environments:
  -
    name: enable-federation-openidc
    title: Enable keystone federation with OpenID Connect
    files:
      puppet/services/keystone.yaml:
        parameters:
          - KeystoneFederationEnable
          - KeystoneAuthMethods
          - KeystoneTrustedDashboards
          - KeystoneOpenIdcEnable
          - KeystoneOpenIdcIdpName
          - KeystoneOpenIdcProviderMetadataUrl
          - KeystoneOpenIdcClientId
          - KeystoneOpenIdcClientSecret
          - KeystoneOpenIdcCryptoPassphrase
          - KeystoneOpenIdcResponseType
          - KeystoneOpenIdcRemoteIdAttribute
    sample_values:
      KeystoneFederationEnable: True
      KeystoneOpenIdcEnable: True
      KeystoneAuthMethods: 'password,token,openid'
      KeystoneTrustedDashboards: 'https://dashboard.example.test'
      KeystoneOpenIdcIdpName: 'myidp'
      KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/metadata'
      KeystoneOpenIdcClientId: 'myclientid'
      KeystoneOpenIdcClientSecret: 'myclientsecret'
    static:
      - KeystoneFederationEnable
      - KeystoneOpenIdcEnable
    description: |
      This is an example template on how to configure keystone federation for
      the OpenID Connect protocol.  You must modify the parameters to use
      values appropriate for your identity provider.