The root config type for the OpenStack Identity v3 filter configuration file.
Deprecated: This attribute is deprecated. Use pre-authorized-roles instead.
If set to false, x-project-id headers are not sent with qualities.
If set to true, the default x-project-id will be given the highest quality, and qualities
will be attached to every x-project-id header.
If set to false, a single X-Project-Id is sent.
If set to true, all project IDs returned by the Identity service are added as multiple
X-Project-Id headers.
Tells the filter whether or not to make a GET groups API call to the OpenStack Identity service
and populate the X-PP-Groups header with the result.
Tells the filter whether or not to forward the service catalog associated with a token in the
X-Catalog header. If forwarded, the service catalog will be base 64 encoded.
Http Connection pool ID to use when talking to OpenStack Identity v3
A list of URI patterns all users can access.
Defines an Openstack Identity endpoint and access credentials.
Admin username to access the OpenStack Identity service.
Admin password to access the OpenStack Identity service.
Optional domain id to use when authenticating as an Admin User to OpenStack Identity.
This will end up in the domain: { "id": HERE } JSON structure
Target URI for authentication requests.
The project ID of the admin defined by the username and password.
Describes the service mapping for the Origin Service
URL for the endpoint that matches the Origin Service
Region for the endpoint that matches the Origin Service
Name for the endpoint that matches the Origin Service
Interface for the endpoint that matches the Origin Service
If this element is present, the OpenStack Identity V3 filter will attempt to match the project ID
parsed from the URI against the set of project IDs in the token provided by the Identity service.
This attribute represents a regular expression which will be used to parse the project ID
out of the uri. A capture group should be present around the portion of the regex which matches
the project ID.
A '/' delimited list of prefixes to attempt to strip from the project id in the token
response from the identity service. The post-strip project id is only used in the project id
validation check.
A list of roles that bypass the project id and endpoint checks.
Users with any of the roles specified will be considered pre-authorized.
If present, the OpenStack Identity v3 filter will not send a failing response when authentication
fails.
Instead, it will add the data relating to the failure to a header and forward the
request to be handled by a different filter or service.
If not present, a validator will send a failing response when authentication fails.
The quality, a double between 0 and 1, assigned to the delegation header on delegation. This
value will be used to order delegation based on priority when multiple delegations are present.
The number of seconds which cached data will live in the datastore. Different data is cached
separately, so there are multiple configurable cache timeouts. Each timeout value behaves in the
following way:
If 0, data is cached indefinitely. In other words, data is eternal.
If greater than 0, data is cached for the value provided, in seconds.
Deprecated: This element is deprecated. Use token attribute instead.
Deprecated: This element is deprecated. Use group attribute instead.
Cache timeout variance (in seconds) for cached data. A random value
between -variance and +variance will be applied to the existing
cache timeout values. A timeout variance mitigates issues caused by cached
data expiring at the same time.
Defaults to no variance.
The unique ID of a feed defined in the Atom Feed service configuration.