keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

tokenless_auth.py
Go to the documentation of this file.
1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
2 # not use this file except in compliance with the License. You may obtain
3 # a copy of the License at
4 #
5 # http://www.apache.org/licenses/LICENSE-2.0
6 #
7 # Unless required by applicable law or agreed to in writing, software
8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10 # License for the specific language governing permissions and limitations
11 # under the License.
12 
13 from oslo_config import cfg
14 
15 from keystone.conf import utils
16 
17 
18 trusted_issuer = cfg.MultiStrOpt(
19  'trusted_issuer',
20  default=[],
21  help=utils.fmt("""
22 The list of distinguished names which identify trusted issuers of client
23 certificates allowed to use X.509 tokenless authorization. If the option is
24 absent then no certificates will be allowed. The format for the values of a
25 distinguished name (DN) must be separated by a comma and contain no spaces.
26 Furthermore, because an individual DN may contain commas, this configuration
27 option may be repeated multiple times to represent multiple values. For
28 example, keystone.conf would include two consecutive lines in order to trust
29 two different DNs, such as `trusted_issuer = CN=john,OU=keystone,O=openstack`
30 and `trusted_issuer = CN=mary,OU=eng,O=abc`.
31 """))
32 
33 protocol = cfg.StrOpt(
34  'protocol',
35  default='x509',
36  help=utils.fmt("""
37 The federated protocol ID used to represent X.509 tokenless authorization. This
38 is used in combination with the value of `[tokenless_auth] issuer_attribute` to
39 find a corresponding federated mapping. In a typical deployment, there is no
40 reason to change this value.
41 """))
42 
43 issuer_attribute = cfg.StrOpt(
44  'issuer_attribute',
45  default='SSL_CLIENT_I_DN',
46  help=utils.fmt("""
47 The name of the WSGI environment variable used to pass the issuer of the client
48 certificate to keystone. This attribute is used as an identity provider ID
49 for the X.509 tokenless authorization along with the protocol to look up its
50 corresponding mapping. In a typical deployment, there is no reason to change
51 this value.
52 """))
53 
54 
55 GROUP_NAME = __name__.split('.')[-1]
56 ALL_OPTS = [
57  trusted_issuer,
58  protocol,
59  issuer_attribute,
60 ]
61 
62 
63 def register_opts(conf):
64  conf.register_opts(ALL_OPTS, group=GROUP_NAME)
65 
66 
67 def list_opts():
68  return {GROUP_NAME: ALL_OPTS}
keystone.conf.tokenless_auth.list_opts
def list_opts()
Definition: tokenless_auth.py:67
keystone.conf
Definition: __init__.py:1
keystone.conf.tokenless_auth.register_opts
def register_opts(conf)
Definition: tokenless_auth.py:63