settingsLogin | Registersettings

[Openstack-operators] [puppet] keystone.conf and 'federation/trusted_dashboard' (multi valued)

0 votes

Hi,

I am using https://github.com/openstack/puppet-keystone (stable/newton
branch) and we would like to implement a design that uses federation openid.

As part of this design I need to add these lines to the keystone.conf file:

[federation]
...
trusteddashboard = https://example.com/auth/websso
trusted
dashboard = https://example.com/dashboard/auth/websso/

I have attempted to use this yaml in my hiera data ...

keystone::config::keystoneconfig:
...
'federation/trusted
dashboard':
value: "https://example.com/auth/websso"
'federation/trusted_dashboard':
value: "https://example.com/dashboard/auth/websso/"

... and some other various, but the resulting keystone.conf only gets the
second federation/trusted_dashboard setting:

keystone::config::keystoneconfig:
...
'federation/trusted
dashboard':
value: "https://example.com/dashboard/auth/websso/"

If you could tell what I am doing wrong I'd appreciate it, but I suspect
that the puppet-keystone module does not
support 'federation/trusted_dashboard' (multi valued).

Thank you.


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
asked Nov 10, 2017 in openstack-operators by Russell_Cecala (560 points)   1

1 Response

0 votes

On Fri, Nov 10, 2017 at 12:45 PM, Red Cricket
red.cricket.blog@gmail.com wrote:
Hi,

I am using https://github.com/openstack/puppet-keystone (stable/newton
branch) and we would like to implement a design that uses federation openid.

As part of this design I need to add these lines to the keystone.conf file:

[federation]
...
trusteddashboard = https://example.com/auth/websso
trusted
dashboard = https://example.com/dashboard/auth/websso/

I have attempted to use this yaml in my hiera data ...

keystone::config::keystoneconfig:
...
'federation/trusted
dashboard':
value: "https://example.com/auth/websso"
'federation/trusted_dashboard':
value: "https://example.com/dashboard/auth/websso/"

... and some other various, but the resulting keystone.conf only gets the
second federation/trusted_dashboard setting:

keystone::config::keystoneconfig:
...
'federation/trusted
dashboard':
value: "https://example.com/dashboard/auth/websso/"

If you could tell what I am doing wrong I'd appreciate it, but I suspect
that the puppet-keystone module does not support
'federation/trusted_dashboard' (multi valued).

It appears from our other implementations that it can be a comma
seperated value.

https://github.com/openstack/puppet-keystone/blob/41f12aa800d46f914869618bd7afd6ccc4a4fa98/manifests/federation/mellon.pp#L114

So you may just try

 'federation/trusted_dashboard':
     value:

"https://example.com/auth/websso,https://example.com/dashboard/auth/websso/"

Thanks,
-Alex

Thank you.


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Nov 10, 2017 by aschultz_at_redhat.c (5,800 points)   2 2 4
...