summaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
authorAlex Schultz <aschultz@redhat.com>2016-11-14 14:51:18 -0700
committerAlex Schultz <aschultz@redhat.com>2016-11-14 17:04:39 -0700
commit59997c5e862f56c3ac4aa28471262165fefb51af (patch)
treed064190b04504f0bc848b7e1861082289201b8c6 /puppet/services
parentf7cf9d8fc13f5fd47e4115f5749a60f2452cd53d (diff)
Define keystone token provider
In order to eventually enable fernet tokens for keystone, we need to be specify the token provider. This change codifies the current default used by TripleO of uuid tokens and fernet token setup disabled. Change-Id: I7c03ed7b6495d0b9a57986458d020b3e3bf7224a Closes-Bug: #1641763
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/keystone.yaml13
1 files changed, 12 insertions, 1 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 4ae90e97..d819e043 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack Keystone service configured with Puppet
@@ -32,6 +32,12 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ KeystoneTokenProvider:
+ description: The keystone token format
+ type: string
+ default: 'uuid'
+ constraints:
+ - allowed_values: ['uuid', 'fernet']
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -112,6 +118,9 @@ resources:
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
+conditions:
+ keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
+
outputs:
role_data:
description: Role data for the Keystone role.
@@ -138,6 +147,8 @@ outputs:
keystone::roles::admin::password: {get_param: AdminPassword}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::token_provider: {get_param: KeystoneTokenProvider}
+ keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]}
keystone::enable_proxy_headers_parsing: true
keystone::enable_credential_setup: true
keystone::credential_keys: