fix: correct keystone_domains reference from horizon (#992)
diff --git a/roles/horizon/defaults/main.yml b/roles/horizon/defaults/main.yml
index acec948..9310644 100644
--- a/roles/horizon/defaults/main.yml
+++ b/roles/horizon/defaults/main.yml
@@ -21,3 +21,35 @@
# List of annotations to apply to the Ingress
horizon_ingress_annotations: {}
+
+# The following set of variables can be used for simple setups where you can
+# only need a single domain and realm. You can use the `keystone_domains`
+# variable to configure more complex setups.
+keystone_keycloak_server_url: "https://{{ keycloak_host }}"
+keystone_keycloak_server_internal_url: http://keycloak.auth-system.svc
+keystone_keycloak_user_realm_name: master
+keystone_keycloak_admin_client_id: admin-cli
+keystone_keycloak_admin_user: admin
+keystone_keycloak_admin_password: "{{ keycloak_admin_password }}"
+keystone_keycloak_realm: atmosphere
+keystone_keycloak_realm_name: Atmosphere
+keystone_keycloak_client_id: keystone
+keystone_keycloak_scopes: "openid email profile"
+
+# (ricolin): This will prevent horizon reference wrong keystone_domains by default.
+# This variable can be used for more complex setups that require multiple
+# domains that are mapped to multiple realms. If you are looking to use a
+# single domain and realm, you can skip this section.
+horizon_keystone_domains:
+ - name: "{{ keystone_keycloak_realm }}" # Domain name
+ label: "{{ keystone_keycloak_realm_name }}" # Realm display name + Horizon label
+ keycloak_server_url: "{{ keystone_keycloak_server_url }}" # Public Keycloak URL
+ keycloak_server_internal_url: "{{ keystone_keycloak_server_internal_url }}" # Internal Keycloak URL
+ keycloak_user_realm_name: "{{ keystone_keycloak_user_realm_name }}" # Keycloak realm name
+ keycloak_admin_client_id: "{{ keystone_keycloak_admin_client_id }}" # Keycloak admin client ID
+ keycloak_admin_user: "{{ keystone_keycloak_admin_user }}" # Keycloak admin username
+ keycloak_admin_password: "{{ keystone_keycloak_admin_password }}" # Keycloak admin password
+ keycloak_realm: "{{ keystone_keycloak_realm }}" # Keycloak realm name
+ keycloak_client_id: "{{ keystone_keycloak_client_id }}" # Keycloak client ID
+ keycloak_client_secret: "{{ keystone_keycloak_client_secret }}" # Keycloak client secret
+ keycloak_scopes: "{{ keystone_keycloak_scopes }}" # Keycloak scopes
diff --git a/roles/horizon/vars/main.yml b/roles/horizon/vars/main.yml
index b4c2130..7699b4a 100644
--- a/roles/horizon/vars/main.yml
+++ b/roles/horizon/vars/main.yml
@@ -31,7 +31,7 @@
sso:
enabled: true
initial_choice: "{{ (keystone_domains is defined) | ternary(keystone_domains[0].name, 'atmosphere') }}"
- idp_mapping: "{{ keystone_domains | default([{'name': 'atmosphere', 'label': 'Atmosphere'}]) | vexxhost.atmosphere.keystone_domains_to_idp_mappings }}" # noqa: yaml[line-length]
+ idp_mapping: "{{ keystone_domains | default(horizon_keystone_domains) | vexxhost.atmosphere.keystone_domains_to_idp_mappings }}" # noqa: yaml[line-length]
raw:
OPENSTACK_SSL_NO_VERIFY: "{{ ((cluster_issuer_type | default('self-signed')) == 'self-signed') | ternary('True', 'False') | string }}"
WEBSSO_KEYSTONE_URL: https://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3