On Fri, Nov 10, 2017 at 12:45 PM, Red Cricket <red.cricket.blog at gmail.com> wrote: > Hi, > > I am using https://github.com/openstack/puppet-keystone (stable/newton > branch) and we would like to implement a design that uses federation openid. > > As part of this design I need to add these lines to the keystone.conf file: > > [federation] > ... > trusted_dashboard = https://example.com/auth/websso > trusted_dashboard = https://example.com/dashboard/auth/websso/ > > I have attempted to use this yaml in my hiera data ... > > keystone::config::keystone_config: > ... > 'federation/trusted_dashboard': > value: "https://example.com/auth/websso" > 'federation/trusted_dashboard': > value: "https://example.com/dashboard/auth/websso/" > > ... and some other various, but the resulting keystone.conf only gets the > second federation/trusted_dashboard setting: > > keystone::config::keystone_config: > ... > 'federation/trusted_dashboard': > value: "https://example.com/dashboard/auth/websso/" > > If you could tell what I am doing wrong I'd appreciate it, but I suspect > that the puppet-keystone module does not support > 'federation/trusted_dashboard' (multi valued). > It appears from our other implementations that it can be a comma seperated value. https://github.com/openstack/puppet-keystone/blob/41f12aa800d46f914869618bd7afd6ccc4a4fa98/manifests/federation/mellon.pp#L114 So you may just try 'federation/trusted_dashboard': value: "https://example.com/auth/websso,https://example.com/dashboard/auth/websso/" Thanks, -Alex > Thank you. > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >