openstack/charm-keystone-openidc
Code Issues Proposed changes
Juju Charm - Keystone OpenID Connect
35 Commits 5 Branches 0 Tags 484 KiB
Python 98.3%
Shell 1.2%
Jinja 0.5%
f93b4451fb
Go to file
Felipe Reyes f93b4451fb Add OIDCOAuth config to Apache. 
This change introduces the configuration of OAuth to enable auth-openidc
which is browser-less.

When enable-oauth is set to true (the default) and
oidc-auth-verify-jwks-uri is empty, the charm will try use
oidc-oauth-introspection-endpoint if set, otherwise the charm will fetch
the content at oidc-provider-metadata-url and use the value available at
the key introspection_endpoint.
2022-08-16 10:44:26 -04:00
src Add OIDCOAuth config to Apache. 2022-08-16 10:44:26 -04:00
templates Add OIDCOAuth config to Apache. 2022-08-16 10:44:26 -04:00
tests Use OVN instead of neutron-openvswitch 2022-08-16 10:14:45 -04:00
unit_tests Fix unit tests. 2022-08-09 13:28:55 -04:00
.gitignore Add relation between keystone and keystone-openidc programatically. 2022-08-09 10:36:49 -04:00
.jujuignore Add debug config option 2022-08-09 13:19:54 -04:00
.stestr.conf Add stestr to the testing dependencies 2022-07-21 19:10:27 -04:00
.zuul.yaml Initial import 2022-07-20 17:39:41 -04:00
build-requirements.txt Initial import 2022-07-20 17:39:41 -04:00
charmcraft.yaml Add ops_openstack dependency. 2022-07-21 10:07:15 -04:00
config.yaml Add OIDCOAuth config to Apache. 2022-08-16 10:44:26 -04:00
LICENSE Initial import 2022-07-20 17:39:41 -04:00
metadata.yaml Add peer relation. 2022-07-26 18:25:03 -04:00
osci.yaml Initial import 2022-07-20 17:39:41 -04:00
README.md Initial import 2022-07-20 17:39:41 -04:00
rename.sh Initial import 2022-07-20 17:39:41 -04:00
requirements.txt Add OIDCOAuth config to Apache. 2022-08-16 10:44:26 -04:00
test-requirements.txt Add stestr to the testing dependencies 2022-07-21 19:10:27 -04:00
tox.ini Initial import 2022-07-20 17:39:41 -04:00

README.md

Overview

This subordinate charm provides a way to integrate a Open ID Connect based identity provider with Keystone using mod_auth_openidc. Apache operates as a OpenID Connect Relaying Party towards an OpenID Connect Provider.

Usage

Use this charm with the Keystone charm:

juju deploy keystone
juju deploy openstack-dashboard
juju deploy keystone-openidc
juju add-relation keystone:keystone-fid-service-provider keystone-openidc:keystone-fid-service-provider
juju add-relation openstack-dashboard:websso-fid-service-provider keystone-openidc:websso-fid-service-provider

In a bundle:

applications:
  keystone-openidc:
    charm: ch:keystone-openid
    num_units: 0
relations:
- - keystone:keystone-fid-service-provider
  - keystone-openidc:keystone-fid-service-provider

Prerequisites

Bugs

Please report bugs on Launchpad.

For general charm questions refer to the OpenStack Charm Guide.