New option default_authorization_ttl
Add new option default_authorization_ttl used for federation to set validity of group memberships coming from a mapping. Closes-Bug: #1970388 Change-Id: I4a8dbc501e14d1201ceed27077554924c56e3abd
This commit is contained in:
parent
a76a3d9599
commit
f5d9b9ed40
|
@ -436,3 +436,9 @@ options:
|
||||||
the charm, but it's possible that it may break things unexpectedly.
|
the charm, but it's possible that it may break things unexpectedly.
|
||||||
Please ensure that the the README and relevant documentation is consulted
|
Please ensure that the the README and relevant documentation is consulted
|
||||||
before setting this configuration option.
|
before setting this configuration option.
|
||||||
|
default-authorization-ttl:
|
||||||
|
type: int
|
||||||
|
default: 0
|
||||||
|
description: |
|
||||||
|
Default time (in minutes) for the validity of group memberships carried
|
||||||
|
over from a federation mapping. Default is 0 which means disabled.
|
||||||
|
|
|
@ -249,6 +249,8 @@ class KeystoneContext(context.OSContextGenerator):
|
||||||
ctxt['log_config'] = ('/etc/keystone/logging.conf')
|
ctxt['log_config'] = ('/etc/keystone/logging.conf')
|
||||||
ctxt['paste_config_file'] = '/etc/keystone/keystone-paste.ini'
|
ctxt['paste_config_file'] = '/etc/keystone/keystone-paste.ini'
|
||||||
|
|
||||||
|
ctxt['default_authorization_ttl'] = config('default-authorization-ttl')
|
||||||
|
|
||||||
return ctxt
|
return ctxt
|
||||||
|
|
||||||
ALLOWED_SECURITY_COMPLIANCE_SCHEMA = {
|
ALLOWED_SECURITY_COMPLIANCE_SCHEMA = {
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
{% for dashboard_url in trusted_dashboards -%}
|
{% for dashboard_url in trusted_dashboards -%}
|
||||||
trusted_dashboard = {{ dashboard_url }}
|
trusted_dashboard = {{ dashboard_url }}
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
|
default_authorization_ttl = {{ default_authorization_ttl }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% for sp in fid_sps -%}
|
{% for sp in fid_sps -%}
|
||||||
[{{ sp['protocol-name'] }}]
|
[{{ sp['protocol-name'] }}]
|
||||||
|
|
Loading…
Reference in New Issue