- Adding endpoints for the subcloud's platform services to the central
keystone. This was done so horizon can reach all subclouds
- Allowing version requests to bypass the authtoken validator in the
dcorch proxy. version requests do not require authentication and
they are required by horizon to work in the SystemController region
Change-Id: I508e0168e77d1f46b8f5720fd16047177b4920c2
Partial-Bug: 1846239
Signed-off-by: Tyler Smith <tyler.smith@windriver.com>
This update enhanced keystone-api-proxy to take a sync_endpoint
parameter from its configuration file and enqueue job for dcorch with
that sync_endpoint type. If sync_endpoint doesn't present in its
configuration file, it will use the default endpoint type to enqueue
job.
Change-Id: I85698638cee2598955c4deb41a6b8033b0ace9fd
Story: 2004766
Task: 36156
Depends-On: https://review.opendev.org/#/c/682062/
Signed-off-by: Andy Ning <andy.ning@windriver.com>
OAM firewallrules are now managed by Calico GlobalNetworkPolicy configuration
via k8s API (not by sysinv anymore). This update removed firewallrules
audit from dcorch.
Change-Id: I9fab73c016bb4af760c7d78f0db18dcc8bb77057
Closes-Bug: 1844147
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit updates dcorch to use the newly introduced dbsync service
APIs to synchronize identity resources from central cloud to subclouds.
The following identity resources are synced:
- users (local users only)
- user passwords
- projects
- roles
- project role assignments
- token revocation events
Story: 2002842
Task: 22787
Signed-off-by: Andy Ning <andy.ning@windriver.com>
(cherry picked from commit e9096c7a23)
Depends-On: https://review.opendev.org/#/c/655921
Depends-On: https://review.opendev.org/#/c/655773
Depends-On: https://review.opendev.org/#/c/655776
Depends-On: https://review.opendev.org/#/c/655927
Change-Id: I77c2cc712a1c3dc8a228883c3fea1423e5207dea