Merge pull request #10 from smolaon/master
added support for cors parameters
diff --git a/README.rst b/README.rst
index 6f80924..e7c8aed 100644
--- a/README.rst
+++ b/README.rst
@@ -170,6 +170,20 @@
max_active_keys: 3
...
+Keystone auth methods
+
+.. code-block:: yaml
+
+ keystone:
+ server:
+ ...
+ auth_methods:
+ - external
+ - password
+ - token
+ - oauth1
+ ...
+
Keystone domain with LDAP backend, using SQL for role/project assignment
.. code-block:: yaml
@@ -315,6 +329,10 @@
keystone:
server:
+ auth_methods:
+ - password
+ - token
+ - saml2
websso:
protocol: saml2
remote_id_attribute: Shib-Identity-Provider
diff --git a/keystone/files/liberty/keystone.conf.Debian b/keystone/files/liberty/keystone.conf.Debian
index 9f6c9c2..05d0493 100644
--- a/keystone/files/liberty/keystone.conf.Debian
+++ b/keystone/files/liberty/keystone.conf.Debian
@@ -306,9 +306,10 @@
# Allowed authentication methods. (list value)
#methods = external,password,token,oauth1
-
+{% if server.auth_methods is defined %}
+methods = {{ server.auth_methods |join(',') }}
+{%- endif %}
{% if server.websso is defined %}
-methods = external,password,token,{{ server.websso.protocol }}
{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
diff --git a/keystone/files/mitaka/keystone.conf.Debian b/keystone/files/mitaka/keystone.conf.Debian
index 84d1897..28991a4 100644
--- a/keystone/files/mitaka/keystone.conf.Debian
+++ b/keystone/files/mitaka/keystone.conf.Debian
@@ -354,9 +354,10 @@
# Allowed authentication methods. (list value)
#methods = external,password,token,oauth1
-
+{% if server.auth_methods is defined %}
+methods = {{ server.auth_methods |join(',') }}
+{%- endif %}
{% if server.websso is defined %}
-methods = external,password,token,{{ server.websso.protocol }}
{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
diff --git a/keystone/files/newton/keystone.conf.Debian b/keystone/files/newton/keystone.conf.Debian
index 1e5fb4b..6add60c 100644
--- a/keystone/files/newton/keystone.conf.Debian
+++ b/keystone/files/newton/keystone.conf.Debian
@@ -414,8 +414,10 @@
# Allowed authentication methods. (list value)
#methods = external,password,token,oauth1
+{% if server.auth_methods is defined %}
+methods = {{ server.auth_methods |join(',') }}
+{%- endif %}
{% if server.websso is defined %}
-methods = external,password,token,{{ server.websso.protocol }}
{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
diff --git a/keystone/files/ocata/keystone.conf.Debian b/keystone/files/ocata/keystone.conf.Debian
index 8194834..aa442f2 100644
--- a/keystone/files/ocata/keystone.conf.Debian
+++ b/keystone/files/ocata/keystone.conf.Debian
@@ -481,8 +481,10 @@
# are being invoked to validate attributes in the request environment, it can
# cause conflicts. (list value)
#methods = external,password,token,oauth1,mapped
+{% if server.auth_methods is defined %}
+methods = {{ server.auth_methods |join(',') }}
+{%- endif %}
{% if server.websso is defined %}
-methods = external,password,token,{{ server.websso.protocol }}
{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
@@ -3077,4 +3079,4 @@
# unless you are providing a custom entry point. (string value)
#driver = sql
[extra_headers]
-Distribution = Ubuntu
\ No newline at end of file
+Distribution = Ubuntu
diff --git a/keystone/server.sls b/keystone/server.sls
index 9881c66..a1d4636 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls
@@ -6,19 +6,13 @@
- names: {{ server.pkgs }}
{%- if server.service_name in ['apache2', 'httpd'] %}
-/etc/apache2/sites-available/wsgi-keystone.conf:
+{%- if not grains.get('noservices', False) %}
+purge_not_needed_configs:
file.absent:
- {%- if not grains.get('noservices', False) %}
+ - names: ['/etc/apache2/sites-enabled/keystone.conf', '/etc/apache2/sites-enabled/wsgi-keystone.conf']
- watch_in:
- service: keystone_service
- {%- endif %}
-
-/etc/apache2/sites-enabled/wsgi-keystone.conf:
- file.absent:
- {%- if not grains.get('noservices', False) %}
- - watch_in:
- - service: keystone_service
- {%- endif %}
+{%- endif %}
include:
- apache