* Update puppet-keystone from branch 'master'
to 406344794141a09240e4d579cf0b5fb9f582bf23
- Update master for stable/2024.1
Add file to the reno documentation build to show release notes for
stable/2024.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.
Sem-Ver: feature
Change-Id: I210280e91ebc719ed735cd55852b298de62c3a27
* Update puppet-keystone from branch 'master'
to 464759eb6b57b9f4b252722b1f6aeafdf116a7f0
- Merge "boostrap: Validate interface"
- boostrap: Validate interface
The interface parameter accepts only public, internal or admin. This
enforces this requirement using parameter type.
Change-Id: Iedbf8e2daf3f45232537c01df1c566641a231c79
* Update puppet-keystone from branch 'master'
to 8d91262b57b405cb84072cfa9b127e1b8bd07779
- Merge "Bump upper version of puppetlabs-apache"
- Bump upper version of puppetlabs-apache
Currently 12.1.0 is used in CI and is proven to work.
Change-Id: Ibb41df39c6459555c2fdc37836d2cf95a09041f7
* Update puppet-keystone from branch 'master'
to 39f908f43e062c344dcd036f9509e4a86d1c2929
- Merge "reno: Update master for unmaintained/xena"
- reno: Update master for unmaintained/xena
Update the xena release notes configuration to build from
unmaintained/xena.
Change-Id: If3d868cb280075085a753527c61fedff95d75476
* Update puppet-keystone from branch 'master'
to 32e247057a0b79fb0a42745dade8f80c49b15718
- reno: Update master for unmaintained/wallaby
Update the wallaby release notes configuration to build from
unmaintained/wallaby.
Change-Id: I8f88c1df8422b6b271227e146e3aba97af566cce
* Update puppet-keystone from branch 'master'
to cc26f22ff1aa61c476a4431b953ffdc319b97b5f
- Merge "Deprecate support for [DEFAULT] catalog_template_file"
- Deprecate support for [DEFAULT] catalog_template_file
The templated catalog driver has been deprecated in keystone, so we
should deprecate support for the driver options.
Change-Id: I5f3482397883e00d447eb08bed4c57821041826c
* Update puppet-keystone from branch 'master'
to de567154f60c36f8c6e336a7345e027faaad9d7b
- Set show_diff to false when configuring Federation
When we configure federation changes in configuration
files that contain sensitive informatio ncan be leaked
into the output.
Change-Id: I797fc8101837fe344c056a032ba98e5fbc8a2bec
* Update puppet-keystone from branch 'master'
to f233ad924047e62043b94b90968511038208f5f3
- validate maxdelay for cron job
The parameter descriptions says the value should be a positive integer
(or 0). Validate the given value to reject invalid values such as
strings or even negative values.
Change-Id: I9c60cfe63697632fc816eec3aa2824578f0d3573
* Update puppet-keystone from branch 'master'
to 878084090756bca423b990c847726f2d6abb259b
- Use native interface to inject vhost configuration
puppetlabs-apache provides a native interface to inject arbitrary
contents to vhost configuration files managed by the module.
Change-Id: Ia2489b5c79781a6335eea3ce2f6a19fd1c45b1c2
* Update puppet-keystone from branch 'master'
to aacacdc154c2bd8c265a0eaa5c3af54ebafa71a2
- Merge "Allow omitting admin/internal endpoint"
- Allow omitting admin/internal endpoint
Keystone v3 API does not require that all the three endpoint types are
given and allows using only specific endpoint types(eg. only public, or
public and internal). This allows users to omit specific endpoint types
by setting endpoint url options to ''.
Change-Id: Ifef2070ad25cadf961466ca9f384965d03c08f81
* Update puppet-keystone from branch 'master'
to 5e79239531eb6b11756dd188887021c8fe81531f
- Deprecate amqp messaging driver support
... because the driver has been deprecated in oslo.messaging.
Change-Id: I5c55a06b39118156db845c4ee6d415cb4d695ea0
* Update puppet-keystone from branch 'master'
to 50b5260cc67135b95093be1d4e073584675a1aa2
- Merge "openidc: Support more redis cache options"
- openidc: Support more redis cache options
Change-Id: I70cc5c2d0ecf10b4aa4e07e4af91609d1ad7cee3
* Update puppet-keystone from branch 'master'
to fc0d8d4afb18de6728f8a88251c2a1a46b76354f
- Merge "Fix broken rendering of OIDC Options"
- Fix broken rendering of OIDC Options
... and also fix a typo in redis password option.
Closes-Bug: #2054308
Change-Id: I41d3efd265305e80c453e7f042797881319c5047
* Update puppet-keystone from branch 'master'
to c3eed5f9c7c99e3768551fe17ae21a46bbd2847c
- Merge "identity provider: Drop reference to removed parameters"
- identity provider: Drop reference to removed parameters
The ssl parameters of the keystone class were already removed[1].
Also keystone defines its own defaults for certfile and keyfile so
these options are not actually required.
[1] b99810d6f9844d6cf5eac966672164c1db5bac6f
Change-Id: I1adf1d04d575db8a1fbfdefc29700cf9ff27d254
* Update puppet-keystone from branch 'master'
to 3e8788c94e212e80d7b55fa26d5a0bd89b45dba4
- cache: Support new redis options
The oslo.cache 3.7.0 release introduced some options for redis backend
and redis sentinel backend. This introduces for these parameters.
Depneds-on: https://review.opendev.org/910629
Change-Id: Ie5e6e7b8dfa0753ccca1094f06a745fdb0acb5bc
* Update puppet-keystone from branch 'master'
to 26d0bf2218c840a210492b0981b21e5f5f711df5
- Merge "Refactor resource dependencies"
- Refactor resource dependencies
This refactors resource dependencies to improve the following points.
- Avoid unnecessary dependencies across services. For example aodh
service does not require cinder db.
- Restart keystone on change in uwsgi only when a standalone service
is used. uwsgi config is not used when keystone is run by apache.
Change-Id: Ic4f43215ea90c6b71fe4225e2dfa6a6a3abf6869
* Update puppet-keystone from branch 'master'
to 63696be457865e915eb61aa93fa503fc43da5823
- cache: Make parameter description order consistent
... with parameter definition order.
Change-Id: I06b4b87f494be8b945fc866129c7607c7333c622
* Update puppet-keystone from branch 'master'
to bd78b278226594cc03ec45e11ac704130d97edc0
- Merge "cache: Support options for SASL mechanism in memcached"
- cache: Support options for SASL mechanism in memcached
Depends-on: https://review.opendev.org/910122
Change-Id: Icdee612d5680ff4f0c1f04d236809a423e2817c2
* Update puppet-keystone from branch 'master'
to e15a1698655251ba8569c742325ff2c31e05f348
- Fix wrong OIDCRedirectURI
The redirect path should not contain /auth/ to be consistent with
the protected endpoint url.
Change-Id: Ia72cff99d28eeb84a0ee273a0fe08ca06bb7a8c4
* Update puppet-keystone from branch 'master'
to ea0074dc78d76021b7d6807338b5d0907472e845
- Merge "service_identity: Allow omitting internal/admin endpoints"
- service_identity: Allow omitting internal/admin endpoints
Keystone v3 API no longer requires all the three endpoint types are
created and some deployments may use only public endpoints (or public
and internal endpoints).
This looses the validation to allow such deployment architecture.
Change-Id: I3873352dd3ea8556fbaa4ce3c558a912cc5f52e7
* Update puppet-keystone from branch 'master'
to f83e6bc6d28a7bb99bdad6afa858cacde1f15ed8
- Merge "keystone_endpoint: Fix id generate with only partial types"
- keystone_endpoint: Fix id generate with only partial types
This fixes how the id property is generated in case some endpoint types
do not exist, which is allowed in Keystone v3 API.
Closes-Bug: #1713814
Change-Id: I2bbc831a78595e2f7cf3fc5d7d601281665fcc05
* Update puppet-keystone from branch 'master'
to cdef36e88fe1078fb8f0fc4851f0dde1cfbe660d
- reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.
Change-Id: Ie7f99b4fb5a05d19a58adf11bda29a50bd45f008
* Update puppet-keystone from branch 'master'
to 9fa166a3cc0f3a0fe39688b792a5d77ab3d618fa
- Merge "Drop redundant default of send_service_user_token"
- Drop redundant default of send_service_user_token
The option defaults to False, so we don't need the explicit default and
can replace it by os_service_default fact.
Change-Id: Iba52032d02c70258f79f0aae84a5b6059a0c1281
* Update puppet-keystone from branch 'master'
to 6c202267c50ad0a8dd14ebf51af1fdeff93ca9c7
- Merge "service_identity: Fix parameter descriptions"
- service_identity: Fix parameter descriptions
Some of the parameters are optional and required only when a specific
resource is created.
This also update the parameter types so that empty strings are rejected
properly.
Change-Id: I2010f079303eb40190908f4a8209ef6e87d1b915
* Update puppet-keystone from branch 'master'
to b634ad3eeade762e2e1bb2b8441c179efdb2faaf
- Debian: Allow keystone without httpd
Debian provides the keystone service using uwsgi, which does not
require httpd.
Change-Id: I7897f4681b95cd047fa5f6d20a9a78c9a5879783
* Update puppet-keystone from branch 'master'
to 0d26abb8d5b9776c8ce3c66ceb6d579c0bff7b37
- Use new openstackclient tag
This looses dependency using the new openstackclient tag, which
requires only packages actually related to openstack CLI.
Depends-on: https://review.opendev.org/899594
Change-Id: I803e353ed5f13a98ae264c28810d08ea9e6e985b
* Update puppet-keystone from branch 'master'
to b712889f213a691ac411bbb5d99f42dc5fcb095f
- Bump supported Debian version to 12 (Bookworm)
Debian 12 was released in June 2023. Recent versions of OpenStack
(actually, 2023.1 and later) no longer support Debian 11.
Change-Id: I625e304ffc245ee128ec7f4c7d79fa048e06e722
* Update puppet-keystone from branch 'master'
to cf8187e85c54d54580776674f90be9c8cf902f74
- Merge "Drop unused import of initfile"
- Drop unused import of initfile
The base Keystone provider no longer uses inifile so that import is
not required.
Change-Id: I2043f4a45ef36757765b7d2b4d3ea523238891df
* Update puppet-keystone from branch 'master'
to 63e48863a6add9a336ad2534d972b7c69afc3f5e
- Merge "Stop calling 'reset' function in test cleanup"
- Stop calling 'reset' function in test cleanup
... because the function is not implemented.
Change-Id: Ia0a7b4fd9bad43b45f329f40d3c5cdb969f86f61
* Update puppet-keystone from branch 'master'
to 9836fa69f0238164d5bbaf3e0524d4d976ae99e6
- Merge "Add resource to manage implied roles"
- Add resource to manage implied roles
Keystone supports implied roles, and some of the default roles imply
different roles. (eg. admin implies manager)
This introduces a resource type to manage implied roles, and also
ensures the implied roles are created in bootstrap.
Depends-on: https://review.opendev.org/900138
Change-Id: I36ef3ddfcb2f60bdca8674ea8055b6f57a149512
* Update puppet-keystone from branch 'master'
to d5eea335f8a1ede1c8961227f35c7d9e372d4415
- Merge "Remove logic for Puppet < 4"
- Remove logic for Puppet < 4
Puppet < 4 support was removed long ago.
Change-Id: I88d6aa585a3ade80024318701d5e3783f4820e48
* Update puppet-keystone from branch 'master'
to b323211156b7ead206a714c1c62f647f8b238289
- Merge "keystone_user_role: Remove unused name property"
- keystone_user_role: Remove unused name property
This property has never been set.
Change-Id: I03b4ecff21801f298dcd9f5775106de2e7c9e221
* Update puppet-keystone from branch 'master'
to f20b46e100596e587502a879397af9e68fc919a2
- Merge "Debian: Fix missing authn_core when using shibboleth"
- Debian: Fix missing authn_core when using shibboleth
... otherwise apache2 fails to start with the following error.
Invalid command 'AuthType', perhaps misspelled or defined by a module
not included in the server configuration
Change-Id: I2acf98008a39d44e394a9ac502549df7a07b4e8d
* Update puppet-keystone from branch 'master'
to dcb4c8014823e0cc3653c59eb15f31ecabb6bbc0
- Merge "keystone_user: Fill domain in property hash"
- keystone_user: Fill domain in property hash
The domain attribute is not part of the api response and we have to
fill it additionally.
Change-Id: I195078f83b3f3e4a86cb55210646be9924aa8445
* Update puppet-keystone from branch 'master'
to 80a1953d7d7780c0ec1f6650401ca41e6d504f49
- Use openstack cli to resolve project/user id
The openstack command can resolve project id or user id from name and
domain name/id given. We can use that feature instead of maintaining
our own logic.
Change-Id: I3d4fbb082cf228ef4a75c0761fb21fdebf664cf4
* Update puppet-keystone from branch 'master'
to df9ce566c6a9f8f7390faea9f72ba56eaf613142
- Merge "Bump upper version of puppetlabs-apache"
- Bump upper version of puppetlabs-apache
... because now we are using v11.x.x in CI.
Change-Id: Iffe662643c25aa4ffd11c5f7fe7762c123dc5de7
* Update puppet-keystone from branch 'master'
to 58f5d04f0822c460bb1ff3d01f9ec12cf53f2ee8
- Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: Icdf9527b60d35e72602fa982a3ed236ba7f1bea0
* Update puppet-keystone from branch 'master'
to 1e03ec19f89e5b579fc087a96259d0f1b0cb2d11
- Remove usage of deleted manifest_dir
Recent update in rspec-puppet removed some of the config interfaces for
old puppet versions[1]. This drops usage of these interfaces to resolve
the following error in unit tests.
```
An error occurred while loading ./spec/unit/provider/manila_spec.rb.
Failure/Error: c.manifest_dir = File.join(fixture_path, 'manifests')
NoMethodError:
undefined method `manifest_dir='...
```
This also removes explicit setting of mock module. The definition is
no longer required since we bumped puppetlabs_spec_helper to v 5.0.0.
[1] 316d95923c
Change-Id: I2e0ef1f97ba69df80e255be6a7718fd7dafc7e71
* Update puppet-keystone from branch 'master'
to f394045b5be8db41abd0b8bf867e2b174e2dffb7
- Bump upper version of stdlib
... because we are currently using v9.0.0 in CI. Lower version may be
bumped after 2023.2 release.
Change-Id: I9b6ea66c369a34b1a871c000b9d41423e4807dfd
* Update puppet-keystone from branch 'master'
to 7f4b153200c964a0dc81672d6390bf7a6ae263e8
- Revert "spec: Enable webmock connect to IPv4 link-local"
This reverts commit e485f3956f221f2a9db07b7fd851ef06f259a959.
Reason for revert:
This module does not use compile method in unit tests.
Change-Id: Icea1d0482a98fcc54c023b6eb7116ae4612617b4
* Update puppet-keystone from branch 'master'
to d53422469fea0f5549c05cc0f8b439f70efb75bb
- Merge "RabbitMQ: Add support for quorum queue options"
- RabbitMQ: Add support for quorum queue options
Depends-on: https://review.opendev.org/894866
Change-Id: Ia52ed95999a66efdf3eaa0f645d93595392426ac
* Update puppet-keystone from branch 'master'
to d607ed74c59f6e1177a3b7bc75840ba77a5d41f6
- Do not restart services after policy file changes
The oslo.policy library has implementations to detect change in policy
rules and reload the new rules without service restart.
Change-Id: I31089fd39ae4415d524f9db4b25e939d9b2e7533