If the certificates that Apache is using change then Apache needs to
be restarted. This change adds the SSL directory to the restart map
to ensure any certificate changes trigger a restart.

Change-Id: I1fd46865350e6a9cb35f4209fcf8dd201e6f1441
Closes-Bug: 1828530

Change-Id: I19c98b17087b6d1ff86aa749654a13a14e61c951

Change-Id: Ibb7df0c2b97801abb15af2d97534535af24205a1
Closes-Bug: #1827061

Enables a client to use application credentials for authentication.

Change-Id: If6ff4bcabec2f976b79d87d57f4a763e8828c302
Closes-Bug: #1827058

When running an upgrade of the keystone charm in a large environment,
the upgrade process can take more than 30 minutes.

Prior to this change, the user would only see 'Installing apt packages'
during most of the process.

This change adds status_set and log messages to the upgrade charm hook
so that end users can see what is the status of the upgrade.

Change-Id: I1eade73fad551310ceec0bb8dcbccb777737faeb
Closes-Bug: #1782004

Change-Id: I2d037c9e60d2c7ed9ce48fe7d17b3bd453de528e

This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.

This patch works around a bug during upgrades where (it is believed)
that the manager.py script can hold a 'stale' connection to the apache2
hosted keystone, which then returns a 500 HTTP error when next used.

Change-Id: Id9c9b967742467f30270f52c2a8b6634f6480324
Related-Bug: #1823743

Change-Id: I88230ec382ddaf567367bf09cb448c377afb354f

    The README was overall clean and clear, however there were some
    areas of improvement, as well as some typos which could lead to
    confusion. Most are trivial changes.

    - Terminate sentence with period to match rest of list
    - Add commas to introductory phrases to match rest of readme
    - Change duplicate 'os-internal-hostname' to 'os-admin-hostname'
    - Change 'https' to 'HTTPS' to match header of section
    - Fix typo 'they secondary' to 'the secondary'
    - Remove comma from 'unit, and must' as is not a compound sentence
    - Change 'Note' to 'NOTE' to match rest of readme
    - Capitalized first word in NOTE section to match rest of readme

Change-Id: I38483df4340849cd268c74183b44eaf6bc02b238

This patch ensures that any running manager.py script is stopped if the
keystone service (either standalone, or run via apache2) is restarted.
The ManagerServer will automatically (re)start the manager.py script
when it is needed.

Change-Id: I4e3dff340cce73b2de7d697f3685d602defb5179
Related-Bug: #1823743

When ``certificates-relation-changed`` hook is called before the
certificate data is present on the relation do not attempt to
configure apache.

Change-Id: If915451d4b0846023355edcf3a49f643e12c7522
Closes-Bug: #1822952

Change-Id: Iaa7db0b453c7697ad10347721d1005d816562be6

Ensure that EOL releases are removed from metadata
and tests, and that the current dev release is enabled
in metadata.  Dev release tests are enabled separately
because of chickens and eggs.

Change-Id: Ia8979f0de52763af68e28a98a8386c81716f4673

As a part of the Stein release, we need to ensure
that charmhelpers is up to date.

Change-Id: I151549108c53572868c796e452c5dc3dd7f8133d

In the related bug, the manager.py was crashing as it received
(essentially) a socket close which resulted in no data being received.
This wasn't handled properly resulting in a crash in the manager.py.
This change simply allows the manager.py to exit cleanly, and the charm
can restart it if it needs to.

Change-Id: I76a435f48cdb8c201b0ddc529da947e6ed9ec031
Related-Bug: #1822063

Before this change there was a race condition in which keystone would
hand out its local IP rather than the VIP when in HA mode and never
update clients other than on the identity-service relation.

This change guarantees the other relations are also updated with HA VIP
information.

Change-Id: Ib2ea3103c06a7a06bb1d04b6c7e872f36d12c1c4

The latest audit updates allow Keystone to pass the
file-ownership and file-permissions audits.

Change-Id: Ib274ba7fcf8c4a299cda3509cc87a10bff990142
Func-Test-PR: https://github.com/openstack-charmers/zaza/pull/204

When using the PKI token provider, it is necessary to
ensure that a secure hashing algorithm is used. The
charms never configure a PKI provider but the checklist
action is still a valid runtime check.

Change-Id: If0869124e4fcf7af68f636b9e4d3027c83407a4f
Closes-Bug: 1820813
Func-Test-PR: https://github.com/openstack-charmers/zaza/pull/200

The repo is called charm-keystone, not keystone-charm. While it is
obvious what charm is in question, the README might look a bit better
with more consistent self-references.

Change-Id: I87ace22cf7d4c598b25fcf2beda7033e8f168789

This change could potentially make the README looking more complete

Change-Id: Ie6d2124359d1319aa69108bc2e52aff82d5f485f

Change-Id: I580669d82c3f37adceb75d5d6f368b09ea41b9da
Closes-Bug: #1819134
Func-Test-PR: https://github.com/openstack-charmers/zaza/pull/198

The manager.py helper is launched with either py2 or py3 depending on
the version of the payload.  However, it was using openstack-origin
rather than actually picking up the actual version of the installed
software.  This patch ensures that the manager.py is run with the
python version of the installed payload, which resolves a bug when
upgrading to rocky (which is the py2 to py3 transition of the payload).

Also fixes an os.execl() bug which changed behaviour from python2 to
python3.

Change-Id: I17255b84ca067886f866a5f8311dcab57fba6f14
Closes-bug: #1818988

This charm adds the general ownership audits, as well
as keystone specific security checklist audits.

Change-Id: Iee093b36c54081f14a07c95e677ea08c72d72ca4

Change-Id: I20ac87956a7d0cdb49012c12a194e0207eb603b9

To be in line with the other recent updates, changing the
charmhelpers/* exclusion to */charmhelpers/*, which more reliably
excludes the charmhelpers code from coverage tracking.  While this
presently does nothing differently for this charm, it's probably
better for this code to be in line with the other charms rather than
being different for no obvious reason.

Also excluding the unit_tests directory.

Change-Id: Idcc3bb494eb632b5f971ee6c44bca5284a7839a1