This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I3858399136f886841c14c2880918cb8e6ee86756
The authtoken parameters are not managed directly but managed by
the keystone::resource::authtoken class. Thus we should avoid testing
parameters directly otherwise any change in the resource type can
cause test failures.
Change-Id: I57471c563a4a72ada8f8611b94a8e2a1e7b2df3e
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I7cdb181057ad8a126fbbdd5d0862827a2ed28062
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: Idd23d6b6d3c2bd1d81d9387cacb4471599e56e88
Closes-Bug: 1778198
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: If6a8d4a55316103b8aad2e65796bfcafe807d231
Closes-Bug: #1804562
Closes-Bug: #1804720
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Ie7a5a791f7fafaf9bd60aea2e6bd84e5f9c3f68f
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
Keystone v2 api's are removed in [1], so it's required
to set user_domain_name and project_domain_name otherwise
all requests fallbacks to keystone v2.0 and fails.
[1] https://review.openstack.org/#/c/499783/
Change-Id: I820ffe3601733d7e7ea95f09ba0e3c1034a9d44a
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: I8924ac7b09add0dd81c5df698e9fa46072e8c573
Closes-Bug: #1717144
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.
Change-Id: I020f00b4de2535c72ee459af91058fb15c00daeb
The signing_dir is deprecated for removel because PKI token format
is no longer supported.
Change-Id: I7707c9e44b3d6ab63e10385f6549c30e2880daf4
Closes-Bug: #1652700
Authtoken will be configure by a new class
instead of api class.
Since ec2api does not have release we remove
parameters in api.pp
Change-Id: I5867e2e1d06a4ef2a1c4dcf3d19deb51c14c70a7
Related-Bug: #1604463