Merge "generate sample config automatically"
This commit is contained in:
commit
0cd8b0fc77
|
@ -56,3 +56,6 @@ ChangeLog
|
|||
|
||||
# Files created by releasenotes build
|
||||
releasenotes/build
|
||||
|
||||
# sample config included in docs
|
||||
doc/source/_static/keystonemiddleware.conf.sample
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
[DEFAULT]
|
||||
output_file = etc/keystone.conf.sample
|
||||
wrap_width = 79
|
||||
namespace = keystonemiddleware.auth_token
|
|
@ -49,9 +49,13 @@ extensions = ['sphinx.ext.autodoc',
|
|||
# remove this Sphinx extension when
|
||||
# https://launchpad.net/bugs/1260495 is fixed.
|
||||
'ext.apidoc',
|
||||
'oslosphinx'
|
||||
'oslosphinx',
|
||||
'oslo_config.sphinxconfiggen'
|
||||
]
|
||||
|
||||
config_generator_config_file = '../../config-generator/keystonemiddleware.conf'
|
||||
sample_config_basename = '_static/keystonemiddleware'
|
||||
|
||||
todo_include_todos = True
|
||||
|
||||
# Add any paths that contain templates here, relative to this directory.
|
||||
|
@ -156,7 +160,7 @@ man_pages = []
|
|||
# Add any paths that contain custom static files (such as style sheets) here,
|
||||
# relative to this directory. They are copied after the builtin static files,
|
||||
# so a file named "default.css" will overwrite the builtin "default.css".
|
||||
#html_static_path = ['static']
|
||||
html_static_path = ['_static']
|
||||
|
||||
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
|
||||
# using the given strftime format.
|
||||
|
|
|
@ -124,166 +124,7 @@ a WSGI component. Example for the auth_token middleware:
|
|||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
|
||||
# Prefix to prepend at the beginning of the path (string
|
||||
# value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#auth_admin_prefix=
|
||||
|
||||
# Authentication URL (string value)
|
||||
auth_url=http://127.0.0.1:35357
|
||||
|
||||
# Host providing the admin Identity API endpoint (string
|
||||
# value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#auth_host=127.0.0.1
|
||||
|
||||
# Port of the admin Identity API endpoint (integer value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#auth_port=35357
|
||||
|
||||
# Protocol of the admin Identity API endpoint(http or https)
|
||||
# (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#auth_protocol=https
|
||||
|
||||
# Complete admin Identity API endpoint.
|
||||
# This should specify the unversioned root endpoint
|
||||
# e.g. https://localhost:35357/. (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_url
|
||||
#identity_uri=<None>
|
||||
|
||||
# Complete public Identity API endpoint (string value)
|
||||
#auth_uri=<None>
|
||||
|
||||
# API version of the admin Identity API endpoint (string
|
||||
# value)
|
||||
#auth_version=<None>
|
||||
|
||||
# Do not handle authorization requests within the middleware,
|
||||
# but delegate the authorization decision to downstream WSGI
|
||||
# components (boolean value)
|
||||
#delay_auth_decision=false
|
||||
|
||||
# Request timeout value for communicating with Identity API
|
||||
# server. (boolean value)
|
||||
#http_connect_timeout=<None>
|
||||
|
||||
# How many times are we trying to reconnect when communicating
|
||||
# with Identity API Server. (integer value)
|
||||
#http_request_max_retries=3
|
||||
|
||||
# Single shared secret with the Keystone configuration used
|
||||
# for bootstrapping a Keystone installation, or otherwise
|
||||
# bypassing the normal authentication process. (string value)
|
||||
# Deprecated, use username and password instead.
|
||||
#admin_token=<None>
|
||||
|
||||
# Keystone account username (string value)
|
||||
#admin_user=<None>
|
||||
|
||||
# Keystone account password (string value)
|
||||
admin_password=SuperSekretPassword
|
||||
|
||||
# Keystone service account tenant name to validate user tokens
|
||||
# (string value)
|
||||
#admin_tenant_name=admin
|
||||
|
||||
# Env key for the swift cache (string value)
|
||||
#cache=<None>
|
||||
|
||||
# Required if Keystone server requires client certificate
|
||||
# (string value)
|
||||
#certfile=<None>
|
||||
|
||||
# Required if Keystone server requires client certificate
|
||||
# (string value)
|
||||
#keyfile=<None>
|
||||
|
||||
# A PEM encoded Certificate Authority to use when verifying
|
||||
# HTTPs connections. Defaults to system CAs. (string value)
|
||||
#cafile=<None>
|
||||
|
||||
# Verify HTTPS connections. (boolean value)
|
||||
#insecure=false
|
||||
|
||||
# Directory used to cache files related to PKI tokens (string
|
||||
# value)
|
||||
#signing_dir=<None>
|
||||
|
||||
# If defined, the memcached server(s) to use for caching (list
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/memcache_servers
|
||||
#memcached_servers=<None>
|
||||
|
||||
# In order to prevent excessive requests and validations, the
|
||||
# middleware uses an in-memory cache for the tokens the
|
||||
# Keystone API returns. This is only valid if memcache_servers
|
||||
# is defined. Set to -1 to disable caching completely.
|
||||
# (integer value)
|
||||
#token_cache_time=300
|
||||
|
||||
# Determines the frequency at which the list of revoked tokens
|
||||
# is retrieved from the Identity service (in seconds). A high
|
||||
# number of revocation events combined with a low cache duration
|
||||
# may significantly reduce performance. Only valid for PKI tokens.
|
||||
# (integer value)
|
||||
#revocation_cache_time = 10
|
||||
|
||||
# (optional) if defined, indicate whether token data should be
|
||||
# authenticated or authenticated and encrypted. Acceptable
|
||||
# values are MAC or ENCRYPT. If MAC, token data is
|
||||
# authenticated (with HMAC) in the cache. If ENCRYPT, token
|
||||
# data is encrypted and authenticated in the cache. If the
|
||||
# value is not one of these options or empty, auth_token will
|
||||
# raise an exception on initialization. (string value)
|
||||
#memcache_security_strategy=<None>
|
||||
|
||||
# (optional, mandatory if memcache_security_strategy is
|
||||
# defined) this string is used for key derivation. (string
|
||||
# value)
|
||||
#memcache_secret_key=<None>
|
||||
|
||||
# (optional) indicate whether to set the X-Service-Catalog
|
||||
# header. If False, middleware will not ask for service
|
||||
# catalog on token validation and will not set the X-Service-
|
||||
# Catalog header. (boolean value)
|
||||
#include_service_catalog=true
|
||||
|
||||
# Used to control the use and type of token binding. Can be
|
||||
# set to: "disabled" to not check token binding. "permissive"
|
||||
# (default) to validate binding information if the bind type
|
||||
# is of a form known to the server and ignore it if not.
|
||||
# "strict" like "permissive" but if the bind type is unknown
|
||||
# the token will be rejected. "required" any form of token
|
||||
# binding is needed to be allowed. Finally the name of a
|
||||
# binding method that must be present in tokens. (string
|
||||
# value)
|
||||
#enforce_token_bind=permissive
|
||||
|
||||
# If true, the revocation list will be checked for cached
|
||||
# tokens. This requires that PKI tokens are configured on the
|
||||
# identity server.
|
||||
# (boolean value)
|
||||
#check_revocations_for_cached = false
|
||||
|
||||
# Hash algorithms to use for hashing PKI tokens. This may be a
|
||||
# single algorithm or multiple. The algorithms are those supported
|
||||
# by Python standard hashlib.new(). The hashes will be tried in the
|
||||
# order given, so put the preferred one first for performance. The
|
||||
# result of the first hash will be stored in the cache. This will
|
||||
# typically be set to multiple values only while migrating from a
|
||||
# less secure algorithm to a more secure one. Once all the old
|
||||
# tokens are expired this option should be set to a single value
|
||||
# for better performance. (list value)
|
||||
#hash_algorithms = md5
|
||||
|
||||
# Authentication type to load (unknown value)
|
||||
# Deprecated group/name - [DEFAULT]/auth_plugin
|
||||
#auth_type = <None>
|
||||
|
||||
# Config Section from which to load plugin specific options
|
||||
# (unknown value)
|
||||
#auth_section = <None>
|
||||
.. literalinclude:: _static/keystonemiddleware.conf.sample
|
||||
|
||||
If the ``auth_plugin`` configuration option is set, you may need to refer to
|
||||
the `Authentication Plugins <http://docs.openstack.org/developer/
|
||||
|
|
Loading…
Reference in New Issue