# Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # This file contains a specification of what feature capabilities each driver # is able to support. Feature capabilities include what API operations are # supported, what backend behaviors features can be used and what aspects of # the driver implementation can be configured. The capabilities can be # considered to be structured into nested groups, but in this file they have # been flattened for ease of representation. The section names represent the # group structure. At the top level there are the following groups defined: # # - operation: Public API operations. # - feature: Features of the driver. # # When considering which capabilities should be marked as mandatory, consider # the following guiding principles. # # The 'status' field takes possible values: # # - mandatory: Unconditionally required to be implemented. # - optional: Optional to support, but nice to have. # - choice(group): At least one of the options within the named group # must be implemented. # - conditional(cond): Required, if the referenced condition is met. # # The value against each 'impl-XXXX' entry refers to the level of the # implementation of the feature in that driver: # # - complete: Fully implemented, expected to work at all times. # - partial: Implemented, but with caveats about when it will work. # For example, some configurations or hardware or guest OS may not # support it. # - missing: Not implemented at all. # # In the case of the driver being marked as 'partial', then # 'notes-XXX' entry should be used to explain the caveats around the # implementation. # # The 'cli' field takes a list of client commands, separated by semicolon. # These CLi commands are related to that feature. # Example: # cli=openstack domain list;openstack domain show # [targets] # List of driver implementations for which we are going to track the status of # features. This list only covers drivers that are in tree. Out of tree # drivers should maintain their own equivalent document, and merge it with this # when their code merges into core. driver-impl-sql=SQL driver-impl-ldap=LDAP driver-impl-oauth1=OAuth v1.0a driver-impl-external=REMOTE_USER driver-impl-oidc=OpenID Connect driver-impl-samlv2=SAML v2 [feature.local_authentication] title=Local authentication status=optional notes=Authenticate with keystone by providing credentials directly to keystone. driver-impl-sql=complete driver-impl-ldap=complete driver-impl-oauth1=complete driver-impl-external=missing driver-impl-oidc=missing driver-impl-samlv2=missing [feature.external_authentication] title=External authentication status=optional notes=Authenticate with keystone by providing credentials to an external system that keystone trusts (as with federation). driver-impl-sql=missing driver-impl-ldap=missing driver-impl-oauth1=missing driver-impl-external=complete driver-impl-oidc=complete driver-impl-samlv2=complete [feature.identity_crud] title=Identity management status=optional notes=Create, update, enable/disable, and delete users via Keystone's HTTP API. driver-impl-sql=complete driver-impl-ldap=partial driver-impl-oauth1=complete driver-impl-external=missing driver-impl-oidc=missing driver-impl-samlv2=missing [feature.pci_controls] title=PCI-DSS controls status=optional notes=Configure keystone to enforce PCI-DSS compliant security controls. driver-impl-sql=complete driver-impl-ldap=partial driver-impl-oauth1=missing driver-impl-external=partial driver-impl-oidc=missing driver-impl-samlv2=missing [feature.auditing] title=Auditing status=optional notes=Audit authentication flows using PyCADF. driver-impl-sql=complete driver-impl-ldap=complete driver-impl-oauth1=missing driver-impl-external=missing driver-impl-oidc=complete driver-impl-samlv2=complete