keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

auth.py
Go to the documentation of this file.
1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
2 # not use this file except in compliance with the License. You may obtain
3 # a copy of the License at
4 #
5 # http://www.apache.org/licenses/LICENSE-2.0
6 #
7 # Unless required by applicable law or agreed to in writing, software
8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10 # License for the specific language governing permissions and limitations
11 # under the License.
12 
13 from oslo_config import cfg
14 
15 from keystone.conf import constants
16 from keystone.conf import utils
17 
18 
19 methods = cfg.ListOpt(
20  'methods',
21  default=constants._DEFAULT_AUTH_METHODS,
22  help=utils.fmt("""
23 Allowed authentication methods. Note: You should disable the `external` auth
24 method if you are currently using federation. External auth and federation
25 both use the REMOTE_USER variable. Since both the mapped and external plugin
26 are being invoked to validate attributes in the request environment, it can
27 cause conflicts.
28 """))
29 
30 password = cfg.StrOpt( # nosec : This is the name of the plugin, not
31  'password', # a password that needs to be protected.
32  help=utils.fmt("""
33 Entry point for the password auth plugin module in the `keystone.auth.password`
34 namespace. You do not need to set this unless you are overriding keystone's own
35 password authentication plugin.
36 """))
37 
38 token = cfg.StrOpt(
39  'token',
40  help=utils.fmt("""
41 Entry point for the token auth plugin module in the `keystone.auth.token`
42 namespace. You do not need to set this unless you are overriding keystone's own
43 token authentication plugin.
44 """))
45 
46 # deals with REMOTE_USER authentication
47 external = cfg.StrOpt(
48  'external',
49  help=utils.fmt("""
50 Entry point for the external (`REMOTE_USER`) auth plugin module in the
51 `keystone.auth.external` namespace. Supplied drivers are `DefaultDomain` and
52 `Domain`. The default driver is `DefaultDomain`, which assumes that all users
53 identified by the username specified to keystone in the `REMOTE_USER` variable
54 exist within the context of the default domain. The `Domain` option expects an
55 additional environment variable be presented to keystone, `REMOTE_DOMAIN`,
56 containing the domain name of the `REMOTE_USER` (if `REMOTE_DOMAIN` is not set,
57 then the default domain will be used instead). You do not need to set this
58 unless you are taking advantage of "external authentication", where the
59 application server (such as Apache) is handling authentication instead of
60 keystone.
61 """))
62 
63 oauth1 = cfg.StrOpt(
64  'oauth1',
65  help=utils.fmt("""
66 Entry point for the OAuth 1.0a auth plugin module in the `keystone.auth.oauth1`
67 namespace. You do not need to set this unless you are overriding keystone's own
68 `oauth1` authentication plugin.
69 """))
70 
71 mapped = cfg.StrOpt(
72  'mapped',
73  help=utils.fmt("""
74 Entry point for the mapped auth plugin module in the `keystone.auth.mapped`
75 namespace. You do not need to set this unless you are overriding keystone's own
76 `mapped` authentication plugin.
77 """))
78 
79 application_credential = cfg.StrOpt(
80  'application_credential',
81  help=utils.fmt("""
82 Entry point for the application_credential auth plugin module in the
83 `keystone.auth.application_credential` namespace. You do not need to set this
84 unless you are overriding keystone's own `application_credential`
85 authentication plugin.
86 """))
87 
88 
89 GROUP_NAME = __name__.split('.')[-1]
90 ALL_OPTS = [
91  methods,
92  password,
93  token,
94  external,
95  oauth1,
96  mapped,
97  application_credential,
98 ]
99 
100 
101 def _register_auth_plugin_opt(conf, option):
102  conf.register_opt(option, group=GROUP_NAME)
103 
104 
105 def setup_authentication(conf=None):
106  """Register non-default auth methods (used by extensions, etc)."""
107  # register any non-default auth methods here (used by extensions, etc)
108  if conf is None:
109  conf = cfg.CONF
110  for method_name in conf.auth.methods:
111  if method_name not in constants._DEFAULT_AUTH_METHODS:
112  option = cfg.StrOpt(method_name)
113  _register_auth_plugin_opt(conf, option)
114 
115 
116 def register_opts(conf):
117  conf.register_opts(ALL_OPTS, group=GROUP_NAME)
118 
120 
121 
122 def list_opts():
123  return {GROUP_NAME: ALL_OPTS}
keystone.conf.auth.setup_authentication
def setup_authentication(conf=None)
Definition: auth.py:105
keystone.conf
Definition: __init__.py:1
keystone.conf.auth.list_opts
def list_opts()
Definition: auth.py:122
keystone.conf.auth._register_auth_plugin_opt
def _register_auth_plugin_opt(conf, option)
Definition: auth.py:101
keystone.conf.auth.register_opts
def register_opts(conf)
Definition: auth.py:116