The root config type for the OpenStack Identity v3 filter configuration file. Deprecated: This attribute is deprecated. Use pre-authorized-roles instead. If set to false, x-project-id headers are not sent with qualities. If set to true, the default x-project-id will be given the highest quality, and qualities will be attached to every x-project-id header. If set to false, a single X-Project-Id is sent. If set to true, all project IDs returned by the Identity service are added as multiple X-Project-Id headers. Time in milliseconds to cache auth token. Time in milliseconds to cache auth groups. Cache timeout offset (in milliseconds) for token and group cache. A random value between -cache-offset and +cache-offset will be applied to the existing token and group timeout values. Tells the filter whether or not to make a GET groups API call to the OpenStack Identity service and populate the X-PP-Groups header with the result. Tells the filter whether or not to forward the service catalog associated with a token in the X-Catalog header. If forwarded, the service catalog will be base 64 encoded. Http Connection pool ID to use when talking to OpenStack Identity v3 A list of URI patterns all users can access. Defines an Openstack Identity endpoint and access credentials. Admin username to access the OpenStack Identity service. Admin password to access the OpenStack Identity service. Optional domain id to use when authenticating as an Admin User to OpenStack Identity. This will end up in the domain: { "id": HERE } JSON structure Target URI for authentication requests. The project ID of the admin defined by the username and password. Describes the service mapping for the Origin Service URL for the endpoint that matches the Origin Service Region for the endpoint that matches the Origin Service Name for the endpoint that matches the Origin Service Interface for the endpoint that matches the Origin Service If this element is present, the OpenStack Identity V3 filter will attempt to match the project ID parsed from the URI against the set of project IDs in the token provided by the Identity service. This attribute represents a regular expression which will be used to parse the project ID out of the uri. A capture group should be present around the portion of the regex which matches the project ID. A '/' delimited list of prefixes to attempt to strip from the project id in the token response from the identity service. The post-strip project id is only used in the project id validation check. A list of roles that bypass the project id and endpoint checks. Users with any of the roles specified will be considered pre-authorized. If present, the OpenStack Identity v3 filter will not send a failing response when authentication fails. Instead, it will add the data relating to the failure to a header and forward the request to be handled by a different filter or service. If not present, a validator will send a failing response when authentication fails. The quality, a double between 0 and 1, assigned to the delegation header on delegation. This value will be used to order delegation based on priority when multiple delegations are present. The number of seconds which cached data will live in the datastore. Different data is cached separately, so there are multiple configurable cache timeouts. Each timeout value behaves in the following way: If 0, data is cached indefinitely. In other words, data is eternal. If greater than 0, data is cached for the value provided, in seconds. Cache timeout variance (in milliseconds) for cached data. A random value between -cache-offset and +cache-offset will be applied to the existing cache timeout values. A timeout variance mitigates issues caused by cached data expiring at the same time. Defaults to no variance. The unique ID of a feed defined in the Atom Feed service configuration.