d52e1b4b4b
The direct import of the auth plugin
'keystone.auth.plugins.oauth1.OAuth' is deprecated since
Liberty.
The entrypoint should only be defined in case there is a
need to override the default implementation with a custom
class.
A closer inspection to the code confirms that:
70c9dd8256/keystone/conf/auth.py (L63)
Closes-Bug: #1837109
Change-Id: Icbad28cdefbccb6e6499ad4e19ad0d6bfaeff677
130 lines
2.9 KiB
Plaintext
130 lines
2.9 KiB
Plaintext
# ocata
|
|
###############################################################################
|
|
# [ WARNING ]
|
|
# Configuration file maintained by Juju. Local changes may be overwritten.
|
|
###############################################################################
|
|
[DEFAULT]
|
|
admin_token = {{ token }}
|
|
use_syslog = {{ use_syslog }}
|
|
log_config_append = {{ log_config }}
|
|
debug = {{ debug }}
|
|
public_endpoint = {{ public_endpoint }}
|
|
admin_endpoint = {{ admin_endpoint }}
|
|
|
|
[database]
|
|
{% if database_host -%}
|
|
connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
|
|
{% else -%}
|
|
connection = sqlite:////var/lib/keystone/keystone.db
|
|
{% endif -%}
|
|
connection_recycle_time = 200
|
|
|
|
[identity]
|
|
driver = {{ identity_backend }}
|
|
{% if default_domain_id -%}
|
|
default_domain_id = {{ default_domain_id }}
|
|
{% endif -%}
|
|
|
|
{% if api_version == 3 -%}
|
|
domain_specific_drivers_enabled = True
|
|
domain_config_dir = {{ domain_config_dir }}
|
|
{% endif -%}
|
|
|
|
[credential]
|
|
driver = sql
|
|
|
|
[trust]
|
|
driver = sql
|
|
|
|
[os_inherit]
|
|
|
|
[catalog]
|
|
driver = sql
|
|
|
|
[endpoint_filter]
|
|
|
|
[token]
|
|
{% if token_provider == 'fernet' -%}
|
|
provider = fernet
|
|
{% else -%}
|
|
driver = sql
|
|
provider = uuid
|
|
{% endif -%}
|
|
expiration = {{ token_expiration }}
|
|
|
|
{% if token_provider == 'fernet' -%}
|
|
[fernet_tokens]
|
|
max_active_keys = {{ fernet_max_active_keys }}
|
|
{% endif -%}
|
|
|
|
{% include "parts/section-signing" %}
|
|
|
|
{% include "section-oslo-cache" %}
|
|
|
|
[policy]
|
|
driver = sql
|
|
|
|
[assignment]
|
|
driver = {{ assignment_backend }}
|
|
|
|
[oauth1]
|
|
|
|
{% if middlewares -%}
|
|
{% include "parts/section-middleware" %}
|
|
{% else %}
|
|
[auth]
|
|
methods = external,password,token,oauth1,mapped,openid,totp
|
|
password = keystone.auth.plugins.password.Password
|
|
{% endif %}
|
|
|
|
[paste_deploy]
|
|
config_file = {{ paste_config_file }}
|
|
|
|
[extra_headers]
|
|
Distribution = Ubuntu
|
|
|
|
[ldap]
|
|
{% if identity_backend == 'ldap' -%}
|
|
url = {{ ldap_server }}
|
|
user = {{ ldap_user }}
|
|
password = {{ ldap_password }}
|
|
suffix = {{ ldap_suffix }}
|
|
|
|
{% if ldap_config_flags -%}
|
|
{% for key, value in ldap_config_flags.items() -%}
|
|
{{ key }} = {{ value }}
|
|
{% endfor -%}
|
|
{% endif -%}
|
|
|
|
{% if ldap_readonly -%}
|
|
user_allow_create = False
|
|
user_allow_update = False
|
|
user_allow_delete = False
|
|
|
|
tenant_allow_create = False
|
|
tenant_allow_update = False
|
|
tenant_allow_delete = False
|
|
|
|
role_allow_create = False
|
|
role_allow_update = False
|
|
role_allow_delete = False
|
|
|
|
group_allow_create = False
|
|
group_allow_update = False
|
|
group_allow_delete = False
|
|
{% endif -%}
|
|
{% endif -%}
|
|
|
|
{% if api_version == 3 -%}
|
|
[resource]
|
|
admin_project_domain_name = {{ admin_domain_name }}
|
|
admin_project_name = admin
|
|
{% endif -%}
|
|
|
|
{% include "parts/section-federation" %}
|
|
|
|
{% include "section-oslo-middleware" %}
|
|
# This goes in the section above, selectively
|
|
# Bug #1819134
|
|
max_request_body_size = 114688
|