Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 73656aa)
Remove keystone PKI related parameters
authorSteven Hardy <shardy@redhat.com>
Wed, 3 Aug 2016 12:39:39 +0000 (13:39 +0100)
committerSteven Hardy <shardy@redhat.com>
Fri, 5 Aug 2016 15:40:58 +0000 (16:40 +0100)
These interfaces have all been deprecated by keystone, and we don't
offer any parameter interface to select PKI token format anyway,
so remove these to align with keystone reccomendations.

The keystone.conf.sample says these values may be silently ignored or
removed, so it seems reasonable to do the same here (parameter_defaults
should be ignored from old stacks).

Change-Id: Ic88d584863a98ed49fc335825fbfba7a52b0f14e
Depends-On: I8232262b928c91dcde7bea2f23fa2a7c2660719e

puppet/services/keystone.yaml patch | blob | history

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index abc738d..d45ed86 100644 (file)
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -4,24 +4,11 @@ description: >
   OpenStack Keystone service configured with Puppet
 
 parameters:
-  KeystoneCACertificate:
-    default: ''
-    description: Keystone self-signed certificate authority certificate.
-    type: string
   KeystoneEnableDBPurge:
     default: true
     description: |
         Whether to create cron job for purging soft deleted rows in Keystone database.
     type: boolean
-  KeystoneSigningCertificate:
-    default: ''
-    description: Keystone certificate for verifying token validity.
-    type: string
-  KeystoneSigningKey:
-    default: ''
-    description: Keystone key for signing tokens.
-    type: string
-    hidden: true
   KeystoneSSLCertificate:
     default: ''
     description: Keystone certificate for verifying token validity.
@@ -105,9 +92,6 @@ outputs:
               - '/keystone'
         keystone::admin_token: {get_param: AdminToken}
         keystone::roles::admin::password: {get_param: AdminPassword}
-        keystone_ca_certificate: {get_param: KeystoneCACertificate}
-        keystone_signing_key: {get_param: KeystoneSigningKey}
-        keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
         keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
         keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
         keystone::enable_proxy_headers_parsing: true