Canonical SSO provider

Merge lp:~verterok/canonical-identity-provider/sso_keystone_v3 into lp:~ubuntuone-pqm-team/canonical-identity-provider/charm

  1. sso_keystone_v3
  2. Merge into charm
Proposed by Guillermo Gonzalez
Status: Merged
Approved by: David
Approved revision: 110
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: lp:~verterok/canonical-identity-provider/sso_keystone_v3
Merge into: lp:~ubuntuone-pqm-team/canonical-identity-provider/charm
Diff against target: 67 lines (+30/-4)
2 files modified
config.yaml (+26/-1)
roles/payload/tasks/main.yaml (+4/-3)
To merge this branch: bzr merge lp:~verterok/canonical-identity-provider/sso_keystone_v3
Reviewer Review Type Date Requested Status
Odysseus Kaziolas Approve
Maximiliano Bertacchini Approve
Review via email: mp+460354@code.launchpad.net

Commit message

Update payload role to handle keystone v3 auth and update config example to match new body format

To post a comment you must log in.
Revision history for this message
Maximiliano Bertacchini (maxiberta) :
review: Approve
Revision history for this message
Odysseus Kaziolas (odysseus-k) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2022-02-17 13:37:20 +0000
3+++ config.yaml 2024-02-09 20:48:58 +0000
4@@ -36,7 +36,32 @@
5 type: string
6 description: >
7 Valid credentials for the swift account (keystone tenant), in the form
8- "{\"auth\": {\"tenantName\": \"$OS_TENANT_NAME\", \"passwordCredentials\": {\"username\": \"$OS_USERNAME\", \"password\": \"$OS_PASSWORD\"}}}"
9+ {
10+ \"auth\": {
11+ \"identity\": {
12+ \"methods\": [
13+ \"password\"
14+ ],
15+ \"password\": {
16+ \"user\": {
17+ \"name\": \"$OS_USERNAME\",
18+ \"domain\": {
19+ \"name\": \"Default\"
20+ },
21+ \"password\": \"$OS_PASSWORD\"
22+ }
23+ }
24+ },
25+ \"scope\": {
26+ \"project\": {
27+ \"domain\": {
28+ \"id\": \"default\"
29+ },
30+ \"name\": \"$OS_TENANT_NAME\"
31+ }
32+ }
33+ }
34+ }
35 secret_key:
36 type: string
37 default: ""
38
39=== modified file 'roles/payload/tasks/main.yaml'
40--- roles/payload/tasks/main.yaml 2015-10-13 13:38:33 +0000
41+++ roles/payload/tasks/main.yaml 2024-02-09 20:48:58 +0000
42@@ -72,10 +72,11 @@
43 uri:
44 url: "{{ swift_auth_url }}/tokens"
45 method: "POST"
46+ status_code: [201]
47 HEADER_Content-Type: "application/json"
48 HEADER_Accept: "application/json"
49 body: " {{ swift_credentials }}" # Note, the space seems to ensure the value is a string, rather than a dict :/
50- return_content: "yes"
51+ return_content: false
52 register: auth_request
53 when: not payload_exists.stat.exists and base_uri != "" and uri_auth_token == "" and swift_auth_url != ""
54
55@@ -96,10 +97,10 @@
56 - preload
57 uri:
58 url: "{{ base_uri }}/{{ payload_archive }}"
59- HEADER_X-Auth-Token: "{{ auth_request.json.access.token.id }}"
60+ HEADER_X-Auth-Token: "{{ auth_request.x_subject_token }}"
61 dest: "{{ archives_dir }}/{{ payload_archive }}"
62 mode: 0644
63- when: not payload_exists.stat.exists and base_uri != "" and uri_auth_token == "" and "json" in auth_request
64+ when: not payload_exists.stat.exists and base_uri != "" and uri_auth_token == "" and "x_subject_token" in auth_request
65
66 - name: Check if archive is already extracted
67 tags:

Subscribers

People subscribed via source and target branches