"Fossies" - the Fresh Open Source Software Archive

Member "keystone-18.0.0/keystone/conf/credential.py" (14 Oct 2020, 2993 Bytes) of package /linux/misc/openstack/keystone-18.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "credential.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 17.0.0_vs_18.0.0.

    1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    2 # not use this file except in compliance with the License. You may obtain
    3 # a copy of the License at
    4 #
    5 #      http://www.apache.org/licenses/LICENSE-2.0
    6 #
    7 # Unless required by applicable law or agreed to in writing, software
    8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   10 # License for the specific language governing permissions and limitations
   11 # under the License.
   12 
   13 from oslo_config import cfg
   14 
   15 from keystone.conf import utils
   16 
   17 
   18 driver = cfg.StrOpt(
   19     'driver',
   20     default='sql',
   21     help=utils.fmt("""
   22 Entry point for the credential backend driver in the `keystone.credential`
   23 namespace. Keystone only provides a `sql` driver, so there's no reason to
   24 change this unless you are providing a custom entry point.
   25 """))
   26 
   27 provider = cfg.StrOpt(
   28     'provider',
   29     default='fernet',
   30     help=utils.fmt("""
   31 Entry point for credential encryption and decryption operations in the
   32 `keystone.credential.provider` namespace. Keystone only provides a `fernet`
   33 driver, so there's no reason to change this unless you are providing a custom
   34 entry point to encrypt and decrypt credentials.
   35 """))
   36 
   37 key_repository = cfg.StrOpt(
   38     'key_repository',
   39     default='/etc/keystone/credential-keys/',
   40     help=utils.fmt("""
   41 Directory containing Fernet keys used to encrypt and decrypt credentials stored
   42 in the credential backend. Fernet keys used to encrypt credentials have no
   43 relationship to Fernet keys used to encrypt Fernet tokens. Both sets of keys
   44 should be managed separately and require different rotation policies. Do not
   45 share this repository with the repository used to manage keys for Fernet
   46 tokens.
   47 """))
   48 
   49 caching = cfg.BoolOpt(
   50     'caching',
   51     default=True,
   52     help=utils.fmt("""
   53 Toggle for caching only on retrieval of user credentials. This has no effect
   54 unless global caching is enabled.
   55 """))
   56 
   57 cache_time = cfg.IntOpt(
   58     'cache_time',
   59     help=utils.fmt("""
   60 Time to cache credential data in seconds. This has no effect unless global
   61 caching is enabled.
   62 """))
   63 
   64 auth_ttl = cfg.IntOpt(
   65     'auth_ttl',
   66     default=15,
   67     help=utils.fmt("""
   68 The length of time in minutes for which a signed EC2 or S3 token request is
   69 valid from the timestamp contained in the token request.
   70 """))
   71 
   72 user_limit = cfg.IntOpt(
   73     'user_limit',
   74     default=-1,
   75     help=utils.fmt("""
   76 Maximum number of credentials a user is permitted to create. A value of
   77 -1 means unlimited. If a limit is not set, users are permitted to create
   78 credentials at will, which could lead to bloat in the keystone database
   79 or open keystone to a DoS attack.
   80 """))
   81 
   82 GROUP_NAME = __name__.split('.')[-1]
   83 ALL_OPTS = [
   84     driver,
   85     provider,
   86     key_repository,
   87     caching,
   88     cache_time,
   89     auth_ttl,
   90     user_limit,
   91 ]
   92 
   93 
   94 def register_opts(conf):
   95     conf.register_opts(ALL_OPTS, group=GROUP_NAME)
   96 
   97 
   98 def list_opts():
   99     return {GROUP_NAME: ALL_OPTS}