keystone.conf.credential

updated: 2022-01-07 19:53

Source code for keystone.conf.credential

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

from oslo_config import cfg

from keystone.conf import utils


driver = cfg.StrOpt(
    'driver',
    default='sql',
    help=utils.fmt("""
Entry point for the credential backend driver in the `keystone.credential`
namespace. Keystone only provides a `sql` driver, so there's no reason to
change this unless you are providing a custom entry point.
"""))

provider = cfg.StrOpt(
    'provider',
    default='fernet',
    help=utils.fmt("""
Entry point for credential encryption and decryption operations in the
`keystone.credential.provider` namespace. Keystone only provides a `fernet`
driver, so there's no reason to change this unless you are providing a custom
entry point to encrypt and decrypt credentials.
"""))

key_repository = cfg.StrOpt(
    'key_repository',
    default='/etc/keystone/credential-keys/',
    help=utils.fmt("""
Directory containing Fernet keys used to encrypt and decrypt credentials stored
in the credential backend. Fernet keys used to encrypt credentials have no
relationship to Fernet keys used to encrypt Fernet tokens. Both sets of keys
should be managed separately and require different rotation policies. Do not
share this repository with the repository used to manage keys for Fernet
tokens.
"""))

auth_ttl = cfg.IntOpt(
    'auth_ttl',
    default=15,
    help=utils.fmt("""
The length of time in minutes for which a signed EC2 or S3 token request is
valid from the timestamp contained in the token request.
"""))


GROUP_NAME = __name__.split('.')[-1]
ALL_OPTS = [
    driver,
    provider,
    key_repository,
    auth_ttl
]



[docs]def register_opts(conf):
    conf.register_opts(ALL_OPTS, group=GROUP_NAME)




[docs]def list_opts():
    return {GROUP_NAME: ALL_OPTS}
updated: 2022-01-07 19:53
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

found an error? report a bug questions?