129 lines
3.8 KiB
Python
129 lines
3.8 KiB
Python
# Copyright (C) 2019 Catalyst Cloud Ltd
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from confspirator import groups
|
|
from confspirator import fields
|
|
from confspirator import types
|
|
|
|
|
|
config_group = groups.ConfigGroup("identity")
|
|
|
|
config_group.register_child_config(
|
|
fields.IntConfig(
|
|
"token_cache_time",
|
|
help_text="Cache time for Keystone Tokens in the Keystone Middleware.",
|
|
default=-1,
|
|
required=True,
|
|
required_for_tests=False,
|
|
)
|
|
)
|
|
config_group.register_child_config(
|
|
fields.BoolConfig(
|
|
"can_edit_users",
|
|
help_text="Is Adjutant allowed (or able) to edit users in Keystone.",
|
|
default=True,
|
|
)
|
|
)
|
|
config_group.register_child_config(
|
|
fields.BoolConfig(
|
|
"username_is_email",
|
|
help_text="Should Adjutant assume and treat all usernames as emails.",
|
|
default=True,
|
|
)
|
|
)
|
|
config_group.register_child_config(
|
|
fields.DictConfig(
|
|
"role_mapping",
|
|
help_text="A mapping from held role to roles it is allowed to manage.",
|
|
value_type=types.List(),
|
|
check_value_type=True,
|
|
is_json=True,
|
|
default={
|
|
"admin": ["project_admin", "project_mod", "heat_stack_owner", "member",],
|
|
"project_admin": [
|
|
"project_admin",
|
|
"project_mod",
|
|
"heat_stack_owner",
|
|
"member",
|
|
],
|
|
"project_mod": ["project_mod", "heat_stack_owner", "member",],
|
|
},
|
|
test_default={
|
|
"admin": ["project_admin", "project_mod", "member", "heat_stack_owner"],
|
|
"project_admin": [
|
|
"project_mod",
|
|
"member",
|
|
"heat_stack_owner",
|
|
"project_admin",
|
|
],
|
|
"project_mod": ["member", "heat_stack_owner", "project_mod"],
|
|
},
|
|
)
|
|
)
|
|
|
|
_auth_group = groups.ConfigGroup("auth")
|
|
_auth_group.register_child_config(
|
|
fields.StrConfig(
|
|
"username",
|
|
help_text="Username for Adjutant Keystone admin user.",
|
|
required=True,
|
|
required_for_tests=False,
|
|
)
|
|
)
|
|
_auth_group.register_child_config(
|
|
fields.StrConfig(
|
|
"password",
|
|
help_text="Password for Adjutant Keystone admin user.",
|
|
required=True,
|
|
secret=True,
|
|
required_for_tests=False,
|
|
)
|
|
)
|
|
_auth_group.register_child_config(
|
|
fields.StrConfig(
|
|
"project_name",
|
|
help_text="Project name for Adjutant Keystone admin user.",
|
|
required=True,
|
|
required_for_tests=False,
|
|
)
|
|
)
|
|
_auth_group.register_child_config(
|
|
fields.StrConfig(
|
|
"project_domain_id",
|
|
help_text="Project domain id for Adjutant Keystone admin user.",
|
|
default="default",
|
|
required=True,
|
|
required_for_tests=False,
|
|
)
|
|
)
|
|
_auth_group.register_child_config(
|
|
fields.StrConfig(
|
|
"user_domain_id",
|
|
help_text="User domain id for Adjutant Keystone admin user.",
|
|
default="default",
|
|
required=True,
|
|
required_for_tests=False,
|
|
)
|
|
)
|
|
_auth_group.register_child_config(
|
|
fields.URIConfig(
|
|
"auth_url",
|
|
help_text="Keystone auth url that Adjutant will use.",
|
|
schemes=["https", "http"],
|
|
required=True,
|
|
required_for_tests=False,
|
|
)
|
|
)
|
|
config_group.register_child_config(_auth_group)
|