keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

identity_mapping.py
Go to the documentation of this file.
1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
2 # not use this file except in compliance with the License. You may obtain
3 # a copy of the License at
4 #
5 # http://www.apache.org/licenses/LICENSE-2.0
6 #
7 # Unless required by applicable law or agreed to in writing, software
8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10 # License for the specific language governing permissions and limitations
11 # under the License.
12 
13 from oslo_config import cfg
14 
15 from keystone.conf import utils
16 
17 
18 driver = cfg.StrOpt(
19  'driver',
20  default='sql',
21  help=utils.fmt("""
22 Entry point for the identity mapping backend driver in the
23 `keystone.identity.id_mapping` namespace. Keystone only provides a `sql`
24 driver, so there is no reason to change this unless you are providing a custom
25 entry point.
26 """))
27 
28 generator = cfg.StrOpt(
29  'generator',
30  default='sha256',
31  help=utils.fmt("""
32 Entry point for the public ID generator for user and group entities in the
33 `keystone.identity.id_generator` namespace. The Keystone identity mapper only
34 supports generators that produce 64 bytes or less. Keystone only provides a
35 `sha256` entry point, so there is no reason to change this value unless you're
36 providing a custom entry point.
37 """))
38 
39 backward_compatible_ids = cfg.BoolOpt(
40  'backward_compatible_ids',
41  default=True,
42  help=utils.fmt("""
43 The format of user and group IDs changed in Juno for backends that do not
44 generate UUIDs (for example, LDAP), with keystone providing a hash mapping to
45 the underlying attribute in LDAP. By default this mapping is disabled, which
46 ensures that existing IDs will not change. Even when the mapping is enabled by
47 using domain-specific drivers (`[identity] domain_specific_drivers_enabled`),
48 any users and groups from the default domain being handled by LDAP will still
49 not be mapped to ensure their IDs remain backward compatible. Setting this
50 value to false will enable the new mapping for all backends, including the
51 default LDAP driver. It is only guaranteed to be safe to enable this option
52 if you do not already have assignments for users and groups from the default
53 LDAP domain, and you consider it to be acceptable for Keystone to provide the
54 different IDs to clients than it did previously (existing IDs in the API will
55 suddenly change). Typically this means that the only time you can set this
56 value to false is when configuring a fresh installation, although that is the
57 recommended value.
58 """))
59 
60 
61 GROUP_NAME = __name__.split('.')[-1]
62 ALL_OPTS = [
63  driver,
64  generator,
65  backward_compatible_ids,
66 ]
67 
68 
69 def register_opts(conf):
70  conf.register_opts(ALL_OPTS, group=GROUP_NAME)
71 
72 
73 def list_opts():
74  return {GROUP_NAME: ALL_OPTS}
keystone.conf.identity_mapping.register_opts
def register_opts(conf)
Definition: identity_mapping.py:69
keystone.conf.identity_mapping.list_opts
def list_opts()
Definition: identity_mapping.py:73
keystone.conf
Definition: __init__.py:1