keystone/doc/source/admin/token-support-matrix.ini
Mike Perez 9575937e56 Replace support matrix ext with common library
The code to generate a support matrix has been pulled into a common
library. Using this instead of duplicating code in various projects that
need it.

Change-Id: Ib15c086ceb84029e96be0fc60bd64f2a7a3e41aa
Co-Authored-By: Stephen Finucane <stephenfin@redhat.com>
2019-04-16 18:09:14 -07:00

121 lines
4.1 KiB
INI

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# For information about the format of this file, refer to the documentation
# for sphinx-feature-classification:
#
# https://docs.openstack.org/sphinx-feature-classification/latest/
[driver.fernet]
title=Fernet tokens
[driver.jws]
title=JWS tokens
[operation.create_unscoped_token]
title=Create unscoped token
status=mandatory
notes=All token providers must be capable of issuing tokens without an explicit
scope of authorization.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
--os-password=<password> token issue
driver.fernet=complete
driver.jws=complete
[operation.create_system_token]
title=Create system-scoped token
status=mandatory
notes=All token providers must be capable of issuing system-scoped tokens.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
--os-system-scope all token issue
driver.fernet=complete
driver.jws=complete
[operation.create_project_scoped_token]
title=Create project-scoped token
status=mandatory
notes=All token providers must be capable of issuing project-scoped tokens.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
--os-password=<password> --os-project-name=<project>
--os-project-domain-name=<domain> token issue
driver.fernet=complete
driver.jws=complete
[operation.create_domain_scoped_token]
title=Create domain-scoped token
status=optional
notes=Domain-scoped tokens are not required for all use cases, and for some use
cases, projects can be used instead.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
--os-password=<password> --os-domain-name=<domain> token issue
driver.fernet=complete
driver.jws=complete
[operation.create_trust_scoped_token]
title=Create trust-scoped token
status=optional
notes=Tokens scoped to a trust convey only the user impersonation and
project-based authorization attributes included in the delegation.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
--os-password=<password> --os-trust-id=<trust> token issue
driver.fernet=complete
driver.jws=complete
[operation.create_token_using_oauth]
title=Create a token given an OAuth access token
status=optional
notes=OAuth access tokens can be exchanged for keystone tokens.
cli=
driver.fernet=complete
driver.jws=complete
[operation.revoke_token]
title=Revoke a token
status=optional
notes=Tokens may be individually revoked, such as when a user logs out of
Horizon. Under certain circumstances, it's acceptable for more than just a
single token may be revoked as a result of this operation (such as when the
revoked token was previously used to create additional tokens).
cli=openstack token revoke
driver.fernet=complete
driver.jws=complete
[feature.online_validation]
title=Online validation
status=mandatory
notes=Keystone must be able to validate the tokens that it issues when
presented with a token that it previously issued.
cli=
driver.fernet=complete
driver.jws=complete
[feature.offline_validation]
title=Offline validation
status=optional
notes=Services using Keystone for authentication may want to validate tokens
themselves, rather than calling back to keystone, in order to improve
performance and scalability.
cli=
driver.fernet=missing
driver.jws=missing
[feature.non_persistent]
title=Non-persistent
status=optional
notes=If a token format does not require persistence (such as to a SQL
backend), then there is no scalability limit to the number of tokens that
keystone can issue at once, and there is no need to perform clean up
operations such as `keystone-manage token_flush`.
cli=
driver.fernet=complete
driver.jws=complete