Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Use KeystoneFernetKeys instead of individual parameters
[apex-tripleo-heat-templates.git] / puppet / services / keystone.yaml
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 58b2b7b..57e3286 100644 (file)
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -47,6 +47,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -55,6 +63,10 @@ parameters:
   Debug:
     type: string
     default: ''
+  KeystoneDebug:
+    default: ''
+    description: Set to True to enable debugging Keystone service.
+    type: string
   AdminEmail:
     default: 'admin@example.com'
     description: The email for the keystone admin account.
@@ -101,10 +113,15 @@ parameters:
     description: The second Keystone credential key. Must be a valid key.
   KeystoneFernetKey0:
     type: string
-    description: The first Keystone fernet key. Must be a valid key.
+    default: ''
+    description: (DEPRECATED) The first Keystone fernet key. Must be a valid key.
   KeystoneFernetKey1:
     type: string
-    description: The second Keystone fernet key. Must be a valid key.
+    default: ''
+    description: (DEPRECATED) The second Keystone fernet key. Must be a valid key.
+  KeystoneFernetKeys:
+    type: json
+    description: Mapping containing keystone's fernet keys and their paths.
   KeystoneLoggingSource:
     type: json
     default:
@@ -175,6 +192,17 @@ parameters:
     default: {}
     hidden: true
 
+parameter_groups:
+- label: deprecated
+  description: |
+   The following parameters are deprecated and will be removed. They should not
+   be relied on for new deployments. If you have concerns regarding deprecated
+   parameters, please contact the TripleO development team on IRC or the
+   OpenStack mailing list.
+  parameters:
+  - KeystoneFernetKey0
+  - KeystoneFernetKey1
+
 resources:
 
   ApacheServiceBase:
@@ -183,11 +211,14 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
 conditions:
   keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
   keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
+  service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']}
 
 outputs:
   role_data:
@@ -226,12 +257,13 @@ outputs:
                 content: {get_param: KeystoneCredential0}
               '/etc/keystone/credential-keys/1':
                 content: {get_param: KeystoneCredential1}
-            keystone::fernet_keys:
-              '/etc/keystone/fernet-keys/0':
-                content: {get_param: KeystoneFernetKey0}
-              '/etc/keystone/fernet-keys/1':
-                content: {get_param: KeystoneFernetKey1}
-            keystone::debug: {get_param: Debug}
+            keystone::fernet_keys: {get_param: KeystoneFernetKeys}
+            keystone::fernet_replace_keys: false
+            keystone::debug:
+              if:
+              - service_debug_unset
+              - {get_param: Debug }
+              - {get_param: KeystoneDebug }
             keystone::rabbit_userid: {get_param: RabbitUserName}
             keystone::rabbit_password: {get_param: RabbitPassword}
             keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}