From 637aff3cdcb039f5dac65e967a63632186a66fe4 Mon Sep 17 00:00:00 2001 From: KATO Tomoyuki Date: Thu, 28 Jul 2016 21:04:21 +0900 Subject: [PATCH] [config-ref] cleanup keystone authtoken configurations Change-Id: Ia96c13652ea2d5c1f64caa7b2068cffc57e637ba Implements: blueprint config-ref-common-sections --- .../source/bare-metal/config-options.rst | 1 - .../source/block-storage/volume-misc.rst | 1 - .../source/compute/config-options.rst | 1 - .../source/data-processing-service.rst | 1 - doc/config-reference/source/database.rst | 1 - .../source/identity/options.rst | 1 - doc/config-reference/source/image.rst | 1 - .../source/message/zaqar-authentication.rst | 1 - .../networking_options_reference.rst | 8 -- doc/config-reference/source/orchestration.rst | 1 - .../source/shared-file-systems/misc.rst | 1 - .../source/tables/aodh-auth_token.rst | 96 ------------------- .../source/tables/ceilometer-auth_token.rst | 94 ------------------ .../source/tables/ceilometer-common.rst | 4 - .../source/tables/cinder-auth_token.rst | 94 ------------------ .../source/tables/cinder-common.rst | 4 - .../source/tables/common-auth_token.rst | 2 + .../source/tables/glance-auth_token.rst | 94 ------------------ .../source/tables/glance-common.rst | 4 - .../source/tables/heat-auth_token.rst | 96 ------------------- .../source/tables/ironic-auth_token.rst | 96 ------------------- .../source/tables/keystone-auth_token.rst | 94 ------------------ .../source/tables/keystone-common.rst | 4 - .../source/tables/manila-auth_token.rst | 96 ------------------- .../source/tables/neutron-auth_token.rst | 94 ------------------ .../source/tables/neutron-common.rst | 4 - .../source/tables/nova-auth_token.rst | 94 ------------------ .../source/tables/nova-common.rst | 4 - .../source/tables/octavia-auth_token.rst | 78 --------------- .../source/tables/sahara-auth_token.rst | 94 ------------------ .../source/tables/sahara-common.rst | 4 - .../source/tables/trove-auth_token.rst | 94 ------------------ .../source/tables/trove-common.rst | 4 - .../source/tables/zaqar-auth_token.rst | 96 ------------------- .../telemetry/alarming-config-options.rst | 1 - .../telemetry/telemetry-config-options.rst | 1 - .../aodh.flagmappings | 76 +++++++-------- .../ceilometer.flagmappings | 76 +++++++-------- .../cinder.flagmappings | 76 +++++++-------- .../glance.flagmappings | 76 +++++++-------- .../heat.flagmappings | 76 +++++++-------- .../ironic.flagmappings | 76 +++++++-------- .../keystone.flagmappings | 76 +++++++-------- .../manila.flagmappings | 76 +++++++-------- .../neutron.flagmappings | 76 +++++++-------- .../nova.flagmappings | 76 +++++++-------- .../octavia.flagmappings | 76 +++++++-------- .../sahara.flagmappings | 76 +++++++-------- .../trove.flagmappings | 76 +++++++-------- .../zaqar.flagmappings | 76 +++++++-------- 50 files changed, 534 insertions(+), 1894 deletions(-) delete mode 100644 doc/config-reference/source/tables/aodh-auth_token.rst delete mode 100644 doc/config-reference/source/tables/ceilometer-auth_token.rst delete mode 100644 doc/config-reference/source/tables/cinder-auth_token.rst delete mode 100644 doc/config-reference/source/tables/glance-auth_token.rst delete mode 100644 doc/config-reference/source/tables/heat-auth_token.rst delete mode 100644 doc/config-reference/source/tables/ironic-auth_token.rst delete mode 100644 doc/config-reference/source/tables/keystone-auth_token.rst delete mode 100644 doc/config-reference/source/tables/manila-auth_token.rst delete mode 100644 doc/config-reference/source/tables/neutron-auth_token.rst delete mode 100644 doc/config-reference/source/tables/nova-auth_token.rst delete mode 100644 doc/config-reference/source/tables/sahara-auth_token.rst delete mode 100644 doc/config-reference/source/tables/trove-auth_token.rst delete mode 100644 doc/config-reference/source/tables/zaqar-auth_token.rst diff --git a/doc/config-reference/source/bare-metal/config-options.rst b/doc/config-reference/source/bare-metal/config-options.rst index 21b3b83ca4..a1ef896b29 100644 --- a/doc/config-reference/source/bare-metal/config-options.rst +++ b/doc/config-reference/source/bare-metal/config-options.rst @@ -8,7 +8,6 @@ service configuration options. .. include:: ../tables/ironic-agent.rst .. include:: ../tables/ironic-amqp.rst .. include:: ../tables/ironic-amt.rst -.. include:: ../tables/ironic-auth_token.rst .. include:: ../tables/ironic-auth.rst .. include:: ../tables/ironic-cisco_ucs.rst .. include:: ../tables/ironic-common.rst diff --git a/doc/config-reference/source/block-storage/volume-misc.rst b/doc/config-reference/source/block-storage/volume-misc.rst index 10e0d13030..e4830e3151 100644 --- a/doc/config-reference/source/block-storage/volume-misc.rst +++ b/doc/config-reference/source/block-storage/volume-misc.rst @@ -7,7 +7,6 @@ These options can also be set in the ``cinder.conf`` file. .. include:: ../tables/cinder-api.rst .. include:: ../tables/cinder-amqp.rst .. include:: ../tables/cinder-auth.rst -.. include:: ../tables/cinder-auth_token.rst .. include:: ../tables/cinder-backups.rst .. include:: ../tables/cinder-block-device.rst .. include:: ../tables/cinder-common.rst diff --git a/doc/config-reference/source/compute/config-options.rst b/doc/config-reference/source/compute/config-options.rst index ae6e4d00e3..55690af0fe 100644 --- a/doc/config-reference/source/compute/config-options.rst +++ b/doc/config-reference/source/compute/config-options.rst @@ -10,7 +10,6 @@ OpenStack Compute service, run .. include:: ../tables/nova-apiv21.rst .. include:: ../tables/nova-api_database.rst .. include:: ../tables/nova-authentication.rst -.. include:: ../tables/nova-auth_token.rst .. include:: ../tables/nova-availabilityzones.rst .. include:: ../tables/nova-barbican.rst .. include:: ../tables/nova-ca.rst diff --git a/doc/config-reference/source/data-processing-service.rst b/doc/config-reference/source/data-processing-service.rst index f0f623fdcf..3237edafcd 100644 --- a/doc/config-reference/source/data-processing-service.rst +++ b/doc/config-reference/source/data-processing-service.rst @@ -20,7 +20,6 @@ service configuration options: .. include:: tables/sahara-amqp.rst .. include:: tables/sahara-api.rst -.. include:: tables/sahara-auth_token.rst .. include:: tables/sahara-clients.rst .. include:: tables/sahara-common.rst .. include:: tables/sahara-domain.rst diff --git a/doc/config-reference/source/database.rst b/doc/config-reference/source/database.rst index d784233ecc..203708532b 100644 --- a/doc/config-reference/source/database.rst +++ b/doc/config-reference/source/database.rst @@ -17,7 +17,6 @@ The following tables provide a comprehensive list of the Database service configuration options. .. include:: tables/trove-api.rst -.. include:: tables/trove-auth_token.rst .. include:: tables/trove-backup.rst .. include:: tables/trove-clients.rst .. include:: tables/trove-cluster.rst diff --git a/doc/config-reference/source/identity/options.rst b/doc/config-reference/source/identity/options.rst index 760bb50901..8ba235cbab 100644 --- a/doc/config-reference/source/identity/options.rst +++ b/doc/config-reference/source/identity/options.rst @@ -10,7 +10,6 @@ service options. .. include:: ../tables/keystone-api.rst .. include:: ../tables/keystone-assignment.rst .. include:: ../tables/keystone-auth.rst -.. include:: ../tables/keystone-auth_token.rst .. include:: ../tables/keystone-ca.rst .. include:: ../tables/keystone-catalog.rst .. include:: ../tables/keystone-common.rst diff --git a/doc/config-reference/source/image.rst b/doc/config-reference/source/image.rst index 4151ae42ac..39d9771e54 100644 --- a/doc/config-reference/source/image.rst +++ b/doc/config-reference/source/image.rst @@ -28,7 +28,6 @@ documented in :ref:`nova-glance`. You can modify many options in the Image service. The following tables provide a comprehensive list. -.. include:: tables/glance-auth_token.rst .. include:: tables/glance-common.rst .. include:: tables/glance-imagecache.rst .. include:: tables/glance-logging.rst diff --git a/doc/config-reference/source/message/zaqar-authentication.rst b/doc/config-reference/source/message/zaqar-authentication.rst index 7f81b1756c..3ee137a98e 100644 --- a/doc/config-reference/source/message/zaqar-authentication.rst +++ b/doc/config-reference/source/message/zaqar-authentication.rst @@ -39,4 +39,3 @@ Options Configure the authentication and authorization strategy through these options: .. include:: ../tables/zaqar-authentication.rst -.. include:: ../tables/zaqar-auth_token.rst diff --git a/doc/config-reference/source/networking/networking_options_reference.rst b/doc/config-reference/source/networking/networking_options_reference.rst index 43629d6ab7..4f8206b3ad 100644 --- a/doc/config-reference/source/networking/networking_options_reference.rst +++ b/doc/config-reference/source/networking/networking_options_reference.rst @@ -165,14 +165,6 @@ Use the following options to alter API-related settings. .. include:: ../tables/neutron-api.rst -Token authentication -~~~~~~~~~~~~~~~~~~~~ - -Use the following options to alter token authentication settings. - -.. include:: ../tables/neutron-auth_token.rst - - Compute ~~~~~~~ diff --git a/doc/config-reference/source/orchestration.rst b/doc/config-reference/source/orchestration.rst index 5dad8daa81..4dcd5237f1 100644 --- a/doc/config-reference/source/orchestration.rst +++ b/doc/config-reference/source/orchestration.rst @@ -27,7 +27,6 @@ distribution (`docs.openstack.org `__). The following tables provide a comprehensive list of the Orchestration configuration options: -.. include:: tables/heat-auth_token.rst .. include:: tables/heat-common.rst .. include:: tables/heat-crypt.rst .. include:: tables/heat-loadbalancer.rst diff --git a/doc/config-reference/source/shared-file-systems/misc.rst b/doc/config-reference/source/shared-file-systems/misc.rst index cc939adbd5..c6bb4cbb02 100644 --- a/doc/config-reference/source/shared-file-systems/misc.rst +++ b/doc/config-reference/source/shared-file-systems/misc.rst @@ -4,7 +4,6 @@ Additional options These options can also be set in the ``manila.conf`` file. -.. include:: ../tables/manila-auth_token.rst .. include:: ../tables/manila-auth.rst .. include:: ../tables/manila-ca.rst .. include:: ../tables/manila-common.rst diff --git a/doc/config-reference/source/tables/aodh-auth_token.rst b/doc/config-reference/source/tables/aodh-auth_token.rst deleted file mode 100644 index 8c1a5d2a83..0000000000 --- a/doc/config-reference/source/tables/aodh-auth_token.rst +++ /dev/null @@ -1,96 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _aodh-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/ceilometer-auth_token.rst b/doc/config-reference/source/tables/ceilometer-auth_token.rst deleted file mode 100644 index 52e79dad0a..0000000000 --- a/doc/config-reference/source/tables/ceilometer-auth_token.rst +++ /dev/null @@ -1,94 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _ceilometer-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/ceilometer-common.rst b/doc/config-reference/source/tables/ceilometer-common.rst index fdcf4de2a7..573bd2d4d4 100644 --- a/doc/config-reference/source/tables/ceilometer-common.rst +++ b/doc/config-reference/source/tables/ceilometer-common.rst @@ -66,10 +66,6 @@ - (Integer) Maximum number of seconds between retry to join partitioning group * - ``retry_backoff`` = ``1`` - (Integer) Retry backoff factor when retrying to connect withcoordination backend - * - **[keystone_authtoken]** - - - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. * - **[meter]** - * - ``meter_definitions_cfg_file`` = ``meters.yaml`` diff --git a/doc/config-reference/source/tables/cinder-auth_token.rst b/doc/config-reference/source/tables/cinder-auth_token.rst deleted file mode 100644 index 29a8e50fa0..0000000000 --- a/doc/config-reference/source/tables/cinder-auth_token.rst +++ /dev/null @@ -1,94 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _cinder-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/cinder-common.rst b/doc/config-reference/source/tables/cinder-common.rst index 2baab10609..abc2916809 100644 --- a/doc/config-reference/source/tables/cinder-common.rst +++ b/doc/config-reference/source/tables/cinder-common.rst @@ -128,7 +128,3 @@ - (Boolean) Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. * - ``watch_log_file`` = ``False`` - (Boolean) Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set. - * - **[keystone_authtoken]** - - - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. diff --git a/doc/config-reference/source/tables/common-auth_token.rst b/doc/config-reference/source/tables/common-auth_token.rst index 826ca3f94e..201cca48cd 100644 --- a/doc/config-reference/source/tables/common-auth_token.rst +++ b/doc/config-reference/source/tables/common-auth_token.rst @@ -84,6 +84,8 @@ - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. * - ``memcache_use_advanced_pool`` = ``False`` - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. + * - ``memcached_servers`` = ``None`` + - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. * - ``region_name`` = ``None`` - (String) The region in which the identity server can be found. * - ``revocation_cache_time`` = ``10`` diff --git a/doc/config-reference/source/tables/glance-auth_token.rst b/doc/config-reference/source/tables/glance-auth_token.rst deleted file mode 100644 index c4ebff3ab5..0000000000 --- a/doc/config-reference/source/tables/glance-auth_token.rst +++ /dev/null @@ -1,94 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _glance-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/glance-common.rst b/doc/config-reference/source/tables/glance-common.rst index 89b19575e1..3b3b98ab25 100644 --- a/doc/config-reference/source/tables/glance-common.rst +++ b/doc/config-reference/source/tables/glance-common.rst @@ -70,10 +70,6 @@ - (List) Supported values for the 'container_format' image attribute * - ``disk_formats`` = ``ami, ari, aki, vhd, vmdk, raw, qcow2, vdi, iso`` - (List) Supported values for the 'disk_format' image attribute - * - **[keystone_authtoken]** - - - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. * - **[task]** - * - ``task_executor`` = ``taskflow`` diff --git a/doc/config-reference/source/tables/heat-auth_token.rst b/doc/config-reference/source/tables/heat-auth_token.rst deleted file mode 100644 index 87e5ce3b4c..0000000000 --- a/doc/config-reference/source/tables/heat-auth_token.rst +++ /dev/null @@ -1,96 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _heat-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/ironic-auth_token.rst b/doc/config-reference/source/tables/ironic-auth_token.rst deleted file mode 100644 index bc5e83a4c8..0000000000 --- a/doc/config-reference/source/tables/ironic-auth_token.rst +++ /dev/null @@ -1,96 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _ironic-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/keystone-auth_token.rst b/doc/config-reference/source/tables/keystone-auth_token.rst deleted file mode 100644 index f34f158fa7..0000000000 --- a/doc/config-reference/source/tables/keystone-auth_token.rst +++ /dev/null @@ -1,94 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _keystone-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/keystone-common.rst b/doc/config-reference/source/tables/keystone-common.rst index ebf5d54ecf..298d82b9d5 100644 --- a/doc/config-reference/source/tables/keystone-common.rst +++ b/doc/config-reference/source/tables/keystone-common.rst @@ -22,10 +22,6 @@ - (Integer) Size of executor thread pool. * - ``memcached_servers`` = ``None`` - (List) Memcached servers or None for in process cache. - * - **[keystone_authtoken]** - - - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. * - **[oslo_concurrency]** - * - ``disable_process_locking`` = ``False`` diff --git a/doc/config-reference/source/tables/manila-auth_token.rst b/doc/config-reference/source/tables/manila-auth_token.rst deleted file mode 100644 index 9adb013580..0000000000 --- a/doc/config-reference/source/tables/manila-auth_token.rst +++ /dev/null @@ -1,96 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _manila-auth_token: - -.. list-table:: Description of Authorization Token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/neutron-auth_token.rst b/doc/config-reference/source/tables/neutron-auth_token.rst deleted file mode 100644 index d6aa3c864f..0000000000 --- a/doc/config-reference/source/tables/neutron-auth_token.rst +++ /dev/null @@ -1,94 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _neutron-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/neutron-common.rst b/doc/config-reference/source/tables/neutron-common.rst index 32b284005a..5fa0fbb5b5 100644 --- a/doc/config-reference/source/tables/neutron-common.rst +++ b/doc/config-reference/source/tables/neutron-common.rst @@ -118,10 +118,6 @@ - (String) Root helper application. Use 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf' to use the real root filter facility. Change to 'sudo' to skip the filtering and just run the command directly. * - ``root_helper_daemon`` = ``None`` - (String) Root helper daemon application to use when possible. - * - **[keystone_authtoken]** - - - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. * - **[qos]** - * - ``notification_drivers`` = ``message_queue`` diff --git a/doc/config-reference/source/tables/nova-auth_token.rst b/doc/config-reference/source/tables/nova-auth_token.rst deleted file mode 100644 index bd60a89c3f..0000000000 --- a/doc/config-reference/source/tables/nova-auth_token.rst +++ /dev/null @@ -1,94 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _nova-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/nova-common.rst b/doc/config-reference/source/tables/nova-common.rst index c4a83edbfe..3ef78dadf0 100644 --- a/doc/config-reference/source/tables/nova-common.rst +++ b/doc/config-reference/source/tables/nova-common.rst @@ -52,10 +52,6 @@ - (String) Explicitly specify the temporary working directory * - ``use_rootwrap_daemon`` = ``False`` - (Boolean) Start and use a daemon that can run the commands that need to be run with root privileges. This option is usually enabled on nodes that run nova compute processes - * - **[keystone_authtoken]** - - - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. * - **[workarounds]** - * - ``destroy_after_evacuate`` = ``True`` diff --git a/doc/config-reference/source/tables/octavia-auth_token.rst b/doc/config-reference/source/tables/octavia-auth_token.rst index 220691346f..1fbe74f309 100644 --- a/doc/config-reference/source/tables/octavia-auth_token.rst +++ b/doc/config-reference/source/tables/octavia-auth_token.rst @@ -16,84 +16,6 @@ * - Configuration option = Default value - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. * - **[keystone_authtoken_v3]** - * - ``admin_project_domain`` = ``default`` diff --git a/doc/config-reference/source/tables/sahara-auth_token.rst b/doc/config-reference/source/tables/sahara-auth_token.rst deleted file mode 100644 index 7e24c3cc84..0000000000 --- a/doc/config-reference/source/tables/sahara-auth_token.rst +++ /dev/null @@ -1,94 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _sahara-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/sahara-common.rst b/doc/config-reference/source/tables/sahara-common.rst index 5c3b0223a0..8ca03e2ee2 100644 --- a/doc/config-reference/source/tables/sahara-common.rst +++ b/doc/config-reference/source/tables/sahara-common.rst @@ -120,7 +120,3 @@ - * - ``use_local`` = ``True`` - (Boolean) Perform sahara-conductor operations locally. - * - **[keystone_authtoken]** - - - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. diff --git a/doc/config-reference/source/tables/trove-auth_token.rst b/doc/config-reference/source/tables/trove-auth_token.rst deleted file mode 100644 index 3d73223217..0000000000 --- a/doc/config-reference/source/tables/trove-auth_token.rst +++ /dev/null @@ -1,94 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _trove-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/tables/trove-common.rst b/doc/config-reference/source/tables/trove-common.rst index 8783ecf0dd..5927926305 100644 --- a/doc/config-reference/source/tables/trove-common.rst +++ b/doc/config-reference/source/tables/trove-common.rst @@ -64,10 +64,6 @@ - (String) Name of the Barbican authentication method to use * - ``cert_manager_type`` = ``barbican`` - (String) Certificate Manager plugin. Defaults to barbican. - * - **[keystone_authtoken]** - - - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. * - **[service_auth]** - * - ``admin_password`` = ``password`` diff --git a/doc/config-reference/source/tables/zaqar-auth_token.rst b/doc/config-reference/source/tables/zaqar-auth_token.rst deleted file mode 100644 index 27f58a4683..0000000000 --- a/doc/config-reference/source/tables/zaqar-auth_token.rst +++ /dev/null @@ -1,96 +0,0 @@ -.. - Warning: Do not edit this file. It is automatically generated from the - software project's code and your changes will be overwritten. - - The tool to generate this file lives in openstack-doc-tools repository. - - Please make any changes needed in the code, then run the - autogenerate-config-doc tool from the openstack-doc-tools repository, or - ask for help on the documentation mailing list, IRC channel or meeting. - -.. _zaqar-auth_token: - -.. list-table:: Description of authorization token configuration options - :header-rows: 1 - :class: config-ref-table - - * - Configuration option = Default value - - Description - * - **[keystone_authtoken]** - - - * - ``admin_password`` = ``None`` - - (String) Service user password. - * - ``admin_tenant_name`` = ``admin`` - - (String) Service tenant name. - * - ``admin_token`` = ``None`` - - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. - * - ``admin_user`` = ``None`` - - (String) Service username. - * - ``auth_admin_prefix`` = - - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. - * - ``auth_host`` = ``127.0.0.1`` - - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_port`` = ``35357`` - - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_protocol`` = ``https`` - - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri. - * - ``auth_section`` = ``None`` - - (Unknown) Config Section from which to load plugin specific options - * - ``auth_type`` = ``None`` - - (Unknown) Authentication type to load - * - ``auth_uri`` = ``None`` - - (String) Complete public Identity API endpoint. - * - ``auth_version`` = ``None`` - - (String) API version of the admin Identity API endpoint. - * - ``cache`` = ``None`` - - (String) Env key for the swift cache. - * - ``cafile`` = ``None`` - - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. - * - ``certfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``check_revocations_for_cached`` = ``False`` - - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. - * - ``delay_auth_decision`` = ``False`` - - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. - * - ``enforce_token_bind`` = ``permissive`` - - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. - * - ``hash_algorithms`` = ``md5`` - - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. - * - ``http_connect_timeout`` = ``None`` - - (Integer) Request timeout value for communicating with Identity API server. - * - ``http_request_max_retries`` = ``3`` - - (Integer) How many times are we trying to reconnect when communicating with Identity API Server. - * - ``identity_uri`` = ``None`` - - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ - * - ``include_service_catalog`` = ``True`` - - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. - * - ``insecure`` = ``False`` - - (Boolean) Verify HTTPS connections. - * - ``keyfile`` = ``None`` - - (String) Required if identity server requires client certificate - * - ``memcache_pool_conn_get_timeout`` = ``10`` - - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. - * - ``memcache_pool_dead_retry`` = ``300`` - - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again. - * - ``memcache_pool_maxsize`` = ``10`` - - (Integer) (Optional) Maximum total number of open connections to every memcached server. - * - ``memcache_pool_socket_timeout`` = ``3`` - - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server. - * - ``memcache_pool_unused_timeout`` = ``60`` - - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. - * - ``memcache_secret_key`` = ``None`` - - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. - * - ``memcache_security_strategy`` = ``None`` - - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. - * - ``memcache_use_advanced_pool`` = ``False`` - - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. - * - ``memcached_servers`` = ``None`` - - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. - * - ``region_name`` = ``None`` - - (String) The region in which the identity server can be found. - * - ``revocation_cache_time`` = ``10`` - - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. - * - ``signing_dir`` = ``None`` - - (String) Directory used to cache files related to PKI tokens. - * - ``token_cache_time`` = ``300`` - - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. diff --git a/doc/config-reference/source/telemetry/alarming-config-options.rst b/doc/config-reference/source/telemetry/alarming-config-options.rst index 8f3cd9ab4b..26e9c9f00b 100644 --- a/doc/config-reference/source/telemetry/alarming-config-options.rst +++ b/doc/config-reference/source/telemetry/alarming-config-options.rst @@ -7,7 +7,6 @@ Alarming service configuration options. .. include:: ../tables/aodh-amqp.rst .. include:: ../tables/aodh-api.rst -.. include:: ../tables/aodh-auth_token.rst .. include:: ../tables/aodh-common.rst .. include:: ../tables/aodh-coordination.rst .. include:: ../tables/aodh-logging.rst diff --git a/doc/config-reference/source/telemetry/telemetry-config-options.rst b/doc/config-reference/source/telemetry/telemetry-config-options.rst index e1c7c2a1df..5432477c0f 100644 --- a/doc/config-reference/source/telemetry/telemetry-config-options.rst +++ b/doc/config-reference/source/telemetry/telemetry-config-options.rst @@ -8,7 +8,6 @@ configuration options. .. include:: ../tables/ceilometer-amqp.rst .. include:: ../tables/ceilometer-api.rst .. include:: ../tables/ceilometer-auth.rst -.. include:: ../tables/ceilometer-auth_token.rst .. include:: ../tables/ceilometer-collector.rst .. include:: ../tables/ceilometer-common.rst .. include:: ../tables/ceilometer-debug.rst diff --git a/tools/autogenerate-config-flagmappings/aodh.flagmappings b/tools/autogenerate-config-flagmappings/aodh.flagmappings index 518e48c336..acf15dd94c 100644 --- a/tools/autogenerate-config-flagmappings/aodh.flagmappings +++ b/tools/autogenerate-config-flagmappings/aodh.flagmappings @@ -94,44 +94,44 @@ database/slave_connection disable database/sqlite_db disable database/sqlite_synchronous disable database/use_db_reconnect disable -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers auth_token -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable matchmaker_redis/check_timeout redis matchmaker_redis/host redis matchmaker_redis/password redis diff --git a/tools/autogenerate-config-flagmappings/ceilometer.flagmappings b/tools/autogenerate-config-flagmappings/ceilometer.flagmappings index cbb10bbc7c..c03cb4fb58 100644 --- a/tools/autogenerate-config-flagmappings/ceilometer.flagmappings +++ b/tools/autogenerate-config-flagmappings/ceilometer.flagmappings @@ -158,44 +158,44 @@ hardware/url_scheme tripleo hyperv/force_volumeutils_v1 hyperv ipmi/node_manager_init_retry ipmi ipmi/polling_retry ipmi -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers common -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable matchmaker_redis/check_timeout redis matchmaker_redis/host redis matchmaker_redis/password redis diff --git a/tools/autogenerate-config-flagmappings/cinder.flagmappings b/tools/autogenerate-config-flagmappings/cinder.flagmappings index 7540cd32a8..6d6b7cc02b 100644 --- a/tools/autogenerate-config-flagmappings/cinder.flagmappings +++ b/tools/autogenerate-config-flagmappings/cinder.flagmappings @@ -744,44 +744,44 @@ keymgr/api_class keymgr keymgr/encryption_api_url keymgr keymgr/encryption_auth_url keymgr keymgr/fixed_key keymgr -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers common -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable matchmaker_redis/check_timeout redis matchmaker_redis/host redis matchmaker_redis/password redis diff --git a/tools/autogenerate-config-flagmappings/glance.flagmappings b/tools/autogenerate-config-flagmappings/glance.flagmappings index cab814de0c..2074bceccd 100644 --- a/tools/autogenerate-config-flagmappings/glance.flagmappings +++ b/tools/autogenerate-config-flagmappings/glance.flagmappings @@ -234,44 +234,44 @@ glance_store/vmware_store_image_dir vmware glance_store/vmware_task_poll_interval vmware image_format/container_formats common image_format/disk_formats common -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers common -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable matchmaker_redis/check_timeout redis matchmaker_redis/host redis matchmaker_redis/password redis diff --git a/tools/autogenerate-config-flagmappings/heat.flagmappings b/tools/autogenerate-config-flagmappings/heat.flagmappings index aa61d8c809..2bcf4e718d 100644 --- a/tools/autogenerate-config-flagmappings/heat.flagmappings +++ b/tools/autogenerate-config-flagmappings/heat.flagmappings @@ -230,44 +230,44 @@ heat_api_cloudwatch/key_file cloudwatch_api heat_api_cloudwatch/max_header_line cloudwatch_api heat_api_cloudwatch/tcp_keepidle cloudwatch_api heat_api_cloudwatch/workers cloudwatch_api -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers auth_token -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable matchmaker_redis/check_timeout redis matchmaker_redis/host redis matchmaker_redis/password redis diff --git a/tools/autogenerate-config-flagmappings/ironic.flagmappings b/tools/autogenerate-config-flagmappings/ironic.flagmappings index 27fbc97c54..d712ee1995 100644 --- a/tools/autogenerate-config-flagmappings/ironic.flagmappings +++ b/tools/autogenerate-config-flagmappings/ironic.flagmappings @@ -211,44 +211,44 @@ irmc/snmp_version irmc ironic_lib/fatal_exception_format_errors common ironic_lib/root_helper common keystone/region_name keystone -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers auth_token -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable matchmaker_redis/check_timeout redis matchmaker_redis/host redis matchmaker_redis/password redis diff --git a/tools/autogenerate-config-flagmappings/keystone.flagmappings b/tools/autogenerate-config-flagmappings/keystone.flagmappings index 1a40b8fbd5..5cef161892 100644 --- a/tools/autogenerate-config-flagmappings/keystone.flagmappings +++ b/tools/autogenerate-config-flagmappings/keystone.flagmappings @@ -160,44 +160,44 @@ identity/max_password_length identity identity_mapping/backward_compatible_ids mapping identity_mapping/driver mapping identity_mapping/generator mapping -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers common -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable kvs/backends kvs kvs/config_prefix kvs kvs/default_lock_timeout kvs diff --git a/tools/autogenerate-config-flagmappings/manila.flagmappings b/tools/autogenerate-config-flagmappings/manila.flagmappings index 5453921aa8..5e13bf054e 100644 --- a/tools/autogenerate-config-flagmappings/manila.flagmappings +++ b/tools/autogenerate-config-flagmappings/manila.flagmappings @@ -381,44 +381,44 @@ hnas1/hds_hnas_stalled_job_timeout hds_hnas hnas1/hds_hnas_user hds_hnas hnas1/share_backend_name hds_hnas hnas1/share_driver hds_hnas -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers auth_token -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable matchmaker_redis/check_timeout redis matchmaker_redis/host redis matchmaker_redis/password redis diff --git a/tools/autogenerate-config-flagmappings/neutron.flagmappings b/tools/autogenerate-config-flagmappings/neutron.flagmappings index 622fcfd841..ec36638863 100644 --- a/tools/autogenerate-config-flagmappings/neutron.flagmappings +++ b/tools/autogenerate-config-flagmappings/neutron.flagmappings @@ -307,44 +307,44 @@ haproxy/user_group lbaas_agent ipsec/config_base_dir vpnaas_ipsec ipsec/enable_detailed_logging vpnaas_ipsec ipsec/ipsec_status_check_interval vpnaas_ipsec -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers common -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable l2pop/agent_boot_time ml2_l2pop macvtap/physical_interface_mappings ml2_macvtap matchmaker_redis/check_timeout redis diff --git a/tools/autogenerate-config-flagmappings/nova.flagmappings b/tools/autogenerate-config-flagmappings/nova.flagmappings index 9021a73631..42ec0cf122 100644 --- a/tools/autogenerate-config-flagmappings/nova.flagmappings +++ b/tools/autogenerate-config-flagmappings/nova.flagmappings @@ -486,44 +486,44 @@ ironic/cafile ironic ironic/client_log_level ironic keymgr/api_class keymgr keymgr/fixed_key keymgr -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers common -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable libvirt/block_migration_flag libvirt libvirt/checksum_base_images libvirt libvirt/checksum_interval_seconds libvirt diff --git a/tools/autogenerate-config-flagmappings/octavia.flagmappings b/tools/autogenerate-config-flagmappings/octavia.flagmappings index f7316b6e79..9b341cb219 100644 --- a/tools/autogenerate-config-flagmappings/octavia.flagmappings +++ b/tools/autogenerate-config-flagmappings/octavia.flagmappings @@ -163,44 +163,44 @@ keepalived_vrrp/vrrp_fail_count common keepalived_vrrp/vrrp_garp_refresh_count common keepalived_vrrp/vrrp_garp_refresh_interval common keepalived_vrrp/vrrp_success_count common -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers auth_token -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable keystone_authtoken_v3/admin_project_domain auth_token keystone_authtoken_v3/admin_user_domain auth_token matchmaker_redis/check_timeout redis diff --git a/tools/autogenerate-config-flagmappings/sahara.flagmappings b/tools/autogenerate-config-flagmappings/sahara.flagmappings index 3fbe1570f5..cc01946d8b 100644 --- a/tools/autogenerate-config-flagmappings/sahara.flagmappings +++ b/tools/autogenerate-config-flagmappings/sahara.flagmappings @@ -133,44 +133,44 @@ heat/endpoint_type clients keystone/api_insecure clients keystone/ca_file clients keystone/endpoint_type clients -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers common -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable manila/api_insecure clients manila/api_version clients manila/ca_file clients diff --git a/tools/autogenerate-config-flagmappings/trove.flagmappings b/tools/autogenerate-config-flagmappings/trove.flagmappings index aa6d90a928..c7a1c66efd 100644 --- a/tools/autogenerate-config-flagmappings/trove.flagmappings +++ b/tools/autogenerate-config-flagmappings/trove.flagmappings @@ -293,44 +293,44 @@ db2/root_on_create db_db2 db2/tcp_ports db_db2 db2/udp_ports db_db2 db2/volume_support db_db2 -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers common -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable mariadb/api_strategy db_mariadb mariadb/backup_incremental_strategy db_mariadb mariadb/backup_namespace db_mariadb diff --git a/tools/autogenerate-config-flagmappings/zaqar.flagmappings b/tools/autogenerate-config-flagmappings/zaqar.flagmappings index 4d8a61ceb4..2f96491682 100644 --- a/tools/autogenerate-config-flagmappings/zaqar.flagmappings +++ b/tools/autogenerate-config-flagmappings/zaqar.flagmappings @@ -77,44 +77,44 @@ drivers:transport:websocket/external_port websocket drivers:transport:websocket/port websocket drivers:transport:wsgi/bind wsgi drivers:transport:wsgi/port wsgi -keystone_authtoken/admin_password auth_token -keystone_authtoken/admin_tenant_name auth_token -keystone_authtoken/admin_token auth_token -keystone_authtoken/admin_user auth_token -keystone_authtoken/auth_admin_prefix auth_token -keystone_authtoken/auth_host auth_token -keystone_authtoken/auth_port auth_token -keystone_authtoken/auth_protocol auth_token -keystone_authtoken/auth_section auth_token -keystone_authtoken/auth_type auth_token -keystone_authtoken/auth_uri auth_token -keystone_authtoken/auth_version auth_token -keystone_authtoken/cache auth_token -keystone_authtoken/cafile auth_token -keystone_authtoken/certfile auth_token -keystone_authtoken/check_revocations_for_cached auth_token -keystone_authtoken/delay_auth_decision auth_token -keystone_authtoken/enforce_token_bind auth_token -keystone_authtoken/hash_algorithms auth_token -keystone_authtoken/http_connect_timeout auth_token -keystone_authtoken/http_request_max_retries auth_token -keystone_authtoken/identity_uri auth_token -keystone_authtoken/include_service_catalog auth_token -keystone_authtoken/insecure auth_token -keystone_authtoken/keyfile auth_token -keystone_authtoken/memcache_pool_conn_get_timeout auth_token -keystone_authtoken/memcache_pool_dead_retry auth_token -keystone_authtoken/memcache_pool_maxsize auth_token -keystone_authtoken/memcache_pool_socket_timeout auth_token -keystone_authtoken/memcache_pool_unused_timeout auth_token -keystone_authtoken/memcache_secret_key auth_token -keystone_authtoken/memcache_security_strategy auth_token -keystone_authtoken/memcache_use_advanced_pool auth_token -keystone_authtoken/memcached_servers auth_token -keystone_authtoken/region_name auth_token -keystone_authtoken/revocation_cache_time auth_token -keystone_authtoken/signing_dir auth_token -keystone_authtoken/token_cache_time auth_token +keystone_authtoken/admin_password disable +keystone_authtoken/admin_tenant_name disable +keystone_authtoken/admin_token disable +keystone_authtoken/admin_user disable +keystone_authtoken/auth_admin_prefix disable +keystone_authtoken/auth_host disable +keystone_authtoken/auth_port disable +keystone_authtoken/auth_protocol disable +keystone_authtoken/auth_section disable +keystone_authtoken/auth_type disable +keystone_authtoken/auth_uri disable +keystone_authtoken/auth_version disable +keystone_authtoken/cache disable +keystone_authtoken/cafile disable +keystone_authtoken/certfile disable +keystone_authtoken/check_revocations_for_cached disable +keystone_authtoken/delay_auth_decision disable +keystone_authtoken/enforce_token_bind disable +keystone_authtoken/hash_algorithms disable +keystone_authtoken/http_connect_timeout disable +keystone_authtoken/http_request_max_retries disable +keystone_authtoken/identity_uri disable +keystone_authtoken/include_service_catalog disable +keystone_authtoken/insecure disable +keystone_authtoken/keyfile disable +keystone_authtoken/memcache_pool_conn_get_timeout disable +keystone_authtoken/memcache_pool_dead_retry disable +keystone_authtoken/memcache_pool_maxsize disable +keystone_authtoken/memcache_pool_socket_timeout disable +keystone_authtoken/memcache_pool_unused_timeout disable +keystone_authtoken/memcache_secret_key disable +keystone_authtoken/memcache_security_strategy disable +keystone_authtoken/memcache_use_advanced_pool disable +keystone_authtoken/memcached_servers disable +keystone_authtoken/region_name disable +keystone_authtoken/revocation_cache_time disable +keystone_authtoken/signing_dir disable +keystone_authtoken/token_cache_time disable notification/smtp_command api oslo_policy/policy_default_rule disable oslo_policy/policy_dirs disable