This patch adds two actions:
1. An action to list the service usernames that can be rotated.
2. An action to rotate a service username that is on the list of
usernames that can be rotated.
Change-Id: I3a8a6af7ec8b0ea32da04eff34fafd32f43cee0e
func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1005
The security compliance and token support sections
have recently been moved into the CDG.
Minor improvements.
Change-Id: Iee1f6acde01ef3e94f2d96df6eb419df917d08c7
This feature adds a "password-security-compliance" option to the
charm to enable setting of keys in the "[security_compliance]" section
of the keystone.conf file. This section was added in the Newton
release, and so this feature supports this from the Newton release.
It also protects the service accounts from two of the PCI-DSS options
but setting the user options 'ignore_password_expiry' and
'ignore_change_password_upon_first_use' to True to prevent the cloud
from being broken.
Change-Id: If7c54fae73188284bd9b03a53626cdf52158b994
Closes-Bug: #1776688
The appendix in the deploy-guide has recently been
refreshed. This is the fifth of the nine charms that
support overrides to receive a streamlining in order
to cut down on duplication.
Some driveby formatting improvements.
Added a Bugs section.
Change-Id: I842c0f162c709546f41148983060af1c5f767a36
Remove 2 extra lines, and capitilsation of Juju, so the doc is
consitent. 2 empty directories either have .keep or .gitkeep
change .keep to .gitkeep to be consistent
Change-Id: Ib965a7e2a7afcd36423dadf548d33a8efbfaf6fe
This patchset implements policy overrides for keystone. It uses the
code in charmhelpers.
Closed-Bug: #1741723
Change-Id: I187f4493392178d87ef7dbd67de841bbeae0c65d
The README was overall clean and clear, however there were some
areas of improvement, as well as some typos which could lead to
confusion. Most are trivial changes.
- Terminate sentence with period to match rest of list
- Add commas to introductory phrases to match rest of readme
- Change duplicate 'os-internal-hostname' to 'os-admin-hostname'
- Change 'https' to 'HTTPS' to match header of section
- Fix typo 'they secondary' to 'the secondary'
- Remove comma from 'unit, and must' as is not a compound sentence
- Change 'Note' to 'NOTE' to match rest of readme
- Capitalized first word in NOTE section to match rest of readme
Change-Id: I38483df4340849cd268c74183b44eaf6bc02b238
The repo is called charm-keystone, not keystone-charm. While it is
obvious what charm is in question, the README might look a bit better
with more consistent self-references.
Change-Id: I87ace22cf7d4c598b25fcf2beda7033e8f168789
All other occurances of "backend/back-end/back end" are of the form
"backend"; this is the only instance of "back end". While the meaning
is clear regardless of this change, suggesting this change for
consistency.
Change-Id: I133413d66e9373f851cbc6c33ee65341be909594
Remove configuration options which no longer have effect
(the supporting code has been removed).
Update and fix formatting of `README.md`.
Remove templates for no longer supported OpenStack releases.
Change-Id: Ibbda87738d98f6ad97da212ad1b56be88b33e9a3
The README documentation implies that use-https and
https-service-endpoints are required when enabling SSL/https
with your own CA, SSL cert, and key. Update the README and
config.yaml to explain that config options use-https and
https-service-endpoints should not be set when using ssl_*
config options.
Change-Id: I2e0140f909ef2c57182895f37cf191b6bc80157b
Closes-Bug: #1754682
ssl_ca is not necessary when ssl_cert is signed by
a trusted CA, such as GeoTrust, because a trusted
cert chain is in the system already. Users can just
provide ssl_cert and ssl_key to enable SSL endpoint
in that case.
Closes-Bug: #1711354
Change-Id: I4a34df1a2c2bf5705e02b713d968a22f4bbf57cf
Implement DNS high availability. Pass the correct information to
hacluster to register a DNS entry with MAAS 2.0 or greater rather
than using a virtual IP.
Charm-helpers sync to bring in DNS HA helpers
Change-Id: I62bb49fbaebdd3c787f96f4b6ad107f8e3e368a7
openstack-origin-git currently only supports YAML that specifies
the git repositories to deploy from.
This adds support for default openstack-origin-git values. The
default values supported are: icehouse, kilo, liberty, mitaka,
and master. For example: openstack-origin-git=master.
Change-Id: I03839dc0abfb7465578cbb4eedfdab5043d053e6
Charms use this relation to obtain keystone credentials without
creating a service catalog entry. Set 'username' only on the relation
and keystone will set defaults and return authentication details.
Possible relation settings:
username: Username to be created.
project: Project (tenant) name to be created. Defaults to services
project.
requested_roles: Comma delimited list of roles to be created
requested_grants: Comma delimited list of roles to be granted.
Defaults to Admin role.
domain: Keystone v3 domain the user will be created in.
Defaults to the Default domain.
Change-Id: I465d2273560d86752d1bfc7497a9139a9604f814
To ensure that the charm presents the right IP address for
accessing the MySQL database over the shared-db relation,
ensure that any network space binding provided by the user
is preferred over the default of 'private-address'.
If network spaces is not supported (juju < 2.0), fallback to
using 'private-address'.
Change-Id: Ic2ed5d2cb88084c8eab33326bc16eb700ae9a35f
Juju 2.0 provides support for network spaces, allowing
charm authors to support direct binding of relations and
extra-bindings onto underlying network spaces.
Resync charm-helpers to pickup support in API endpoint
resolution code and add API extra-bindings to the charm
metadata.
Change-Id: I802eeb236930a3f2f2dbb0c9260f407adcd1d5bd