# {{ ansible_managed }}

[DEFAULT]
# Disable stderr logging
use_stderr = False
debug = {{ debug }}
{% if keystone_public_endpoint is defined %}
public_endpoint = {{ keystone_public_endpoint }}
{% endif %}
admin_endpoint = {{ keystone_service_adminuri }}
fatal_deprecations = {{ keystone_fatal_deprecations }}
member_role_name = {{ keystone_default_role_name }}

{% if keystone_external_ssl | bool %}
secure_proxy_ssl_header = {{ keystone_secure_proxy_ssl_header }}
{% endif %}

log_file = keystone.log
log_dir = /var/log/keystone

## RabbitMQ RPC
{% if keystone_messaging_enabled | bool %}
transport_url = rabbit://{% for host in keystone_rabbitmq_servers.split(',') %}{{ keystone_rabbitmq_userid }}:{{ keystone_rabbitmq_password }}@{{ host }}:{{ keystone_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ keystone_rabbitmq_vhost }}{% endif %}{% endfor %}

[oslo_messaging_rabbit]
ssl = {{ keystone_rabbitmq_use_ssl }}
{% endif %}

{% if keystone_ceilometer_enabled %}
[oslo_messaging_notifications]
driver = messagingv2
transport_url = rabbit://{% for host in keystone_rabbitmq_telemetry_servers.split(',') %}{{ keystone_rabbitmq_telemetry_userid }}:{{ keystone_rabbitmq_telemetry_password }}@{{ host }}:{{ keystone_rabbitmq_telemetry_port }}{% if not loop.last %},{% else %}/{{ keystone_rabbitmq_telemetry_vhost }}{% endif %}{% endfor %}
{% endif %}

{% if 'memcache' in keystone_token_driver and 'fernet' not in keystone_token_provider %}
[memcache]
servers = {{ keystone_memcached_servers }}
max_compare_and_set_retry = {{ keystone_memcached_max_compare_and_set_retry }}
{% endif %}

{% if keystone_cache_backend_argument is defined %}
[cache]
backend = dogpile.cache.memcached
backend_argument = {{ keystone_cache_backend_argument }}
config_prefix = cache.keystone
distributed_lock = True
enabled = true
{% endif %}


[revoke]
caching = true
driver = {{ keystone_revocation_driver }}
expiration_buffer = {{ keystone_revocation_expiration_buffer }}
cache_time = {{ keystone_revocation_cache_time }}


[auth]
{% if keystone_sp != {} %}
methods = {{ keystone_auth_methods }},saml2
saml2 = keystone.auth.plugins.mapped.Mapped
{% else %}
methods = {{ keystone_auth_methods }}
{% endif %}


{% if keystone_database_enabled | bool %}
[database]
connection = {{ keystone_database_connection_string }}
idle_timeout = {{ keystone_database_idle_timeout }}
min_pool_size = {{ keystone_database_min_pool_size }}
max_pool_size = {{ keystone_database_max_pool_size }}
pool_timeout = {{ keystone_database_pool_timeout }}
{% endif %}

{% if 'fernet' in keystone_token_provider %}
[fernet_tokens]
key_repository = {{ keystone_fernet_tokens_key_repository }}
max_active_keys = {{ keystone_fernet_tokens_max_active_keys }}
{% endif %}


[identity]
{% if keystone_ldap.Default is not defined %}
driver = sql
{% endif %}
{% if keystone_ldap | length > 0 %}
domain_config_dir = {{ keystone_ldap_domain_config_dir }}
domain_specific_drivers_enabled = True
{% endif %}


[assignment]
driver = {{ keystone_assignment_driver }}


[resource]
cache_time = {{ keystone_resource_cache_time }}
caching = true
driver = {{ keystone_resource_driver }}


[token]
enforce_token_bind = permissive
expiration = {{ keystone_token_expiration }}
caching = true
cache_time = {{ keystone_token_cache_time }}
provider = {{ keystone_token_provider }}
{% if 'fernet' not in keystone_token_provider %}
driver = {{ keystone_token_driver }}
{% endif %}

{% if keystone_idp != {} %}
[saml]
certfile = "{{ keystone_idp.certfile }}"
keyfile = "{{ keystone_idp.keyfile }}"
idp_entity_id = "{{ keystone_idp.idp_entity_id }}"
idp_sso_endpoint = "{{ keystone_idp.idp_sso_endpoint }}"
idp_metadata_path = "{{ keystone_idp.idp_metadata_path }}"
{% if keystone_idp.organization_name is defined %}
idp_organization_name = {{ keystone_idp.organization_name }}
{% endif %}
{% if keystone_idp.organization_display_name is defined %}
idp_organization_display_name = {{ keystone_idp.organization_display_name }}
{% endif %}
{% if keystone_idp.organization_url is defined %}
idp_organization_url = {{ keystone_idp.organization_url }}
{% endif %}
{% if keystone_idp.contact_company is defined %}
idp_contact_company = {{ keystone_idp.contact_company }}
{% endif %}
{% if keystone_idp.contact_name is defined %}
idp_contact_name = {{ keystone_idp.contact_name }}
{% endif %}
{% if keystone_idp.contact_surname is defined %}
idp_contact_surname = {{ keystone_idp.contact_surname }}
{% endif %}
{% if keystone_idp.contact_email is defined %}
idp_contact_email = {{ keystone_idp.contact_email }}
{% endif %}
{% if keystone_idp.contact_telephone is defined %}
idp_contact_telephone = {{ keystone_idp.contact_telephone }}
{% endif %}
{% if keystone_idp.contact_type is defined %}
idp_contact_type = {{ keystone_idp.contact_type }}
{% endif %}
{% endif %}

[eventlet_server]
admin_bind_host = {{ keystone_bind_address }}
admin_port = {{ keystone_admin_port }}
public_port = {{ keystone_service_port }}

[credential]
key_repository = {{ keystone_credential_key_repository }}

{% if keystone_sp != {} %}
[federation]
remote_id_attribute = Shib-Identity-Provider
{% if keystone_sp.trusted_dashboard_list is defined %}
{% for item in keystone_sp.trusted_dashboard_list %}
trusted_dashboard = {{ item }}
{% endfor %}
{% endif %}
{% endif %}