openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes
Role os_keystone for OpenStack-Ansible
444 Commits 8 Branches 16 Tags 11 MiB
Jinja 69.1%
Python 22.2%
Shell 8.7%
Go to file
Matthew Thode 81a28142a0 Add security headers to web accessable services. 
Adds the following headers as static:

    X-Content-Type-Options "nosniff"
    X-XSS-Protection "1; mode=block"
    append Content-Security-Policy "default-src 'self' https: wss:;"

nosniff prevents non-executable mime times from becoming executable.
The X-XSS-Protection header will prevent the loading of a page if the
browser detects an xss attack.  The Content-Security-Policy declares
what dynamic resources are allowed to load.

Adds the following header as user-setable via the
keystone_x_frame_options variable.

    X-Frame-Options "DENY"

By default the X-Frame-Options header denies embedding in an iframe.

Change-Id: Iadd3e93bdb7e9d41ae1d027196367448dbce19f1
Partial-Bug: 1717321
 		2017-10-22 03:01:16 +00:00
defaults Add extra headers for Keystone 2017-08-17 14:44:44 -05:00
doc Initial OSA zuul v3 role jobs 2017-10-18 11:21:52 +00:00
examples [DOCS] Move keystone federation role docs 2016-08-16 08:46:08 +00:00
handlers Add external LB management handler hook interface 2017-09-16 13:41:28 -05:00
library Resolved Keystone Federation bugs 2017-02-07 21:01:09 -06:00
meta Add OpenStack-Ansible metadata 2017-10-11 09:02:41 +00:00
releasenotes Add security headers to web accessable services. 2017-10-22 03:01:16 +00:00
tasks Bypass web server during service setup 2017-10-09 10:09:24 -07:00
templates Add security headers to web accessable services. 2017-10-22 03:01:16 +00:00
tests Merge "Update upgrade role for Queens from P" 2017-10-19 19:25:19 +00:00
vars Add security headers to web accessable services. 2017-10-22 03:01:16 +00:00
zuul.d Add openstack-ansible-linters test 2017-10-18 17:48:52 +01:00
.gitignore Updated from OpenStack Ansible Tests 2017-06-22 15:19:39 +00:00
.gitreview Implement base configuration for independent repository 2016-03-02 10:09:25 -05:00
CONTRIBUTING.rst Updated role to be an independent role 2016-02-26 14:13:43 -06:00
LICENSE Updated role to be an independent role 2016-02-26 14:13:43 -06:00
README.rst Update URLs in documents according to document migration 2017-07-19 09:32:03 +08:00
Vagrantfile Updated from OpenStack Ansible Tests 2017-07-28 15:00:34 +00:00
bindep.txt Updated from OpenStack Ansible Tests 2017-10-12 20:44:36 +00:00
manual-test.rc Use centralised test scripts 2016-09-28 08:56:33 +01:00
run_tests.sh Initial OSA zuul v3 role jobs 2017-10-18 11:21:52 +00:00
setup.cfg Update URL home-page in documents according to document migration 2017-07-14 03:21:58 +00:00
setup.py Updated from global requirements 2017-03-02 11:51:52 +00:00
test-requirements.txt Updated from global requirements 2017-09-16 23:20:01 +00:00
tox.ini Switch to using Nginx/uWSGI by default 2017-06-29 16:42:36 +00:00

README.rst

Team and repository tags

image

OpenStack-Ansible keystone

Ansible role that installs and configures OpenStack Keystone. Keystone is installed behind the Apache webserver listening on port 5000 and port 35357 by default.

Documentation for the project can be found at: https://docs.openstack.org/openstack-ansible-os_keystone/latest/ The project home is at: http://launchpad.net/openstack-ansible