keystone_config provider does not support multi-valued config values
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-keystone |
Fix Released
|
Medium
|
Takashi Kajinami |
Bug Description
Certain keystone config options require the use of OpenStack's weird and unnatural multi-value configuration syntax. Specifically, trusted_dashboard:
# A list of trusted dashboard hosts. Before accepting a Single Sign-On request
# to return a token, the origin host must be a member of this list. This
# configuration option may be repeated for multiple values. You must set this
# in order to use web-based SSO flows. For example:
# trusted_dashboard=https:/
# trusted_dashboard=https:/
And trusted_user:
# The list of distinguished names which identify trusted issuers of client
# certificates allowed to use X.509 tokenless authorization. If the option is
# absent then no certificates will be allowed. The format for the values of a
# distinguished name (DN) must be separated by a comma and contain no spaces.
# Furthermore, because an individual DN may contain commas, this configuration
# option may be repeated multiple times to represent multiple values. For
# example, keystone.conf would include two consecutive lines in order to trust
# two different DNs, such as `trusted_issuer = CN=john,
# and `trusted_issuer = CN=mary,
#trusted_issuer =
Currently, setting $keystone:
Changed in puppet-keystone: | |
status: | In Progress → New |
Fix proposed to branch: master /review. opendev. org/681313
Review: https:/