The interface parameter accepts only public, internal or admin. This
enforces this requirement using parameter type.
Change-Id: Iedbf8e2daf3f45232537c01df1c566641a231c79
When we configure federation changes in configuration
files that contain sensitive informatio ncan be leaked
into the output.
Change-Id: I797fc8101837fe344c056a032ba98e5fbc8a2bec
The parameter descriptions says the value should be a positive integer
(or 0). Validate the given value to reject invalid values such as
strings or even negative values.
Change-Id: I9c60cfe63697632fc816eec3aa2824578f0d3573
puppetlabs-apache provides a native interface to inject arbitrary
contents to vhost configuration files managed by the module.
Change-Id: Ia2489b5c79781a6335eea3ce2f6a19fd1c45b1c2
Keystone v3 API does not require that all the three endpoint types are
given and allows using only specific endpoint types(eg. only public, or
public and internal). This allows users to omit specific endpoint types
by setting endpoint url options to ''.
Change-Id: Ifef2070ad25cadf961466ca9f384965d03c08f81
The templated catalog driver has been deprecated in keystone, so we
should deprecate support for the driver options.
Change-Id: I5f3482397883e00d447eb08bed4c57821041826c
The oslo.cache 3.7.0 release introduced some options for redis backend
and redis sentinel backend. This introduces for these parameters.
Depneds-on: https://review.opendev.org/910629
Change-Id: Ie5e6e7b8dfa0753ccca1094f06a745fdb0acb5bc
The ssl parameters of the keystone class were already removed[1].
Also keystone defines its own defaults for certfile and keyfile so
these options are not actually required.
[1] b99810d6f9
Change-Id: I1adf1d04d575db8a1fbfdefc29700cf9ff27d254
This refactors resource dependencies to improve the following points.
- Avoid unnecessary dependencies across services. For example aodh
service does not require cinder db.
- Restart keystone on change in uwsgi only when a standalone service
is used. uwsgi config is not used when keystone is run by apache.
Change-Id: Ic4f43215ea90c6b71fe4225e2dfa6a6a3abf6869
Keystone v3 API no longer requires all the three endpoint types are
created and some deployments may use only public endpoints (or public
and internal endpoints).
This looses the validation to allow such deployment architecture.
Change-Id: I3873352dd3ea8556fbaa4ce3c558a912cc5f52e7
The option defaults to False, so we don't need the explicit default and
can replace it by os_service_default fact.
Change-Id: Iba52032d02c70258f79f0aae84a5b6059a0c1281
Some of the parameters are optional and required only when a specific
resource is created.
This also update the parameter types so that empty strings are rejected
properly.
Change-Id: I2010f079303eb40190908f4a8209ef6e87d1b915
This looses dependency using the new openstackclient tag, which
requires only packages actually related to openstack CLI.
Depends-on: https://review.opendev.org/899594
Change-Id: I803e353ed5f13a98ae264c28810d08ea9e6e985b
Keystone supports implied roles, and some of the default roles imply
different roles. (eg. admin implies manager)
This introduces a resource type to manage implied roles, and also
ensures the implied roles are created in bootstrap.
Depends-on: https://review.opendev.org/900138
Change-Id: I36ef3ddfcb2f60bdca8674ea8055b6f57a149512
... otherwise apache2 fails to start with the following error.
Invalid command 'AuthType', perhaps misspelled or defined by a module
not included in the server configuration
Change-Id: I2acf98008a39d44e394a9ac502549df7a07b4e8d
The oslo.policy library has implementations to detect change in policy
rules and reload the new rules without service restart.
Change-Id: I31089fd39ae4415d524f9db4b25e939d9b2e7533
These cleanups were added by [1] a while ago so we can assume the old
option has been purged during upgrade.
[1] 73f863e21c
Change-Id: I3b278c7969ca1764aeb4d0e0271d742ed3fea3b2