Handle the hardcoded configuration values
This patch allows to customize the hardcoded configuration values,
as well as introduce new multiline configuration options for keystone
service by configmap template:
keystone:
server:
configmap:
DEFAULT:
debug: true
rate_limit_except_level: debug
auth:
methods: 'external,password,token'
tokenless_auth:
trusted_issuer: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
keystone:
server:
configmap:
tokenless_auth:
trusted_issuer:
type: 'MultiOpt'
values:
value1: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
value2: 'O=Mirantis,L=Kharkiv,CN=Salt Master CA2,C=ua'
Change-Id: I9c932e76a4e29e8e294c56354687714251f4b3bc
Related-Prod: PROD-29040
(cherry picked from commit ad0ffc5e3d56890c5a9742dcac02094696b94a95)
diff --git a/README.rst b/README.rst
index b0b4caa..e5a74ed 100644
--- a/README.rst
+++ b/README.rst
@@ -974,6 +974,40 @@
max_active_keys: 27
...
+Keystone configmap setup:
+---------------
+# Default type:
+.. code-block:: yaml
+
+ keystone:
+ server:
+ configmap:
+ DEFAULT:
+ debug: true
+ rate_limit_except_level: debug
+ auth:
+ methods: 'external,password,token'
+ tokenless_auth:
+ trusted_issuer: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
+
+.. code-block::
+
+
+# type: 'MultiOpt' for multiline values:
+.. code-block:: yaml
+
+ keystone:
+ server:
+ configmap:
+ tokenless_auth:
+ trusted_issuer:
+ type: 'MultiOpt'
+ values:
+ value1: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
+ value2: 'O=Mirantis,L=Kharkiv,CN=Salt Master CA2,C=ua'
+
+.. code-block::
+
Upgrades
========
diff --git a/keystone/files/ocata/keystone.conf.Debian b/keystone/files/ocata/keystone.conf.Debian
index d7372f9..5191fe5 100644
--- a/keystone/files/ocata/keystone.conf.Debian
+++ b/keystone/files/ocata/keystone.conf.Debian
@@ -3144,3 +3144,8 @@
{%- endfor %}
{%- endfor %}
{%- endif %}
+
+{%- if server.configmap is defined %}
+{%- set _data = server.configmap %}
+{%- include "oslo_templates/files/configmap/configmap.conf" %}
+{%- endif %}
diff --git a/keystone/files/pike/keystone.conf.Debian b/keystone/files/pike/keystone.conf.Debian
index ba8c9f9..7982e9b 100644
--- a/keystone/files/pike/keystone.conf.Debian
+++ b/keystone/files/pike/keystone.conf.Debian
@@ -3162,3 +3162,8 @@
{%- endfor %}
{%- endfor %}
{%- endif %}
+
+{%- if server.configmap is defined %}
+{%- set _data = server.configmap %}
+{%- include "oslo_templates/files/configmap/configmap.conf" %}
+{%- endif %}
diff --git a/keystone/files/queens/keystone.conf.Debian b/keystone/files/queens/keystone.conf.Debian
index f872c2f..bcc4ce9 100644
--- a/keystone/files/queens/keystone.conf.Debian
+++ b/keystone/files/queens/keystone.conf.Debian
@@ -1877,3 +1877,8 @@
{%- set _data = server.profiler %}
{%- include "oslo_templates/files/queens/oslo/_osprofiler.conf" %}
{%- endif %}
+
+{%- if server.configmap is defined %}
+{%- set _data = server.configmap %}
+{%- include "oslo_templates/files/configmap/configmap.conf" %}
+{%- endif %}
diff --git a/tests/pillar/cluster.sls b/tests/pillar/cluster.sls
index 11e0e7d..67a8d1e 100644
--- a/tests/pillar/cluster.sls
+++ b/tests/pillar/cluster.sls
@@ -77,3 +77,15 @@
extra_config:
federation:
cache_group_membership_in_db: true
+ configmap:
+ DEFAULT:
+ debug: true
+ rate_limit_except_level: debug
+ auth:
+ methods: 'external,password,token'
+ tokenless_auth:
+ trusted_issuer:
+ type: 'MultiOpt'
+ values:
+ value1: 'O=Mirantis,L=Prague,CN=Salt Master CA,C=cz'
+ value2: 'O=Mirantis,L=Kharkiv,CN=Salt Master CA2,C=ua'