keystone as a service provider are now
supported under a root `keystone_sp` variable. Example configurations
can be seen in Keystone's defaults file. This configuration includes
the list of identity providers and trusted dashboards. (At this time
only one identity provider is supported).
* Identity provider configuration includes the remote-to-local user
mapping and the list of remote attributes the SP can obtain from the
IdP.
* Shibboleth is installed and configured in the Keystone containers when
SP configuration is present.
* Horizon is configured for SSO login
DocImpact
UpgradeImpact
Implements: blueprint keystone-federation
Change-Id: I78b3d740434ea4b3ca0bd9f144e4a07026be23c6
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Georgina