This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I3858399136f886841c14c2880918cb8e6ee86756
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I7cdb181057ad8a126fbbdd5d0862827a2ed28062
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.
Change-Id: I135a206ea8ef22e6761f85a67b8fa752c09cc5df
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: Idd23d6b6d3c2bd1d81d9387cacb4471599e56e88
Closes-Bug: 1778198
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: If6a8d4a55316103b8aad2e65796bfcafe807d231
Closes-Bug: #1804562
Closes-Bug: #1804720
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Ie7a5a791f7fafaf9bd60aea2e6bd84e5f9c3f68f
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
Keystone v2 api's are removed in [1], so it's required
to set user_domain_name and project_domain_name otherwise
all requests fallbacks to keystone v2.0 and fails.
[1] https://review.openstack.org/#/c/499783/
Change-Id: I820ffe3601733d7e7ea95f09ba0e3c1034a9d44a
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: I8924ac7b09add0dd81c5df698e9fa46072e8c573
Closes-Bug: #1717144
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.
Change-Id: I020f00b4de2535c72ee459af91058fb15c00daeb
The signing_dir is deprecated for removel because PKI token format
is no longer supported.
Change-Id: I7707c9e44b3d6ab63e10385f6549c30e2880daf4
Closes-Bug: #1652700
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain. This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.
Change-Id: Id42ab0d5ff332f169e2843a78c53694836d638fd
Authtoken will be configure by a new class
instead of api class.
Since ec2api does not have release we remove
parameters in api.pp
Change-Id: I5867e2e1d06a4ef2a1c4dcf3d19deb51c14c70a7
Related-Bug: #1604463