Enable application_credential auth plugin
Enables a client to use application credentials for authentication. Change-Id: If6ff4bcabec2f976b79d87d57f4a763e8828c302 Closes-Bug: #1827058
This commit is contained in:
parent
765fb67133
commit
e580d1acf3
|
@ -0,0 +1,131 @@
|
|||
# ocata
|
||||
###############################################################################
|
||||
# [ WARNING ]
|
||||
# Configuration file maintained by Juju. Local changes may be overwritten.
|
||||
###############################################################################
|
||||
[DEFAULT]
|
||||
admin_token = {{ token }}
|
||||
use_syslog = {{ use_syslog }}
|
||||
log_config_append = {{ log_config }}
|
||||
debug = {{ debug }}
|
||||
public_endpoint = {{ public_endpoint }}
|
||||
admin_endpoint = {{ admin_endpoint }}
|
||||
|
||||
[database]
|
||||
{% if database_host -%}
|
||||
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
|
||||
{% else -%}
|
||||
connection = sqlite:////var/lib/keystone/keystone.db
|
||||
{% endif -%}
|
||||
connection_recycle_time = 200
|
||||
|
||||
[identity]
|
||||
driver = {{ identity_backend }}
|
||||
{% if default_domain_id -%}
|
||||
default_domain_id = {{ default_domain_id }}
|
||||
{% endif -%}
|
||||
|
||||
{% if api_version == 3 -%}
|
||||
domain_specific_drivers_enabled = True
|
||||
domain_config_dir = {{ domain_config_dir }}
|
||||
{% endif -%}
|
||||
|
||||
[credential]
|
||||
driver = sql
|
||||
|
||||
[trust]
|
||||
driver = sql
|
||||
|
||||
[os_inherit]
|
||||
|
||||
[catalog]
|
||||
driver = sql
|
||||
|
||||
[endpoint_filter]
|
||||
|
||||
[token]
|
||||
{% if token_provider == 'fernet' -%}
|
||||
provider = fernet
|
||||
{% else -%}
|
||||
driver = sql
|
||||
provider = uuid
|
||||
{% endif -%}
|
||||
expiration = {{ token_expiration }}
|
||||
|
||||
{% if token_provider == 'fernet' -%}
|
||||
[fernet_tokens]
|
||||
max_active_keys = {{ fernet_max_active_keys }}
|
||||
{% endif -%}
|
||||
|
||||
{% include "parts/section-signing" %}
|
||||
|
||||
{% include "section-oslo-cache" %}
|
||||
|
||||
[policy]
|
||||
driver = sql
|
||||
|
||||
[assignment]
|
||||
driver = {{ assignment_backend }}
|
||||
|
||||
[oauth1]
|
||||
|
||||
{% if middlewares -%}
|
||||
{% include "parts/section-middleware" %}
|
||||
{% else %}
|
||||
[auth]
|
||||
methods = external,password,token,oauth1,mapped,openid,totp,application_credential
|
||||
password = keystone.auth.plugins.password.Password
|
||||
token = keystone.auth.plugins.token.Token
|
||||
oauth1 = keystone.auth.plugins.oauth1.OAuth
|
||||
{% endif %}
|
||||
|
||||
[paste_deploy]
|
||||
config_file = {{ paste_config_file }}
|
||||
|
||||
[extra_headers]
|
||||
Distribution = Ubuntu
|
||||
|
||||
[ldap]
|
||||
{% if identity_backend == 'ldap' -%}
|
||||
url = {{ ldap_server }}
|
||||
user = {{ ldap_user }}
|
||||
password = {{ ldap_password }}
|
||||
suffix = {{ ldap_suffix }}
|
||||
|
||||
{% if ldap_config_flags -%}
|
||||
{% for key, value in ldap_config_flags.items() -%}
|
||||
{{ key }} = {{ value }}
|
||||
{% endfor -%}
|
||||
{% endif -%}
|
||||
|
||||
{% if ldap_readonly -%}
|
||||
user_allow_create = False
|
||||
user_allow_update = False
|
||||
user_allow_delete = False
|
||||
|
||||
tenant_allow_create = False
|
||||
tenant_allow_update = False
|
||||
tenant_allow_delete = False
|
||||
|
||||
role_allow_create = False
|
||||
role_allow_update = False
|
||||
role_allow_delete = False
|
||||
|
||||
group_allow_create = False
|
||||
group_allow_update = False
|
||||
group_allow_delete = False
|
||||
{% endif -%}
|
||||
{% endif -%}
|
||||
|
||||
{% if api_version == 3 -%}
|
||||
[resource]
|
||||
admin_project_domain_name = {{ admin_domain_name }}
|
||||
admin_project_name = admin
|
||||
{% endif -%}
|
||||
|
||||
{% include "parts/section-federation" %}
|
||||
|
||||
{% include "section-oslo-middleware" %}
|
||||
# This goes in the section above, selectively
|
||||
# Bug #1819134
|
||||
max_request_body_size = 114688
|
|
@ -58,7 +58,7 @@ driver = sql
|
|||
driver = {{ assignment_backend }}
|
||||
|
||||
[auth]
|
||||
methods = external,password,token,oauth1,mapped,openid,totp
|
||||
methods = external,password,token,oauth1,mapped,openid,totp,application_credential
|
||||
|
||||
[paste_deploy]
|
||||
config_file = {{ paste_config_file }}
|
||||
|
|
Loading…
Reference in New Issue