Merge "Enable memcached backend for mod_auth_openidc"

ansible/roles/keystone/defaults/main.yml

@@ -214,3 +214,6 @@ keystone_should_remove_attribute_mappings: False
 keystone_should_remove_identity_providers: False
 keystone_federation_oidc_response_type: "id_token"
 keystone_federation_oidc_scopes: "openid email profile"
+
+# OIDC caching
+keystone_oidc_enable_memcached: "{{ enable_memcached }}"

ansible/roles/keystone/templates/wsgi-keystone.conf.j2

@@ -64,6 +64,10 @@ LogLevel info
 {% endif %}
     OIDCCryptoPassphrase {{ keystone_federation_openid_crypto_password }}
     OIDCRedirectURI {{ keystone_public_url }}/redirect_uri
+{% if enable_memcached | bool and keystone_oidc_enable_memcached | bool %}
+    OIDCCacheType memcache
+    OIDCMemCacheServers "{% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
+{% endif %}
 
     <Location ~ "/redirect_uri">
       Require valid-user

releasenotes/notes/oidc-memcache-backend-198e27c5168a3d4e.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Keystone OIDC integration now uses memcached for the caching backend if
+    ``enable_memcached`` is ``True``. This can be disabled by setting
+    ``keystone_oidc_enable_memcached`` to ``False``.