Clean-up keystone role
This patch cleans up a bunch of stuff that's not in use anymore.
Sem-Ver: bugfix
Change-Id: Ibc841cf3207b9a0b19c79c438779b315567f8408
diff --git a/releasenotes/notes/cleanup-keystone-role-ea04dd3c915f3bf7.yaml b/releasenotes/notes/cleanup-keystone-role-ea04dd3c915f3bf7.yaml
new file mode 100644
index 0000000..c2807df
--- /dev/null
+++ b/releasenotes/notes/cleanup-keystone-role-ea04dd3c915f3bf7.yaml
@@ -0,0 +1,3 @@
+---
+fixes:
+ - Remove stale old Terraform content from the Keystone side of things.
diff --git a/roles/openstack_helm_keystone/vars/main.yml b/roles/openstack_helm_keystone/vars/main.yml
index 0101d4a..501b95f 100644
--- a/roles/openstack_helm_keystone/vars/main.yml
+++ b/roles/openstack_helm_keystone/vars/main.yml
@@ -84,148 +84,3 @@
job_credential_cleanup: false
ingress_api: false
service_ingress_api: false
-# # LDAP configuration
-# yamlencode({
-# conf = {
-# ks_domains = {
-# for domain, details in var.keystone_ldap_domains : domain => {
-# identity = {
-# driver = "ldap"
-# }
-# ldap = merge({
-# tls_cacertfile = "/etc/keystone/ldap/${domain}.crt"
-# }, details.conf)
-# }
-# }
-# }
-# }),
-
-# # OpenID Connect
-# yamlencode({
-# bootstrap = {
-# script = <<-EOT
-# # Create role for publishing images
-# openstack role create --or-show image-publisher
-
-# # Add member role for admin user
-# openstack role add \
-# --user="$${OS_USERNAME}" \
-# --user-domain="$${OS_USER_DOMAIN_NAME}" \
-# --project-domain="$${OS_PROJECT_DOMAIN_NAME}" \
-# --project="$${OS_PROJECT_NAME}" \
-# "member"
-
-# # Create project for tempest-pushgateway
-# openstack project create --or-show \
-# "${kubernetes_secret.tempest_pushgateway.data.OS_PROJECT_NAME}"
-# openstack user create --or-show \
-# "${kubernetes_secret.tempest_pushgateway.data.OS_USERNAME}"
-# openstack user set \
-# --password="${kubernetes_secret.tempest_pushgateway.data.OS_PASSWORD}" \
-# "${kubernetes_secret.tempest_pushgateway.data.OS_USERNAME}"
-# openstack role add \
-# --user="${kubernetes_secret.tempest_pushgateway.data.OS_USERNAME}" \
-# --project="${kubernetes_secret.tempest_pushgateway.data.OS_PROJECT_NAME}" \
-# "member"
-
-# # Add admin user to default domain
-# openstack role add \
-# --user="$${OS_USERNAME}" \
-# --domain="$${OS_DEFAULT_DOMAIN}" \
-# "admin"
-# %{for name, config in var.keystone_openid_connect_idps}
-# # OpenID connect (${name})
-
-# # Create Identity provider if it doesn't exist
-# IDP_ID=$(openstack identity provider show ${name} -c id -f value || :)
-# if [ -z "$IDP_ID" ]; then
-# openstack identity provider create --remote-id ${config.issuer} ${name}
-# else
-# openstack identity provider set --remote-id ${config.issuer} ${name}
-# fi
-
-# # Generate mapping
-# cat <<EOF | tee /tmp/mapping.json
-# ${jsonencode(local.keystone_mappings[name])}
-# EOF
-
-# # Upload mapping to Keystone
-# MAPPING_ID=$(openstack mapping show ${name} -c id -f value || :)
-# if [ -z "$MAPPING_ID" ]; then
-# openstack mapping create --rules /tmp/mapping.json ${name}
-# else
-# openstack mapping set --rules /tmp/mapping.json ${name}
-# fi
-
-# # Create federation
-# FEDERATION_ID=$(openstack federation protocol show --identity-provider ${name} openid -c id -f value || :)
-# if [ -z "$FEDERATION_ID" ]; then
-# openstack federation protocol create --identity-provider ${name} --mapping ${name} openid
-# fi
-# %{endfor~}
-# EOT
-# }
-# conf = {
-# wsgi_keystone = <<-EOT
-# {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-
-# Listen 0.0.0.0:{{ $portInt }}
-
-# LogFormat "%h %l %u %t \"%r\" %>s %b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
-# LogFormat "%%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%%{Referer}i\" \"%%{User-Agent}i\"" proxy
-
-# SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
-# CustomLog /dev/stdout combined env=!forwarded
-# CustomLog /dev/stdout proxy env=forwarded
-
-# <VirtualHost *:{{ $portInt }}>
-# WSGIDaemonProcess keystone-public processes=4 threads=1 user=keystone group=keystone display-name=%%{GROUP}
-# WSGIProcessGroup keystone-public
-# WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-public
-# WSGIApplicationGroup %%{GLOBAL}
-# WSGIPassAuthorization On
-# <IfVersion >= 2.4>
-# ErrorLogFormat "%%{cu}t %M"
-# </IfVersion>
-# ErrorLog /dev/stdout
-
-# SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
-# CustomLog /dev/stdout combined env=!forwarded
-# CustomLog /dev/stdout proxy env=forwarded
-
-# # OpenID connect
-# OIDCMetadataDir /var/lib/apache2/oidc
-# OIDCClaimPrefix "OIDC-"
-# OIDCSessionType client-cookie
-# OIDCCryptoPassphrase ${random_password.keystone_openid_connect_crypto_passphrase.result}
-# OIDCRedirectURLsAllowed ^https://${var.horizon_api_host}/auth/logout/$ ^https://${var.keystone_api_host}
-# OIDCOAuthVerifyJwksUri https://vexxhost.us.auth0.com/.well-known/jwks.json
-
-# OIDCRedirectURI https://${var.keystone_api_host}/v3/auth/OS-FEDERATION/identity_providers/redirect
-# <Location /v3/auth/OS-FEDERATION/identity_providers/redirect>
-# AuthType openid-connect
-# Require valid-user
-# </Location>
-# <Location /v3/auth/OS-FEDERATION/websso/openid>
-# AuthType openid-connect
-# Require valid-user
-# </Location>
-
-# %{for name, config in var.keystone_openid_connect_idps}
-# <Location /v3/auth/OS-FEDERATION/identity_providers/${name}/protocols/openid/websso>
-# OIDCDiscoverURL https://${var.keystone_api_host}/v3/auth/OS-FEDERATION/identity_providers/redirect?iss=${urlencode(config.issuer)}
-# AuthType openid-connect
-# Require valid-user
-# </Location>
-# <Location /v3/OS-FEDERATION/identity_providers/${name}/protocols/openid/auth>
-# LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
-# Header set Access-Control-Allow-Headers "Authorization,Content-Type"
-# Header set Access-Control-Allow-Origin "*"
-# AuthType oauth20
-# Require valid-user
-# </Location>
-# %{endfor}
-# </VirtualHost>
-# EOT
-# }
-# }),