Handle the hardcoded configuration values
This patch allows to customize the hardcoded configuration values,
as well as introduce new multiline configuration options for keystone
service by configmap template:
keystone:
server:
configmap:
DEFAULT:
debug: true
rate_limit_except_level: debug
auth:
methods: 'external,password,token'
tokenless_auth:
trusted_issuer: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
keystone:
server:
configmap:
tokenless_auth:
trusted_issuer:
type: 'MultiOpt'
values:
value1: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
value2: 'O=Mirantis,L=Kharkiv,CN=Salt Master CA2,C=ua'
Change-Id: I9c932e76a4e29e8e294c56354687714251f4b3bc
Related-Prod: PROD-29040
diff --git a/README.rst b/README.rst
index a517681..957c72a 100644
--- a/README.rst
+++ b/README.rst
@@ -974,6 +974,40 @@
lock_password: True
.. code-block::
+Keystone configmap setup:
+---------------
+# Default type:
+.. code-block:: yaml
+
+ keystone:
+ server:
+ configmap:
+ DEFAULT:
+ debug: true
+ rate_limit_except_level: debug
+ auth:
+ methods: 'external,password,token'
+ tokenless_auth:
+ trusted_issuer: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
+
+.. code-block::
+
+
+# type: 'MultiOpt' for multiline values:
+.. code-block:: yaml
+
+ keystone:
+ server:
+ configmap:
+ tokenless_auth:
+ trusted_issuer:
+ type: 'MultiOpt'
+ values:
+ value1: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
+ value2: 'O=Mirantis,L=Kharkiv,CN=Salt Master CA2,C=ua'
+
+.. code-block::
+
Upgrades
========
diff --git a/keystone/files/ocata/keystone.conf.Debian b/keystone/files/ocata/keystone.conf.Debian
index 3b73a85..3b09dfc 100644
--- a/keystone/files/ocata/keystone.conf.Debian
+++ b/keystone/files/ocata/keystone.conf.Debian
@@ -3144,3 +3144,8 @@
{%- endfor %}
{%- endfor %}
{%- endif %}
+
+{%- if server.configmap is defined %}
+{%- set _data = server.configmap %}
+{%- include "oslo_templates/files/configmap/configmap.conf" %}
+{%- endif %}
diff --git a/keystone/files/pike/keystone.conf.Debian b/keystone/files/pike/keystone.conf.Debian
index d484c23..346471b 100644
--- a/keystone/files/pike/keystone.conf.Debian
+++ b/keystone/files/pike/keystone.conf.Debian
@@ -3162,3 +3162,8 @@
{%- endfor %}
{%- endfor %}
{%- endif %}
+
+{%- if server.configmap is defined %}
+{%- set _data = server.configmap %}
+{%- include "oslo_templates/files/configmap/configmap.conf" %}
+{%- endif %}
diff --git a/keystone/files/queens/keystone.conf.Debian b/keystone/files/queens/keystone.conf.Debian
index f872c2f..bcc4ce9 100644
--- a/keystone/files/queens/keystone.conf.Debian
+++ b/keystone/files/queens/keystone.conf.Debian
@@ -1877,3 +1877,8 @@
{%- set _data = server.profiler %}
{%- include "oslo_templates/files/queens/oslo/_osprofiler.conf" %}
{%- endif %}
+
+{%- if server.configmap is defined %}
+{%- set _data = server.configmap %}
+{%- include "oslo_templates/files/configmap/configmap.conf" %}
+{%- endif %}
diff --git a/keystone/files/rocky/keystone.conf.Debian b/keystone/files/rocky/keystone.conf.Debian
index b26138b..9b00199 100644
--- a/keystone/files/rocky/keystone.conf.Debian
+++ b/keystone/files/rocky/keystone.conf.Debian
@@ -1762,3 +1762,8 @@
# wire. WARNING: NOT INTENDED FOR USE IN PRODUCTION. THIS MIDDLEWARE CAN AND
# WILL EMIT SENSITIVE/PRIVILEGED DATA. (boolean value)
#debug_middleware = false
+
+{%- if server.configmap is defined %}
+{%- set _data = server.configmap %}
+{%- include "oslo_templates/files/configmap/configmap.conf" %}
+{%- endif %}
diff --git a/tests/pillar/cluster.sls b/tests/pillar/cluster.sls
index 11e0e7d..67a8d1e 100644
--- a/tests/pillar/cluster.sls
+++ b/tests/pillar/cluster.sls
@@ -77,3 +77,15 @@
extra_config:
federation:
cache_group_membership_in_db: true
+ configmap:
+ DEFAULT:
+ debug: true
+ rate_limit_except_level: debug
+ auth:
+ methods: 'external,password,token'
+ tokenless_auth:
+ trusted_issuer:
+ type: 'MultiOpt'
+ values:
+ value1: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
+ value2: 'O=Mirantis,L=Kharkiv,CN=Salt Master CA2,C=ua'