The main goal of this charm is to generate the necessary configuration for use in the Keystone charm related to OIDC config generation and signaling Keystone service restart. Keystone has a concept of a federated backend which supports OIDC as well as an authentication plug-in called "mapped" which does the rest of the work of resolving symbolic attributes
Describe the intended usage of this charm and anything unique about how this charm relates to others here.
This README will be displayed in the Charm Store, it should be either Markdown or RST. Ideal READMEs include instructions on how to use the charm, expected usage, and charm features that your audience might be interested in. For an example of a well written README check out Hadoop: http://jujucharms.com/charms/precise/hadoop
Use this as a Markdown reference if you need help with the formatting of this README: http://askubuntu.com/editing-help
This charm provides service. Add a description here of what the service itself actually does.
Also remember to check the icon guidelines so that your charm looks good in the Juju GUI.
Step by step instructions on using the charm:
juju deploy servicename
and so on. If you're providing a web service or something that the end user needs to go to, tell them here, especially if you're deploying a service that might listen to a non-default port.
You can then browse to http://ip-address to configure the service.
Scale out Usage
If the charm has any recommendations for running at scale, outline them in examples here. For example if you have a memcached relation that improves performance, mention it here.
Known Limitations and Issues
This not only helps users but gives people a place to start if they want to help you add features to your charm.
The configuration options will be listed on the charm store, however If you're making assumptions or opinionated decisions in the charm (like setting a default administrator password), you should detail that here so the user knows how to change it immediately, etc.
Though this will be listed in the charm store itself don't assume a user will know that, so include that information here:
Upstream Project Name
- Upstream website
- Upstream bug tracker
- Upstream mailing list or contact information
- Feel free to add things if it's useful for users
- (boolean) Enable debug logging
- (string) Identity provider name to use for URL generation. Must match the one that will be configured via OS-FEDERATION API.
- (string) Identity provider remote ID. See https://docs.openstack.org/keystone/ocata/federation/federated_identity.html
- (string) OIDCClaimPrefix is a prefix that will be added to each OIDC claim.
- (string) OIDCClientID is the client ID issued by the OIDC Provider during the client registration phase.
- (string) OIDCClientSecret is a secret issued to the client by the OIDC Provider during the client registration phase.
- (string) OIDCCryptoPassphrase is a passphrase used to encrypt claims.
- (string) OIDCProviderMetadataURL is the URL from which the module will obtain all the OIDC Provider configuration details in json format (endpoints, supported flows, etc.). For example https://accounts.google.com/.well-known/openid-configuration
- (string) OIDCRedirectURI is a protected (by the module itself) URI that act as callback for the authentication response, e.g. https://FQDN:5000/v3/auth/OS-FEDERATION/websso/openid/redirect
- (string) OIDCResponseType defines the OpenID Connect authentication flow used.
- (string) OIDCScope defines the claims that will be returned by the OIDC Provider.
- openid email profile
- (string) Protocol name to use for URL and generation. Must match the one that will be configured via OS-FEDERATION API.
- (string) TLS CA to use to communicate with other components in a deployment. . __NOTE__: This configuration option will take precedence over any certificates received over the ``certificates`` relation.
- (string) TLS certificate to install and use for any listening services. . __NOTE__: This configuration option will take precedence over any certificates received over the ``certificates`` relation.
- (string) TLS key to use with certificate specified as ``ssl_cert``. . __NOTE__: This configuration option will take precedence over any certificates received over the ``certificates`` relation.
- (boolean) Openstack mostly defaults to using public endpoints for internal communication between services. If set to True this option will configure services to use internal endpoints where possible.
- (boolean) Setting this to True will allow supporting services to log to syslog.
- (string) A user-facing name to be used in the OpenStack dashboard.
- (boolean) Enable verbose logging