Merge "Define keystone token provider"

1 files changed, 12 insertions, 1 deletions

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 4ae90e97..d819e043 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
 
 description: >
   OpenStack Keystone service configured with Puppet
@@ -32,6 +32,12 @@ parameters:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
+  KeystoneTokenProvider:
+    description: The keystone token format
+    type: string
+    default: 'uuid'
+    constraints:
+      - allowed_values: ['uuid', 'fernet']
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -112,6 +118,9 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
+conditions:
+  keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
+
 outputs:
   role_data:
     description: Role data for the Keystone role.
@@ -138,6 +147,8 @@ outputs:
             keystone::roles::admin::password: {get_param: AdminPassword}
             keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
             keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+            keystone::token_provider: {get_param: KeystoneTokenProvider}
+            keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]}
             keystone::enable_proxy_headers_parsing: true
             keystone::enable_credential_setup: true
             keystone::credential_keys: