keystone/doc/source/admin/identity-support-matrix.ini
Mike Perez 9575937e56 Replace support matrix ext with common library
The code to generate a support matrix has been pulled into a common
library. Using this instead of duplicating code in various projects that
need it.

Change-Id: Ib15c086ceb84029e96be0fc60bd64f2a7a3e41aa
Co-Authored-By: Stephen Finucane <stephenfin@redhat.com>
2019-04-16 18:09:14 -07:00

131 lines
4.1 KiB
INI

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This file contains a specification of what feature capabilities each driver
# is able to support. Feature capabilities include what API operations are
# supported, what backend behaviors features can be used and what aspects of
# the driver implementation can be configured. The capabilities can be
# considered to be structured into nested groups, but in this file they have
# been flattened for ease of representation. The section names represent the
# group structure. At the top level there are the following groups defined:
#
# - operation: Public API operations.
# - feature: Features of the driver.
#
# When considering which capabilities should be marked as required, consider
# the following guiding principles.
#
# The 'status' field takes possible values:
#
# - required: Unconditionally required to be implemented.
# - optional: Optional to support, but nice to have.
# - choice(group): At least one of the options within the named group
# must be implemented.
# - conditional(cond): Required, if the referenced condition is met.
#
# The value against each 'driver.XXXX' entry refers to the level of the
# implementation of the feature in that driver:
#
# - complete: Fully implemented, expected to work at all times.
# - partial: Implemented, but with caveats about when it will work.
# For example, some configurations or hardware or guest OS may not
# support it.
# - missing: Not implemented at all.
#
# In the case of the driver being marked as 'partial', then
# 'notes' entry should be used to explain the caveats around the
# implementation.
#
# The 'cli' field takes a list of client commands, separated by semicolon.
# These CLi commands are related to that operation.
# Example:
# cli=openstack domain list;openstack domain show <domain>
#
# List of driver implementations for which we are going to track the status of
# features. This list only covers drivers that are in tree. Out of tree
# drivers should maintain their own equivalent document, and merge it with this
# when their code merges into core.
[driver.sql]
title=SQL
[driver.ldap]
title=LDAP
[driver.oauth1]
title=OAuth v1.0a
[driver.external]
title=REMOTE_USER
[driver.oidc]
title=OpenID Connect
[driver.samlv2]
title=SAML v2
[operation.local_authentication]
title=Local authentication
status=optional
notes=Authenticate with keystone by providing credentials directly to keystone.
driver.sql=complete
driver.ldap=complete
driver.oauth1=complete
driver.external=missing
driver.oidc=missing
driver.samlv2=missing
[operation.external_authentication]
title=External authentication
status=optional
notes=Authenticate with keystone by providing credentials to an external system
that keystone trusts (as with federation).
driver.sql=missing
driver.ldap=missing
driver.oauth1=missing
driver.external=complete
driver.oidc=complete
driver.samlv2=complete
[operation.identity_crud]
title=Identity management
status=optional
notes=Create, update, enable/disable, and delete users via Keystone's HTTP API.
driver.sql=complete
driver.ldap=partial
driver.oauth1=complete
driver.external=missing
driver.oidc=missing
driver.samlv2=missing
[operation.pci_controls]
title=PCI-DSS controls
status=optional
notes=Configure keystone to enforce PCI-DSS compliant security controls.
driver.sql=complete
driver.ldap=partial
driver.oauth1=missing
driver.external=partial
driver.oidc=missing
driver.samlv2=missing
[operation.auditing]
title=Auditing
status=optional
notes=Audit authentication flows using PyCADF.
driver.sql=complete
driver.ldap=complete
driver.oauth1=missing
driver.external=missing
driver.oidc=complete
driver.samlv2=complete