Merge "Fix deprecated kombu_ssl options for RMQ"
diff --git a/oslo_templates/files/queens/keystonemiddleware/_auth_token.conf b/oslo_templates/files/queens/keystonemiddleware/_auth_token.conf
index 6b77838..d57d9a7 100644
--- a/oslo_templates/files/queens/keystonemiddleware/_auth_token.conf
+++ b/oslo_templates/files/queens/keystonemiddleware/_auth_token.conf
@@ -91,7 +91,6 @@
#memcached_servers = <None>
{%- if _data.cache is defined %}
memcached_servers={%- for member in _data.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
-{%- endif %}
# In order to prevent excessive effort spent validating tokens, the middleware
# caches previously-seen tokens for a configurable duration (in seconds). Set
@@ -107,6 +106,7 @@
# Its value may be silently ignored in the future.
# Reason: PKI token format is no longer supported.
#revocation_cache_time = 10
+ {%- if _data.cache.get('security', {}).get('enabled', False) %}
# (Optional) If defined, indicate whether token data should be authenticated or
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
@@ -118,10 +118,18 @@
# MAC - <No description provided>
# ENCRYPT - <No description provided>
#memcache_security_strategy = None
+memcache_security_strategy = {{ _data.cache.security.get('strategy', 'ENCRYPT') }}
# (Optional, mandatory if memcache_security_strategy is defined) This string is
# used for key derivation. (string value)
#memcache_secret_key = <None>
+ {%- if _data.cache.security.secret_key is not defined or not _data.cache.security.secret_key %}
+ {%- do salt.test.exception('cache.security.secret_key is not defined: Please add secret_key') %}
+ {%- else %}
+memcache_secret_key = {{ _data.cache.security.secret_key }}
+ {%- endif %}
+ {%- endif %}
+{%- endif %}
# (Optional) Number of seconds memcached server is considered dead before it is
# tried again. (integer value)