Merge "Add cacert to clouds.yaml"

This commit is contained in:
Zuul 2020-05-18 19:29:45 +00:00 committed by Gerrit Code Review
commit c6b096ffbb
1 changed files with 36 additions and 0 deletions

View File

@ -52,6 +52,26 @@ parameters:
default: 'fernet'
constraints:
- allowed_values: ['fernet']
SSLCertificate:
default: ''
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
PublicSSLCertificateAutogenerated:
default: false
description: >
Whether the public SSL certificate was autogenerated or not.
type: boolean
EnablePublicTLS:
default: true
description: >
Whether to enable TLS on the public interface or not.
type: boolean
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
EnableInternalTLS:
type: boolean
default: false
@ -318,6 +338,17 @@ resources:
conditions:
public_tls_enabled:
and:
- {get_param: EnablePublicTLS}
- or:
- not:
equals:
- {get_param: SSLCertificate}
- ""
- equals:
- {get_param: PublicSSLCertificateAutogenerated}
- true
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
@ -720,6 +751,11 @@ outputs:
project_name: admin
user_domain_name: Default
username: admin
cacert:
if:
- public_tls_enabled
- {get_param: InternalTLSCAFile}
- ''
identity_api_version: '3'
region_name: {get_param: KeystoneRegion}
- name: Manage Keystone resources