remove old options from documentation
these config options are outdated and duplicated. remove them. Change-Id: I02ed459d46333406c394fbcc44d998ca8c2ac33e
This commit is contained in:
Steve Martinelli
parent
95ba901ac0
commit
952d2030e8
@ -189,81 +189,6 @@ is not able to discover it.
|
|||||||
oslo_config_project = nova
|
oslo_config_project = nova
|
||||||
# oslo_config_file = /not_discoverable_location/nova.conf
|
# oslo_config_file = /not_discoverable_location/nova.conf
|
||||||
|
|
||||||
|
|
||||||
Configuration Options
|
|
||||||
---------------------
|
|
||||||
|
|
||||||
* ``auth_plugin``: This is the plugin used for authentication, such as
|
|
||||||
password and token. For example, if the ``auth_plugin`` configuration option
|
|
||||||
is set to ``password`` then set ``username``, ``password``, ``project_name``,
|
|
||||||
``project_domain_name``, ``user_domain_name`` and ``auth_url`` accordingly.
|
|
||||||
* ``auth_admin_prefix``: Prefix to prepend at the beginning of the path
|
|
||||||
* ``auth_host``: (required) the host providing the keystone service API endpoint
|
|
||||||
for validating and requesting tokens
|
|
||||||
* ``auth_port``: (optional, default `35357`) the port used to validate tokens
|
|
||||||
* ``auth_protocol``: (optional, default `https`)
|
|
||||||
* ``auth_uri``: (optional, defaults to
|
|
||||||
`auth_protocol`://`auth_host`:`auth_port`)
|
|
||||||
* ``auth_version``: API version of the admin Identity API endpoint
|
|
||||||
* ``delay_auth_decision``: (optional, default `0`) (off). If on, the middleware
|
|
||||||
will not reject invalid auth requests, but will delegate that decision to
|
|
||||||
downstream WSGI components.
|
|
||||||
* ``http_connect_timeout``: (optional) Request timeout value for communicating
|
|
||||||
with Identity API server.
|
|
||||||
* ``http_request_max_retries``: (default 3) How many times are we trying to
|
|
||||||
reconnect when communicating with Identity API Server.
|
|
||||||
* ``http_handler``: (optional) Allows to pass in the name of a fake
|
|
||||||
http_handler callback function used instead of `httplib.HTTPConnection` or
|
|
||||||
`httplib.HTTPSConnection`. Useful for unit testing where network is not
|
|
||||||
available.
|
|
||||||
|
|
||||||
* ``admin_token``: either this or the following three options are required. If
|
|
||||||
set, this is a single shared secret with the keystone configuration used to
|
|
||||||
validate tokens.
|
|
||||||
* ``admin_user``, ``admin_password``, ``admin_tenant_name``: if ``admin_token``
|
|
||||||
is not set, or invalid, then admin_user, admin_password, and
|
|
||||||
admin_tenant_name are defined as a service account which is expected to have
|
|
||||||
been previously configured in Keystone to validate user tokens.
|
|
||||||
|
|
||||||
* ``cache``: (optional) Env key for the swift cache
|
|
||||||
|
|
||||||
* ``certfile``: (required, if Keystone server requires client cert)
|
|
||||||
* ``keyfile``: (required, if Keystone server requires client cert) This can be
|
|
||||||
the same as the certfile if the certfile includes the private key.
|
|
||||||
* ``cafile``: (optional, defaults to use system CA bundle) the path to a PEM
|
|
||||||
encoded CA file/bundle that will be used to verify HTTPS connections.
|
|
||||||
* ``insecure``: (optional, default `False`) Don't verify HTTPS connections
|
|
||||||
(overrides `cafile`).
|
|
||||||
|
|
||||||
* ``signing_dir``: (optional) Directory used to cache files related to PKI
|
|
||||||
tokens
|
|
||||||
|
|
||||||
* ``memcached_servers``: (optional) If defined, the memcached server(s) to use
|
|
||||||
for caching
|
|
||||||
* ``token_cache_time``: (default 300) In order to prevent excessive requests
|
|
||||||
and validations, the middleware uses an in-memory cache for the tokens the
|
|
||||||
Keystone API returns. This is only valid if memcache_servers s defined. Set
|
|
||||||
to -1 to disable caching completely.
|
|
||||||
* ``memcache_security_strategy``: (optional) if defined, indicate whether token
|
|
||||||
data should be authenticated or authenticated and encrypted. Acceptable
|
|
||||||
values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC)
|
|
||||||
in the cache. If ENCRYPT, token data is encrypted and authenticated in the
|
|
||||||
cache. If the value is not one of these options or empty, auth_token will
|
|
||||||
raise an exception on initialization.
|
|
||||||
* ``memcache_secret_key``: (mandatory if memcache_security_strategy is defined)
|
|
||||||
this string is used for key derivation.
|
|
||||||
* ``include_service_catalog``: (optional, default `True`) Indicate whether to
|
|
||||||
set the X-Service-Catalog header. If False, middleware will not ask for
|
|
||||||
service catalog on token validation and will not set the X-Service-Catalog
|
|
||||||
header.
|
|
||||||
* ``enforce_token_bind``: (default ``permissive``) Used to control the use and
|
|
||||||
type of token binding. Can be set to: "disabled" to not check token binding.
|
|
||||||
"permissive" (default) to validate binding information if the bind type is of
|
|
||||||
a form known to the server and ignore it if not. "strict" like "permissive"
|
|
||||||
but if the bind type is unknown the token will be rejected. "required" any
|
|
||||||
form of token binding is needed to be allowed. Finally the name of a binding
|
|
||||||
method that must be present in tokens.
|
|
||||||
|
|
||||||
Caching for improved response
|
Caching for improved response
|
||||||
-----------------------------
|
-----------------------------
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user