generate sample config automatically
Let's use sphinx extensions to generate the config options instead of updating them manually. The following options will no longer appear since we use auth plugins now: auth_admin_prefix auth_url auth_host auth_port auth_protocol identity_uri admin_token admin_user admin_password admin_tenant_name Change-Id: I0a6eac26f93bfb1c2cbba17a98629108915f78c6
This commit is contained in:
parent
7594bfab79
commit
95ba901ac0
3
.gitignore
vendored
3
.gitignore
vendored
@ -56,3 +56,6 @@ ChangeLog
|
||||
|
||||
# Files created by releasenotes build
|
||||
releasenotes/build
|
||||
|
||||
# sample config included in docs
|
||||
doc/source/_static/keystonemiddleware.conf.sample
|
||||
|
4
config-generator/keystonemiddleware.conf
Normal file
4
config-generator/keystonemiddleware.conf
Normal file
@ -0,0 +1,4 @@
|
||||
[DEFAULT]
|
||||
output_file = etc/keystone.conf.sample
|
||||
wrap_width = 79
|
||||
namespace = keystonemiddleware.auth_token
|
@ -49,9 +49,13 @@ extensions = ['sphinx.ext.autodoc',
|
||||
# remove this Sphinx extension when
|
||||
# https://launchpad.net/bugs/1260495 is fixed.
|
||||
'ext.apidoc',
|
||||
'oslosphinx'
|
||||
'oslosphinx',
|
||||
'oslo_config.sphinxconfiggen'
|
||||
]
|
||||
|
||||
config_generator_config_file = '../../config-generator/keystonemiddleware.conf'
|
||||
sample_config_basename = '_static/keystonemiddleware'
|
||||
|
||||
todo_include_todos = True
|
||||
|
||||
# Add any paths that contain templates here, relative to this directory.
|
||||
@ -156,7 +160,7 @@ man_pages = []
|
||||
# Add any paths that contain custom static files (such as style sheets) here,
|
||||
# relative to this directory. They are copied after the builtin static files,
|
||||
# so a file named "default.css" will overwrite the builtin "default.css".
|
||||
#html_static_path = ['static']
|
||||
html_static_path = ['_static']
|
||||
|
||||
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
|
||||
# using the given strftime format.
|
||||
|
@ -124,166 +124,7 @@ a WSGI component. Example for the auth_token middleware:
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
|
||||
# Prefix to prepend at the beginning of the path (string
|
||||
# value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#auth_admin_prefix=
|
||||
|
||||
# Authentication URL (string value)
|
||||
auth_url=http://127.0.0.1:35357
|
||||
|
||||
# Host providing the admin Identity API endpoint (string
|
||||
# value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#auth_host=127.0.0.1
|
||||
|
||||
# Port of the admin Identity API endpoint (integer value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#auth_port=35357
|
||||
|
||||
# Protocol of the admin Identity API endpoint(http or https)
|
||||
# (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#auth_protocol=https
|
||||
|
||||
# Complete admin Identity API endpoint.
|
||||
# This should specify the unversioned root endpoint
|
||||
# e.g. https://localhost:35357/. (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#identity_uri=<None>
|
||||
|
||||
# Complete public Identity API endpoint (string value)
|
||||
#auth_uri=<None>
|
||||
|
||||
# API version of the admin Identity API endpoint (string
|
||||
# value)
|
||||
#auth_version=<None>
|
||||
|
||||
# Do not handle authorization requests within the middleware,
|
||||
# but delegate the authorization decision to downstream WSGI
|
||||
# components (boolean value)
|
||||
#delay_auth_decision=false
|
||||
|
||||
# Request timeout value for communicating with Identity API
|
||||
# server. (boolean value)
|
||||
#http_connect_timeout=<None>
|
||||
|
||||
# How many times are we trying to reconnect when communicating
|
||||
# with Identity API Server. (integer value)
|
||||
#http_request_max_retries=3
|
||||
|
||||
# Single shared secret with the Keystone configuration used
|
||||
# for bootstrapping a Keystone installation, or otherwise
|
||||
# bypassing the normal authentication process. (string value)
|
||||
# Deprecated, use username and password instead.
|
||||
#admin_token=<None>
|
||||
|
||||
# Keystone account username (string value)
|
||||
#admin_user=<None>
|
||||
|
||||
# Keystone account password (string value)
|
||||
admin_password=SuperSekretPassword
|
||||
|
||||
# Keystone service account tenant name to validate user tokens
|
||||
# (string value)
|
||||
#admin_tenant_name=admin
|
||||
|
||||
# Env key for the swift cache (string value)
|
||||
#cache=<None>
|
||||
|
||||
# Required if Keystone server requires client certificate
|
||||
# (string value)
|
||||
#certfile=<None>
|
||||
|
||||
# Required if Keystone server requires client certificate
|
||||
# (string value)
|
||||
#keyfile=<None>
|
||||
|
||||
# A PEM encoded Certificate Authority to use when verifying
|
||||
# HTTPs connections. Defaults to system CAs. (string value)
|
||||
#cafile=<None>
|
||||
|
||||
# Verify HTTPS connections. (boolean value)
|
||||
#insecure=false
|
||||
|
||||
# Directory used to cache files related to PKI tokens (string
|
||||
# value)
|
||||
#signing_dir=<None>
|
||||
|
||||
# If defined, the memcached server(s) to use for caching (list
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/memcache_servers
|
||||
#memcached_servers=<None>
|
||||
|
||||
# In order to prevent excessive requests and validations, the
|
||||
# middleware uses an in-memory cache for the tokens the
|
||||
# Keystone API returns. This is only valid if memcache_servers
|
||||
# is defined. Set to -1 to disable caching completely.
|
||||
# (integer value)
|
||||
#token_cache_time=300
|
||||
|
||||
# Determines the frequency at which the list of revoked tokens
|
||||
# is retrieved from the Identity service (in seconds). A high
|
||||
# number of revocation events combined with a low cache duration
|
||||
# may significantly reduce performance. Only valid for PKI tokens.
|
||||
# (integer value)
|
||||
#revocation_cache_time = 10
|
||||
|
||||
# (optional) if defined, indicate whether token data should be
|
||||
# authenticated or authenticated and encrypted. Acceptable
|
||||
# values are MAC or ENCRYPT. If MAC, token data is
|
||||
# authenticated (with HMAC) in the cache. If ENCRYPT, token
|
||||
# data is encrypted and authenticated in the cache. If the
|
||||
# value is not one of these options or empty, auth_token will
|
||||
# raise an exception on initialization. (string value)
|
||||
#memcache_security_strategy=<None>
|
||||
|
||||
# (optional, mandatory if memcache_security_strategy is
|
||||
# defined) this string is used for key derivation. (string
|
||||
# value)
|
||||
#memcache_secret_key=<None>
|
||||
|
||||
# (optional) indicate whether to set the X-Service-Catalog
|
||||
# header. If False, middleware will not ask for service
|
||||
# catalog on token validation and will not set the X-Service-
|
||||
# Catalog header. (boolean value)
|
||||
#include_service_catalog=true
|
||||
|
||||
# Used to control the use and type of token binding. Can be
|
||||
# set to: "disabled" to not check token binding. "permissive"
|
||||
# (default) to validate binding information if the bind type
|
||||
# is of a form known to the server and ignore it if not.
|
||||
# "strict" like "permissive" but if the bind type is unknown
|
||||
# the token will be rejected. "required" any form of token
|
||||
# binding is needed to be allowed. Finally the name of a
|
||||
# binding method that must be present in tokens. (string
|
||||
# value)
|
||||
#enforce_token_bind=permissive
|
||||
|
||||
# If true, the revocation list will be checked for cached
|
||||
# tokens. This requires that PKI tokens are configured on the
|
||||
# identity server.
|
||||
# (boolean value)
|
||||
#check_revocations_for_cached = false
|
||||
|
||||
# Hash algorithms to use for hashing PKI tokens. This may be a
|
||||
# single algorithm or multiple. The algorithms are those supported
|
||||
# by Python standard hashlib.new(). The hashes will be tried in the
|
||||
# order given, so put the preferred one first for performance. The
|
||||
# result of the first hash will be stored in the cache. This will
|
||||
# typically be set to multiple values only while migrating from a
|
||||
# less secure algorithm to a more secure one. Once all the old
|
||||
# tokens are expired this option should be set to a single value
|
||||
# for better performance. (list value)
|
||||
#hash_algorithms = md5
|
||||
|
||||
# Authentication type to load (unknown value)
|
||||
# Deprecated group/name - [DEFAULT]/auth_plugin
|
||||
#auth_type = <None>
|
||||
|
||||
# Config Section from which to load plugin specific options
|
||||
# (unknown value)
|
||||
#auth_section = <None>
|
||||
.. literalinclude:: _static/keystonemiddleware.conf.sample
|
||||
|
||||
If the ``auth_plugin`` configuration option is set, you may need to refer to
|
||||
the `Authentication Plugins <http://docs.openstack.org/developer/
|
||||
|
Loading…
Reference in New Issue
Block a user