Keystone v3 API does not require that all the three endpoint types are
given and allows using only specific endpoint types(eg. only public, or
public and internal). This allows users to omit specific endpoint types
by setting endpoint url options to ''.
Change-Id: Ifef2070ad25cadf961466ca9f384965d03c08f81
The oslo.cache 3.7.0 release introduced some options for redis backend
and redis sentinel backend. This introduces for these parameters.
Depneds-on: https://review.opendev.org/910629
Change-Id: Ie5e6e7b8dfa0753ccca1094f06a745fdb0acb5bc
This refactors resource dependencies to improve the following points.
- Avoid unnecessary dependencies across services. For example aodh
service does not require cinder db.
- Restart keystone on change in uwsgi only when a standalone service
is used. uwsgi config is not used when keystone is run by apache.
Change-Id: Ic4f43215ea90c6b71fe4225e2dfa6a6a3abf6869
Keystone v3 API no longer requires all the three endpoint types are
created and some deployments may use only public endpoints (or public
and internal endpoints).
This looses the validation to allow such deployment architecture.
Change-Id: I3873352dd3ea8556fbaa4ce3c558a912cc5f52e7
This fixes how the id property is generated in case some endpoint types
do not exist, which is allowed in Keystone v3 API.
Closes-Bug: #1713814
Change-Id: I2bbc831a78595e2f7cf3fc5d7d601281665fcc05
The option defaults to False, so we don't need the explicit default and
can replace it by os_service_default fact.
Change-Id: Iba52032d02c70258f79f0aae84a5b6059a0c1281
Keystone supports implied roles, and some of the default roles imply
different roles. (eg. admin implies manager)
This introduces a resource type to manage implied roles, and also
ensures the implied roles are created in bootstrap.
Depends-on: https://review.opendev.org/900138
Change-Id: I36ef3ddfcb2f60bdca8674ea8055b6f57a149512
The openstack command can resolve project id or user id from name and
domain name/id given. We can use that feature instead of maintaining
our own logic.
Change-Id: I3d4fbb082cf228ef4a75c0761fb21fdebf664cf4
Recent update in rspec-puppet removed some of the config interfaces for
old puppet versions[1]. This drops usage of these interfaces to resolve
the following error in unit tests.
```
An error occurred while loading ./spec/unit/provider/manila_spec.rb.
Failure/Error: c.manifest_dir = File.join(fixture_path, 'manifests')
NoMethodError:
undefined method `manifest_dir='...
```
This also removes explicit setting of mock module. The definition is
no longer required since we bumped puppetlabs_spec_helper to v 5.0.0.
[1] 316d95923c
Change-Id: I2e0ef1f97ba69df80e255be6a7718fd7dafc7e71
This reverts commit e485f3956f.
Reason for revert:
This module does not use compile method in unit tests.
Change-Id: Icea1d0482a98fcc54c023b6eb7116ae4612617b4
These cleanups were added by [1] a while ago so we can assume the old
option has been purged during upgrade.
[1] 73f863e21c
Change-Id: I3b278c7969ca1764aeb4d0e0271d742ed3fea3b2
This fixes the ignored project_domain parameter, and also ensures
the user_domain parameter is used when creating a role assignment.
Closes-Bug: #2029035
Change-Id: I2a2d9c648fff1b940952700b492af6a09974ee5c
Creating endpoint without service type was deprecated multiple cycles
ago. This removes the logic to support that old usage.
Change-Id: Ifaebb3658254bb91130807153624480df78443aa
the validate_legacy function is marked for deprecation in
v9.0.0 from puppetlabs-stdlib.
This also adds validations about the parameters used for file resources
and ensures the given values are absolute paths.
Depends-on: https://review.opendev.org/885996
Change-Id: Ic49abcccffab5a3504e3a3060c0fac7a01bef69b
... because it was deprecated a few cycles ago[1].
This also removes the hard-coded default of [catalog] driver because
the value currently hard-coded is same as the service default.
[1] cd9f931c45
Change-Id: Ifeadb331d118e2c6e61048b6ace6d6b3d8afcf3e
The python-keystoneclient package removed CLI long ago so installing
the package is now useless. It provides only library implementations
and should be installed by package dependencies.
Change-Id: I46b09092847eeb821f97172e1a912ad8a1b8a2e3
Currently we assert raw resources but this is redundant because these
resources are created by the keystone class. We can assert the required
definition at the class interface layer.
Also creationg of domain config directory is duplicate and can be
handled in a single place.
Change-Id: I1c3c977dd4ac7439eec8e7278b857d606f1a25f3
The python3-pysaml2 package is required by the python3-keystone package
so we don't have to install it explicitly.
Change-Id: I1ed978e55774637abcddaec91f36c6b5d3c473eb
... so that we don't have to maintain the required logics to enable
the module in our modules.
Related-Bug: #2006924
Change-Id: Ia46deea226a58638e74eee0c0172f0c3c5fa62e7
The following two modules are required to use auth_openidc.
- authn_core
- authz_user
This ensures these modules are loaded.
Closes-Bug: #2006924
Change-Id: I13c36b10d80e9518d1d4af44c0b8a69fcfe911d3