diff options
author | Alex Schultz <aschultz@redhat.com> | 2016-11-14 14:51:18 -0700 |
---|---|---|
committer | Alex Schultz <aschultz@redhat.com> | 2016-11-14 17:04:39 -0700 |
commit | 59997c5e862f56c3ac4aa28471262165fefb51af (patch) | |
tree | d064190b04504f0bc848b7e1861082289201b8c6 /puppet/services | |
parent | f7cf9d8fc13f5fd47e4115f5749a60f2452cd53d (diff) |
Define keystone token provider
In order to eventually enable fernet tokens for keystone, we need to be
specify the token provider. This change codifies the current default
used by TripleO of uuid tokens and fernet token setup disabled.
Change-Id: I7c03ed7b6495d0b9a57986458d020b3e3bf7224a
Closes-Bug: #1641763
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/keystone.yaml | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 4ae90e97..d819e043 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Keystone service configured with Puppet @@ -32,6 +32,12 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + KeystoneTokenProvider: + description: The keystone token format + type: string + default: 'uuid' + constraints: + - allowed_values: ['uuid', 'fernet'] ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -112,6 +118,9 @@ resources: EndpointMap: {get_param: EndpointMap} EnableInternalTLS: {get_param: EnableInternalTLS} +conditions: + keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} + outputs: role_data: description: Role data for the Keystone role. @@ -138,6 +147,8 @@ outputs: keystone::roles::admin::password: {get_param: AdminPassword} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::token_provider: {get_param: KeystoneTokenProvider} + keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]} keystone::enable_proxy_headers_parsing: true keystone::enable_credential_setup: true keystone::credential_keys: |