131 lines
4.1 KiB
INI
131 lines
4.1 KiB
INI
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# This file contains a specification of what feature capabilities each driver
|
|
# is able to support. Feature capabilities include what API operations are
|
|
# supported, what backend behaviors features can be used and what aspects of
|
|
# the driver implementation can be configured. The capabilities can be
|
|
# considered to be structured into nested groups, but in this file they have
|
|
# been flattened for ease of representation. The section names represent the
|
|
# group structure. At the top level there are the following groups defined:
|
|
#
|
|
# - operation: Public API operations.
|
|
# - feature: Features of the driver.
|
|
#
|
|
# When considering which capabilities should be marked as required, consider
|
|
# the following guiding principles.
|
|
#
|
|
# The 'status' field takes possible values:
|
|
#
|
|
# - required: Unconditionally required to be implemented.
|
|
# - optional: Optional to support, but nice to have.
|
|
# - choice(group): At least one of the options within the named group
|
|
# must be implemented.
|
|
# - conditional(cond): Required, if the referenced condition is met.
|
|
#
|
|
# The value against each 'driver.XXXX' entry refers to the level of the
|
|
# implementation of the feature in that driver:
|
|
#
|
|
# - complete: Fully implemented, expected to work at all times.
|
|
# - partial: Implemented, but with caveats about when it will work.
|
|
# For example, some configurations or hardware or guest OS may not
|
|
# support it.
|
|
# - missing: Not implemented at all.
|
|
#
|
|
# In the case of the driver being marked as 'partial', then
|
|
# 'notes' entry should be used to explain the caveats around the
|
|
# implementation.
|
|
#
|
|
# The 'cli' field takes a list of client commands, separated by semicolon.
|
|
# These CLi commands are related to that operation.
|
|
# Example:
|
|
# cli=openstack domain list;openstack domain show <domain>
|
|
#
|
|
# List of driver implementations for which we are going to track the status of
|
|
# features. This list only covers drivers that are in tree. Out of tree
|
|
# drivers should maintain their own equivalent document, and merge it with this
|
|
# when their code merges into core.
|
|
|
|
[driver.sql]
|
|
title=SQL
|
|
|
|
[driver.ldap]
|
|
title=LDAP
|
|
|
|
[driver.oauth1]
|
|
title=OAuth v1.0a
|
|
|
|
[driver.external]
|
|
title=REMOTE_USER
|
|
|
|
[driver.oidc]
|
|
title=OpenID Connect
|
|
|
|
[driver.samlv2]
|
|
title=SAML v2
|
|
|
|
[operation.local_authentication]
|
|
title=Local authentication
|
|
status=optional
|
|
notes=Authenticate with keystone by providing credentials directly to keystone.
|
|
driver.sql=complete
|
|
driver.ldap=complete
|
|
driver.oauth1=complete
|
|
driver.external=missing
|
|
driver.oidc=missing
|
|
driver.samlv2=missing
|
|
|
|
[operation.external_authentication]
|
|
title=External authentication
|
|
status=optional
|
|
notes=Authenticate with keystone by providing credentials to an external system
|
|
that keystone trusts (as with federation).
|
|
driver.sql=missing
|
|
driver.ldap=missing
|
|
driver.oauth1=missing
|
|
driver.external=complete
|
|
driver.oidc=complete
|
|
driver.samlv2=complete
|
|
|
|
[operation.identity_crud]
|
|
title=Identity management
|
|
status=optional
|
|
notes=Create, update, enable/disable, and delete users via Keystone's HTTP API.
|
|
driver.sql=complete
|
|
driver.ldap=partial
|
|
driver.oauth1=complete
|
|
driver.external=missing
|
|
driver.oidc=missing
|
|
driver.samlv2=missing
|
|
|
|
[operation.pci_controls]
|
|
title=PCI-DSS controls
|
|
status=optional
|
|
notes=Configure keystone to enforce PCI-DSS compliant security controls.
|
|
driver.sql=complete
|
|
driver.ldap=partial
|
|
driver.oauth1=missing
|
|
driver.external=partial
|
|
driver.oidc=missing
|
|
driver.samlv2=missing
|
|
|
|
[operation.auditing]
|
|
title=Auditing
|
|
status=optional
|
|
notes=Audit authentication flows using PyCADF.
|
|
driver.sql=complete
|
|
driver.ldap=complete
|
|
driver.oauth1=missing
|
|
driver.external=missing
|
|
driver.oidc=complete
|
|
driver.samlv2=complete
|