[puppet] keystone.conf and 'federation/trusted_dashboard' (multi valued)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[puppet] keystone.conf and 'federation/trusted_dashboard' (multi valued)

Russell Cecala
Hi,

I am using https://github.com/openstack/puppet-keystone (stable/newton branch) and we would like to implement a design that uses federation openid.

As part of this design I need to add these lines to the keystone.conf file:

[federation]
...

I have attempted to use this yaml in my hiera data ...

keystone::config::keystone_config:
...
    'federation/trusted_dashboard':
        value: "https://example.com/auth/websso"
    'federation/trusted_dashboard':

... and some other various, but the resulting keystone.conf only gets the second federation/trusted_dashboard setting:

keystone::config::keystone_config:
...
    'federation/trusted_dashboard':

If you could tell what I am doing wrong I'd appreciate it, but I suspect that the puppet-keystone module does not support 'federation/trusted_dashboard' (multi valued).

Thank you.


_______________________________________________
OpenStack-operators mailing list
[hidden email]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Reply | Threaded
Open this post in threaded view
|

Re: [puppet] keystone.conf and 'federation/trusted_dashboard' (multi valued)

Alex Schultz-2
On Fri, Nov 10, 2017 at 12:45 PM, Red Cricket
<[hidden email]> wrote:

> Hi,
>
> I am using https://github.com/openstack/puppet-keystone (stable/newton
> branch) and we would like to implement a design that uses federation openid.
>
> As part of this design I need to add these lines to the keystone.conf file:
>
> [federation]
> ...
> trusted_dashboard = https://example.com/auth/websso
> trusted_dashboard = https://example.com/dashboard/auth/websso/
>
> I have attempted to use this yaml in my hiera data ...
>
> keystone::config::keystone_config:
> ...
>     'federation/trusted_dashboard':
>         value: "https://example.com/auth/websso"
>     'federation/trusted_dashboard':
>         value: "https://example.com/dashboard/auth/websso/"
>
> ... and some other various, but the resulting keystone.conf only gets the
> second federation/trusted_dashboard setting:
>
> keystone::config::keystone_config:
> ...
>     'federation/trusted_dashboard':
>         value: "https://example.com/dashboard/auth/websso/"
>
> If you could tell what I am doing wrong I'd appreciate it, but I suspect
> that the puppet-keystone module does not support
> 'federation/trusted_dashboard' (multi valued).
>

It appears from our other implementations that it can be a comma
seperated value.

https://github.com/openstack/puppet-keystone/blob/41f12aa800d46f914869618bd7afd6ccc4a4fa98/manifests/federation/mellon.pp#L114

So you may just try

     'federation/trusted_dashboard':
         value:
"https://example.com/auth/websso,https://example.com/dashboard/auth/websso/"

Thanks,
-Alex
> Thank you.
>
>
> _______________________________________________
> OpenStack-operators mailing list
> [hidden email]
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

_______________________________________________
OpenStack-operators mailing list
[hidden email]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators