29280b1f68
Add an auth plugin for application credentials and update the common auth utilities to understand an auth method of 'application_credential' and validate and scope accordingly. By default, application credentials should not be allowed to be used for creating other application credentials or trusts. If a user creates an application credential with flag `allow_application_credential_creation` then that application should be allowed to be used for creating and deleting other application credentials and trusts. Ensure a flag is set in the token if this property is set to allow this behavior. bp application-credentials Change-Id: I15a03e79128a11314d06751b94343f22d533243a
222 lines
6.3 KiB
INI
222 lines
6.3 KiB
INI
[metadata]
|
|
name = keystone
|
|
summary = OpenStack Identity
|
|
description-file =
|
|
README.rst
|
|
author = OpenStack
|
|
author-email = openstack-dev@lists.openstack.org
|
|
home-page = https://docs.openstack.org/keystone/latest
|
|
classifier =
|
|
Environment :: OpenStack
|
|
Intended Audience :: Information Technology
|
|
Intended Audience :: System Administrators
|
|
License :: OSI Approved :: Apache Software License
|
|
Operating System :: POSIX :: Linux
|
|
Programming Language :: Python
|
|
Programming Language :: Python :: 2
|
|
Programming Language :: Python :: 2.7
|
|
Programming Language :: Python :: 3
|
|
Programming Language :: Python :: 3.5
|
|
|
|
[files]
|
|
data_files =
|
|
etc/keystone =
|
|
etc/keystone-paste.ini
|
|
etc/sso_callback_template.html
|
|
packages =
|
|
keystone
|
|
|
|
[extras]
|
|
ldap =
|
|
pyldap>=2.4.20 # PSF
|
|
ldappool>=2.0.0 # MPL
|
|
memcache =
|
|
python-memcached>=1.56 # PSF
|
|
mongodb =
|
|
pymongo!=3.1,>=3.0.2 # Apache-2.0
|
|
bandit =
|
|
bandit>=1.1.0 # Apache-2.0
|
|
|
|
[global]
|
|
setup-hooks =
|
|
pbr.hooks.setup_hook
|
|
|
|
|
|
[egg_info]
|
|
tag_build =
|
|
tag_date = 0
|
|
tag_svn_revision = 0
|
|
|
|
[build_sphinx]
|
|
builder = html,man
|
|
all_files = 1
|
|
build-dir = doc/build
|
|
source-dir = doc/source
|
|
warning-is-error = 1
|
|
|
|
[compile_catalog]
|
|
directory = keystone/locale
|
|
domain = keystone keystone-log-critical keystone-log-error keystone-log-info keystone-log-warning
|
|
|
|
[update_catalog]
|
|
domain = keystone
|
|
output_dir = keystone/locale
|
|
input_file = keystone/locale/keystone.pot
|
|
|
|
[extract_messages]
|
|
keywords = _ gettext ngettext l_ lazy_gettext
|
|
mapping_file = babel.cfg
|
|
output_file = keystone/locale/keystone.pot
|
|
copyright_holder = OpenStack Foundation
|
|
msgid_bugs_address = https://bugs.launchpad.net/keystone
|
|
|
|
[pbr]
|
|
autodoc_tree_index_modules = True
|
|
|
|
[entry_points]
|
|
console_scripts =
|
|
keystone-manage = keystone.cmd.manage:main
|
|
|
|
wsgi_scripts =
|
|
keystone-wsgi-admin = keystone.server.wsgi:initialize_admin_application
|
|
keystone-wsgi-public = keystone.server.wsgi:initialize_public_application
|
|
|
|
keystone.assignment =
|
|
sql = keystone.assignment.backends.sql:Assignment
|
|
|
|
keystone.auth.application_credential =
|
|
default = keystone.auth.plugins.application_credential:ApplicationCredential
|
|
|
|
keystone.auth.external =
|
|
default = keystone.auth.plugins.external:DefaultDomain
|
|
DefaultDomain = keystone.auth.plugins.external:DefaultDomain
|
|
Domain = keystone.auth.plugins.external:Domain
|
|
|
|
keystone.auth.kerberos =
|
|
default = keystone.auth.plugins.external:KerberosDomain
|
|
|
|
keystone.auth.oauth1 =
|
|
default = keystone.auth.plugins.oauth1:OAuth
|
|
|
|
keystone.auth.openid =
|
|
default = keystone.auth.plugins.mapped:Mapped
|
|
|
|
keystone.auth.password =
|
|
default = keystone.auth.plugins.password:Password
|
|
|
|
keystone.auth.saml2 =
|
|
default = keystone.auth.plugins.mapped:Mapped
|
|
|
|
keystone.auth.token =
|
|
default = keystone.auth.plugins.token:Token
|
|
|
|
keystone.auth.totp =
|
|
default = keystone.auth.plugins.totp:TOTP
|
|
|
|
keystone.auth.x509 =
|
|
default = keystone.auth.plugins.mapped:Mapped
|
|
|
|
keystone.auth.mapped =
|
|
default = keystone.auth.plugins.mapped:Mapped
|
|
|
|
keystone.catalog =
|
|
sql = keystone.catalog.backends.sql:Catalog
|
|
templated = keystone.catalog.backends.templated:Catalog
|
|
|
|
keystone.credential =
|
|
sql = keystone.credential.backends.sql:Credential
|
|
|
|
keystone.credential.provider =
|
|
fernet = keystone.credential.providers.fernet:Provider
|
|
|
|
keystone.identity =
|
|
ldap = keystone.identity.backends.ldap:Identity
|
|
sql = keystone.identity.backends.sql:Identity
|
|
|
|
keystone.identity.id_generator =
|
|
sha256 = keystone.identity.id_generators.sha256:Generator
|
|
|
|
keystone.identity.id_mapping =
|
|
sql = keystone.identity.mapping_backends.sql:Mapping
|
|
|
|
keystone.identity.shadow_users =
|
|
sql = keystone.identity.shadow_backends.sql:ShadowUsers
|
|
|
|
keystone.policy =
|
|
rules = keystone.policy.backends.rules:Policy
|
|
sql = keystone.policy.backends.sql:Policy
|
|
|
|
keystone.resource.domain_config =
|
|
sql = keystone.resource.config_backends.sql:DomainConfig
|
|
|
|
keystone.role =
|
|
sql = keystone.assignment.role_backends.sql:Role
|
|
|
|
keystone.token.persistence =
|
|
sql = keystone.token.persistence.backends.sql:Token
|
|
|
|
keystone.token.provider =
|
|
fernet = keystone.token.providers.fernet:Provider
|
|
uuid = keystone.token.providers.uuid:Provider
|
|
|
|
keystone.trust =
|
|
sql = keystone.trust.backends.sql:Trust
|
|
|
|
keystone.unified_limit =
|
|
sql = keystone.limit.backends.sql:UnifiedLimit
|
|
|
|
keystone.endpoint_filter =
|
|
sql = keystone.catalog.backends.sql:Catalog
|
|
|
|
keystone.endpoint_policy =
|
|
sql = keystone.endpoint_policy.backends.sql:EndpointPolicy
|
|
|
|
keystone.federation =
|
|
sql = keystone.federation.backends.sql:Federation
|
|
|
|
keystone.oauth1 =
|
|
sql = keystone.oauth1.backends.sql:OAuth1
|
|
|
|
keystone.revoke =
|
|
sql = keystone.revoke.backends.sql:Revoke
|
|
|
|
keystone.application_credential =
|
|
sql = keystone.application_credential.backends.sql:ApplicationCredential
|
|
|
|
oslo.config.opts =
|
|
keystone = keystone.conf.opts:list_opts
|
|
|
|
oslo.config.opts.defaults =
|
|
keystone = keystone.conf:set_external_opts_defaults
|
|
|
|
oslo.policy.policies =
|
|
# With the move of default policy in code list_rules returns a list of
|
|
# the default defined polices.
|
|
keystone = keystone.common.policies:list_rules
|
|
|
|
oslo.policy.enforcer =
|
|
keystone = keystone.common.policy:get_enforcer
|
|
|
|
paste.filter_factory =
|
|
healthcheck = oslo_middleware:Healthcheck.factory
|
|
cors = oslo_middleware:CORS.factory
|
|
sizelimit = oslo_middleware:RequestBodySizeLimiter.factory
|
|
http_proxy_to_wsgi = oslo_middleware:HTTPProxyToWSGI.factory
|
|
osprofiler = osprofiler.web:WsgiMiddleware.factory
|
|
url_normalize = keystone.middleware:NormalizingFilter.factory
|
|
request_id = oslo_middleware:RequestId.factory
|
|
build_auth_context = keystone.middleware:AuthContextMiddleware.factory
|
|
token_auth = keystone.middleware:TokenAuthMiddleware.factory
|
|
json_body = keystone.middleware:JsonBodyMiddleware.factory
|
|
debug = oslo_middleware:Debug.factory
|
|
ec2_extension = keystone.contrib.ec2:Ec2Extension.factory
|
|
ec2_extension_v3 = keystone.contrib.ec2:Ec2ExtensionV3.factory
|
|
s3_extension = keystone.contrib.s3:S3Extension.factory
|
|
|
|
paste.app_factory =
|
|
admin_service = keystone.version.service:admin_app_factory
|
|
admin_version_service = keystone.version.service:admin_version_app_factory
|
|
public_service = keystone.version.service:public_app_factory
|
|
public_version_service = keystone.version.service:public_version_app_factory
|
|
service_v3 = keystone.version.service:v3_app_factory
|