keystone/setup.cfg
Colleen Murphy 29280b1f68 Add application credential auth plugin
Add an auth plugin for application credentials and update the common
auth utilities to understand an auth method of 'application_credential'
and validate and scope accordingly.

By default, application credentials should not be allowed to be used for
creating other application credentials or trusts. If a user creates an
application credential with flag `allow_application_credential_creation`
then that application should be allowed to be used for creating and
deleting other application credentials and trusts. Ensure a flag is set
in the token if this property is set to allow this behavior.

bp application-credentials

Change-Id: I15a03e79128a11314d06751b94343f22d533243a
2018-01-27 12:00:19 +01:00

222 lines
6.3 KiB
INI

[metadata]
name = keystone
summary = OpenStack Identity
description-file =
README.rst
author = OpenStack
author-email = openstack-dev@lists.openstack.org
home-page = https://docs.openstack.org/keystone/latest
classifier =
Environment :: OpenStack
Intended Audience :: Information Technology
Intended Audience :: System Administrators
License :: OSI Approved :: Apache Software License
Operating System :: POSIX :: Linux
Programming Language :: Python
Programming Language :: Python :: 2
Programming Language :: Python :: 2.7
Programming Language :: Python :: 3
Programming Language :: Python :: 3.5
[files]
data_files =
etc/keystone =
etc/keystone-paste.ini
etc/sso_callback_template.html
packages =
keystone
[extras]
ldap =
pyldap>=2.4.20 # PSF
ldappool>=2.0.0 # MPL
memcache =
python-memcached>=1.56 # PSF
mongodb =
pymongo!=3.1,>=3.0.2 # Apache-2.0
bandit =
bandit>=1.1.0 # Apache-2.0
[global]
setup-hooks =
pbr.hooks.setup_hook
[egg_info]
tag_build =
tag_date = 0
tag_svn_revision = 0
[build_sphinx]
builder = html,man
all_files = 1
build-dir = doc/build
source-dir = doc/source
warning-is-error = 1
[compile_catalog]
directory = keystone/locale
domain = keystone keystone-log-critical keystone-log-error keystone-log-info keystone-log-warning
[update_catalog]
domain = keystone
output_dir = keystone/locale
input_file = keystone/locale/keystone.pot
[extract_messages]
keywords = _ gettext ngettext l_ lazy_gettext
mapping_file = babel.cfg
output_file = keystone/locale/keystone.pot
copyright_holder = OpenStack Foundation
msgid_bugs_address = https://bugs.launchpad.net/keystone
[pbr]
autodoc_tree_index_modules = True
[entry_points]
console_scripts =
keystone-manage = keystone.cmd.manage:main
wsgi_scripts =
keystone-wsgi-admin = keystone.server.wsgi:initialize_admin_application
keystone-wsgi-public = keystone.server.wsgi:initialize_public_application
keystone.assignment =
sql = keystone.assignment.backends.sql:Assignment
keystone.auth.application_credential =
default = keystone.auth.plugins.application_credential:ApplicationCredential
keystone.auth.external =
default = keystone.auth.plugins.external:DefaultDomain
DefaultDomain = keystone.auth.plugins.external:DefaultDomain
Domain = keystone.auth.plugins.external:Domain
keystone.auth.kerberos =
default = keystone.auth.plugins.external:KerberosDomain
keystone.auth.oauth1 =
default = keystone.auth.plugins.oauth1:OAuth
keystone.auth.openid =
default = keystone.auth.plugins.mapped:Mapped
keystone.auth.password =
default = keystone.auth.plugins.password:Password
keystone.auth.saml2 =
default = keystone.auth.plugins.mapped:Mapped
keystone.auth.token =
default = keystone.auth.plugins.token:Token
keystone.auth.totp =
default = keystone.auth.plugins.totp:TOTP
keystone.auth.x509 =
default = keystone.auth.plugins.mapped:Mapped
keystone.auth.mapped =
default = keystone.auth.plugins.mapped:Mapped
keystone.catalog =
sql = keystone.catalog.backends.sql:Catalog
templated = keystone.catalog.backends.templated:Catalog
keystone.credential =
sql = keystone.credential.backends.sql:Credential
keystone.credential.provider =
fernet = keystone.credential.providers.fernet:Provider
keystone.identity =
ldap = keystone.identity.backends.ldap:Identity
sql = keystone.identity.backends.sql:Identity
keystone.identity.id_generator =
sha256 = keystone.identity.id_generators.sha256:Generator
keystone.identity.id_mapping =
sql = keystone.identity.mapping_backends.sql:Mapping
keystone.identity.shadow_users =
sql = keystone.identity.shadow_backends.sql:ShadowUsers
keystone.policy =
rules = keystone.policy.backends.rules:Policy
sql = keystone.policy.backends.sql:Policy
keystone.resource.domain_config =
sql = keystone.resource.config_backends.sql:DomainConfig
keystone.role =
sql = keystone.assignment.role_backends.sql:Role
keystone.token.persistence =
sql = keystone.token.persistence.backends.sql:Token
keystone.token.provider =
fernet = keystone.token.providers.fernet:Provider
uuid = keystone.token.providers.uuid:Provider
keystone.trust =
sql = keystone.trust.backends.sql:Trust
keystone.unified_limit =
sql = keystone.limit.backends.sql:UnifiedLimit
keystone.endpoint_filter =
sql = keystone.catalog.backends.sql:Catalog
keystone.endpoint_policy =
sql = keystone.endpoint_policy.backends.sql:EndpointPolicy
keystone.federation =
sql = keystone.federation.backends.sql:Federation
keystone.oauth1 =
sql = keystone.oauth1.backends.sql:OAuth1
keystone.revoke =
sql = keystone.revoke.backends.sql:Revoke
keystone.application_credential =
sql = keystone.application_credential.backends.sql:ApplicationCredential
oslo.config.opts =
keystone = keystone.conf.opts:list_opts
oslo.config.opts.defaults =
keystone = keystone.conf:set_external_opts_defaults
oslo.policy.policies =
# With the move of default policy in code list_rules returns a list of
# the default defined polices.
keystone = keystone.common.policies:list_rules
oslo.policy.enforcer =
keystone = keystone.common.policy:get_enforcer
paste.filter_factory =
healthcheck = oslo_middleware:Healthcheck.factory
cors = oslo_middleware:CORS.factory
sizelimit = oslo_middleware:RequestBodySizeLimiter.factory
http_proxy_to_wsgi = oslo_middleware:HTTPProxyToWSGI.factory
osprofiler = osprofiler.web:WsgiMiddleware.factory
url_normalize = keystone.middleware:NormalizingFilter.factory
request_id = oslo_middleware:RequestId.factory
build_auth_context = keystone.middleware:AuthContextMiddleware.factory
token_auth = keystone.middleware:TokenAuthMiddleware.factory
json_body = keystone.middleware:JsonBodyMiddleware.factory
debug = oslo_middleware:Debug.factory
ec2_extension = keystone.contrib.ec2:Ec2Extension.factory
ec2_extension_v3 = keystone.contrib.ec2:Ec2ExtensionV3.factory
s3_extension = keystone.contrib.s3:S3Extension.factory
paste.app_factory =
admin_service = keystone.version.service:admin_app_factory
admin_version_service = keystone.version.service:admin_version_app_factory
public_service = keystone.version.service:public_app_factory
public_version_service = keystone.version.service:public_version_app_factory
service_v3 = keystone.version.service:v3_app_factory