Merge "remove old options from documentation"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
67e1a46b1c
@ -189,81 +189,6 @@ is not able to discover it.
|
||||
oslo_config_project = nova
|
||||
# oslo_config_file = /not_discoverable_location/nova.conf
|
||||
|
||||
|
||||
Configuration Options
|
||||
---------------------
|
||||
|
||||
* ``auth_plugin``: This is the plugin used for authentication, such as
|
||||
password and token. For example, if the ``auth_plugin`` configuration option
|
||||
is set to ``password`` then set ``username``, ``password``, ``project_name``,
|
||||
``project_domain_name``, ``user_domain_name`` and ``auth_url`` accordingly.
|
||||
* ``auth_admin_prefix``: Prefix to prepend at the beginning of the path
|
||||
* ``auth_host``: (required) the host providing the keystone service API endpoint
|
||||
for validating and requesting tokens
|
||||
* ``auth_port``: (optional, default `35357`) the port used to validate tokens
|
||||
* ``auth_protocol``: (optional, default `https`)
|
||||
* ``auth_uri``: (optional, defaults to
|
||||
`auth_protocol`://`auth_host`:`auth_port`)
|
||||
* ``auth_version``: API version of the admin Identity API endpoint
|
||||
* ``delay_auth_decision``: (optional, default `0`) (off). If on, the middleware
|
||||
will not reject invalid auth requests, but will delegate that decision to
|
||||
downstream WSGI components.
|
||||
* ``http_connect_timeout``: (optional) Request timeout value for communicating
|
||||
with Identity API server.
|
||||
* ``http_request_max_retries``: (default 3) How many times are we trying to
|
||||
reconnect when communicating with Identity API Server.
|
||||
* ``http_handler``: (optional) Allows to pass in the name of a fake
|
||||
http_handler callback function used instead of `httplib.HTTPConnection` or
|
||||
`httplib.HTTPSConnection`. Useful for unit testing where network is not
|
||||
available.
|
||||
|
||||
* ``admin_token``: either this or the following three options are required. If
|
||||
set, this is a single shared secret with the keystone configuration used to
|
||||
validate tokens.
|
||||
* ``admin_user``, ``admin_password``, ``admin_tenant_name``: if ``admin_token``
|
||||
is not set, or invalid, then admin_user, admin_password, and
|
||||
admin_tenant_name are defined as a service account which is expected to have
|
||||
been previously configured in Keystone to validate user tokens.
|
||||
|
||||
* ``cache``: (optional) Env key for the swift cache
|
||||
|
||||
* ``certfile``: (required, if Keystone server requires client cert)
|
||||
* ``keyfile``: (required, if Keystone server requires client cert) This can be
|
||||
the same as the certfile if the certfile includes the private key.
|
||||
* ``cafile``: (optional, defaults to use system CA bundle) the path to a PEM
|
||||
encoded CA file/bundle that will be used to verify HTTPS connections.
|
||||
* ``insecure``: (optional, default `False`) Don't verify HTTPS connections
|
||||
(overrides `cafile`).
|
||||
|
||||
* ``signing_dir``: (optional) Directory used to cache files related to PKI
|
||||
tokens
|
||||
|
||||
* ``memcached_servers``: (optional) If defined, the memcached server(s) to use
|
||||
for caching
|
||||
* ``token_cache_time``: (default 300) In order to prevent excessive requests
|
||||
and validations, the middleware uses an in-memory cache for the tokens the
|
||||
Keystone API returns. This is only valid if memcache_servers s defined. Set
|
||||
to -1 to disable caching completely.
|
||||
* ``memcache_security_strategy``: (optional) if defined, indicate whether token
|
||||
data should be authenticated or authenticated and encrypted. Acceptable
|
||||
values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC)
|
||||
in the cache. If ENCRYPT, token data is encrypted and authenticated in the
|
||||
cache. If the value is not one of these options or empty, auth_token will
|
||||
raise an exception on initialization.
|
||||
* ``memcache_secret_key``: (mandatory if memcache_security_strategy is defined)
|
||||
this string is used for key derivation.
|
||||
* ``include_service_catalog``: (optional, default `True`) Indicate whether to
|
||||
set the X-Service-Catalog header. If False, middleware will not ask for
|
||||
service catalog on token validation and will not set the X-Service-Catalog
|
||||
header.
|
||||
* ``enforce_token_bind``: (default ``permissive``) Used to control the use and
|
||||
type of token binding. Can be set to: "disabled" to not check token binding.
|
||||
"permissive" (default) to validate binding information if the bind type is of
|
||||
a form known to the server and ignore it if not. "strict" like "permissive"
|
||||
but if the bind type is unknown the token will be rejected. "required" any
|
||||
form of token binding is needed to be allowed. Finally the name of a binding
|
||||
method that must be present in tokens.
|
||||
|
||||
Caching for improved response
|
||||
-----------------------------
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user