|
|
|
|
@ -19,28 +19,34 @@ enabled = cfg.BoolOpt(
|
|
|
|
|
'enabled', |
|
|
|
|
default=True, |
|
|
|
|
help=utils.fmt(""" |
|
|
|
|
Delegation and impersonation features can be optionally disabled. |
|
|
|
|
Delegation and impersonation features using trusts can be optionally disabled. |
|
|
|
|
""")) |
|
|
|
|
|
|
|
|
|
allow_redelegation = cfg.BoolOpt( |
|
|
|
|
'allow_redelegation', |
|
|
|
|
default=False, |
|
|
|
|
help=utils.fmt(""" |
|
|
|
|
Enable redelegation feature. |
|
|
|
|
Allows authorization to be redelegated from one user to another, effectively |
|
|
|
|
chaining trusts together. When disabled, the `remaining_uses` attribute of a |
|
|
|
|
trust is constrained to be zero. |
|
|
|
|
""")) |
|
|
|
|
|
|
|
|
|
max_redelegation_count = cfg.IntOpt( |
|
|
|
|
'max_redelegation_count', |
|
|
|
|
default=3, |
|
|
|
|
help=utils.fmt(""" |
|
|
|
|
Maximum depth of trust redelegation. |
|
|
|
|
Maximum number of times that authorization can be redelegated from one user to |
|
|
|
|
another in a chain of trusts. This number may be reduced further for a specific |
|
|
|
|
trust. |
|
|
|
|
""")) |
|
|
|
|
|
|
|
|
|
driver = cfg.StrOpt( |
|
|
|
|
'driver', |
|
|
|
|
default='sql', |
|
|
|
|
help=utils.fmt(""" |
|
|
|
|
Entrypoint for the trust backend driver in the keystone.trust namespace. |
|
|
|
|
Entry point for the trust backend driver in the `keystone.trust` namespace. |
|
|
|
|
Keystone only provides a `sql` driver, so there is no reason to change this |
|
|
|
|
unless you are providing a custom entry point. |
|
|
|
|
""")) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Jenkins
6 years ago
committed by
Gerrit Code Review