Define service_type in keystone_authtoken

If application credentials with access rules are required,
an OpenStack service using keystonemiddleware to authenticate
with keystone, needs to define service_type in its configuration
file.

Change-Id: I7034e82837d724f12d57969857f79d67c962cebe
This commit is contained in:
okozachenko 2023-05-12 23:00:39 +10:00
parent bd6a78e983
commit 423d91d6c3
45 changed files with 45 additions and 15 deletions

View File

@ -16,7 +16,7 @@ apiVersion: v1
appVersion: v1.0.0
description: Openstack-Helm Aodh
name: aodh
version: 0.2.7
version: 0.2.8
home: https://docs.openstack.org/aodh/latest/
sources:
- https://opendev.org/openstack/aodh

View File

@ -468,6 +468,7 @@ conf:
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
service_type: alarming
service_credentials:
auth_type: password
interface: internal

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Barbican
name: barbican
version: 0.3.1
version: 0.3.2
home: https://docs.openstack.org/barbican/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
sources:

View File

@ -377,6 +377,7 @@ conf:
auth_version: v3
memcache_security_strategy: ENCRYPT
memcache_secret_key: null
service_type: key-manager
database:
max_retries: -1
barbican_api:

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Cinder
name: cinder
version: 0.3.9
version: 0.3.10
home: https://docs.openstack.org/cinder/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
sources:

View File

@ -829,6 +829,7 @@ conf:
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
service_type: volumev3
nova:
auth_type: password
auth_version: v3

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Cyborg
name: cyborg
version: 0.1.2
version: 0.1.3
home: https://docs.openstack.org/cyborg
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cyborg/OpenStack_Project_Cyborg_vertical.png
sources:

View File

@ -511,6 +511,7 @@ conf:
auth_type: password
endpoint_type: internal
www_authenticate_uri: null
service_type: accelerator
agent:
enabled_drivers:
- nvidia_gpu_driver

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Designate
name: designate
version: 0.2.8
version: 0.2.9
home: https://docs.openstack.org/designate/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Designate/OpenStack_Project_Designate_vertical.jpg
sources:

View File

@ -467,6 +467,7 @@ conf:
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
service_type: dns
logging:
loggers:
keys:

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Glance
name: glance
version: 0.4.5
version: 0.4.6
home: https://docs.openstack.org/glance/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
sources:

View File

@ -258,6 +258,7 @@ conf:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
service_type: image
glance_store:
cinder_catalog_info: volumev3::internalURL
rbd_store_chunk_size: 8

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Heat
name: heat
version: 0.3.2
version: 0.3.3
home: https://docs.openstack.org/heat/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
sources:

View File

@ -351,6 +351,7 @@ conf:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
service_type: orchestration
database:
max_retries: -1
trustee:

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Magnum
name: magnum
version: 0.2.8
version: 0.2.9
home: https://docs.openstack.org/magnum/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Magnum/OpenStack_Project_Magnum_vertical.png
sources:

View File

@ -91,6 +91,7 @@ conf:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
service_type: container-infra
api:
# NOTE(portdirect): the bind port should not be defined, and is manipulated
# via the endpoints section.

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Manila
name: manila
version: 0.1.0
version: 0.1.1
home: https://docs.openstack.org/manila/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Manila/OpenStack_Project_Manila_vertical.png
sources:

View File

@ -702,6 +702,7 @@ conf:
auth_version: v3
memcache_security_strategy: ENCRYPT
endpoint_type: internalURL
service_type: sharev2
neutron:
auth_type: password
auth_version: v3

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Masakari
name: masakari
version: 0.1.6
version: 0.1.7
home: https://docs.openstack.org/developer/masakari
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Masakari/OpenStack_Project_masakari_vertical.png
sources:

View File

@ -564,6 +564,7 @@ conf:
api_paste_config: /etc/masakari/api-paste.ini
keystone_authtoken:
auth_type: password
service_type: instance-ha
database:
max_retries: -1
# Connection string is evaluated though the endpoints for taskflow.

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Neutron
name: neutron
version: 0.3.7
version: 0.3.8
home: https://docs.openstack.org/neutron/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources:

View File

@ -1808,6 +1808,7 @@ conf:
memcache_security_strategy: ENCRYPT
auth_type: password
auth_version: v3
service_type: network
octavia:
request_poll_timeout: 3000
logging:

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Nova
name: nova
version: 0.3.9
version: 0.3.10
home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources:

View File

@ -1399,6 +1399,7 @@ conf:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
service_type: compute
notifications:
notify_on_state_change: vm_and_task_state
service_user:

View File

@ -16,7 +16,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Octavia
name: octavia
version: 0.2.7
version: 0.2.8
home: https://docs.openstack.org/octavia/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Octavia/OpenStack_Project_Octavia_vertical.png
sources:

View File

@ -222,6 +222,7 @@ conf:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
service_type: load-balancer
certificates:
ca_private_key_passphrase: foobar
ca_private_key: /etc/octavia/certs/private/cakey.pem

View File

@ -16,7 +16,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Placement
name: placement
version: 0.3.3
version: 0.3.4
home: https://docs.openstack.org/placement/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
sources:

View File

@ -85,6 +85,7 @@ conf:
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
service_type: placement
logging:
loggers:
keys:

View File

@ -10,4 +10,5 @@ aodh:
- 0.2.5 Added OCI registry authentication
- 0.2.6 Remove default policy rules
- 0.2.7 Replace node-role.kubernetes.io/master with control-plane
- 0.2.8 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -25,4 +25,5 @@ barbican:
- 0.2.19 Support SSL offloading at reverse proxy for internal and admin endpoints
- 0.3.0 Remove support for Train and Ussuri
- 0.3.1 Replace node-role.kubernetes.io/master with control-plane
- 0.3.2 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -59,4 +59,5 @@ cinder:
- 0.3.7 Allow Ceph pools to use 1x replication
- 0.3.8 Update all Ceph images to Focal
- 0.3.9 Replace node-role.kubernetes.io/master with control-plane
- 0.3.10 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -3,4 +3,5 @@ cyborg:
- 0.1.0 Initial Chart
- 0.1.1 Migrated PodDisruptionBudget resource to policy/v1 API version
- 0.1.2 Added OCI registry authentication
- 0.1.3 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -12,4 +12,5 @@ designate:
- 0.2.6 Added OCI registry authentication
- 0.2.7 Use HTTP probe instead of TCP probe
- 0.2.8 Remove default policy rules
- 0.2.9 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -39,4 +39,5 @@ glance:
- 0.4.3 Update all Ceph images to Focal
- 0.4.4 Replace node-role.kubernetes.io/master with control-plane
- 0.4.5 Fix wrong configFile path in glance bootstrap container.
- 0.4.6 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -28,4 +28,5 @@ heat:
- 0.3.0 Remove support for Train and Ussuri
- 0.3.1 Remove default policy rules
- 0.3.2 Replace node-role.kubernetes.io/master with control-plane
- 0.3.3 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -12,4 +12,5 @@ magnum:
- 0.2.6 Migrated PodDisruptionBudget resource to policy/v1 API version
- 0.2.7 Added OCI registry authentication
- 0.2.8 Remove default policy rules
- 0.2.9 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -1,4 +1,5 @@
---
manila:
- 0.1.0 Initial Chart
- 0.1.1 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -7,4 +7,5 @@ masakari:
- 0.1.4 Migrated PodDisruptionBudget resource to policy/v1 API version
- 0.1.5 Added OCI registry authentication
- 0.1.6 Use HTTP probe instead of TCP probe
- 0.1.7 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -49,4 +49,5 @@ neutron:
- 0.3.5 Fix health probe for OVN metadata agent
- 0.3.6 Fix the issue that ovn metadata not work in muti-node enviroment
- 0.3.7 Sync neutron db to ovn nb db when neutron-server start
- 0.3.8 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -78,4 +78,5 @@ nova:
- 0.3.7 Fix live migration without DNS resolution
- 0.3.8 Fix missing privilege separation directory for nova compute ssh
- 0.3.9 Fix typo in spice proxy deployment
- 0.3.10 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -11,4 +11,5 @@ octavia:
- 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version
- 0.2.6 Added OCI registry authentication
- 0.2.7 Use HTTP probe instead of TCP probe
- 0.2.8 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -26,4 +26,5 @@ placement:
- 0.3.1 Remove support for Train and Ussuri
- 0.3.2 Remove default policy rules
- 0.3.3 Replace node-role.kubernetes.io/master with control-plane
- 0.3.4 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -11,4 +11,5 @@ senlin:
- 0.2.6 Add helm.sh/hook annotations for Jobs
- 0.2.7 Added OCI registry authentication
- 0.2.8 Remove default policy rules
- 0.2.9 Define service_type in keystone_authtoken to support application credentials with access rules
...

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Senlin
name: senlin
version: 0.2.8
version: 0.2.9
home: https://docs.openstack.org/senlin/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Senlin/OpenStack_Project_Senlin_vertical.png
sources:

View File

@ -137,6 +137,7 @@ conf:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
service_type: clustering
senlin_api:
# NOTE(portdirect): the bind port should not be defined, and is manipulated
# via the endpoints section.