/etc/castellan/castellan.conf is in python-castellan 0.4.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | [DEFAULT]
[barbican]
#
# From castellan.config
#
# Use this endpoint to connect to Barbican, for example: "http://localhost:9311/" (string value)
#barbican_endpoint = <None>
# Version of the Barbican API, for example: "v1" (string value)
#barbican_api_version = <None>
# Use this endpoint to connect to Keystone (string value)
#auth_endpoint = http://localhost:5000/v3
# Number of seconds to wait before retrying poll for key creation completion (integer value)
#retry_delay = 1
# Number of times to retry poll for key creation completion (integer value)
#number_of_retries = 60
[key_manager]
#
# From castellan.config
#
# The full class name of the key manager API class (string value)
#api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager
# The type of authentication credential to create. Possible values are 'token', 'password', 'keystone_token', and 'keystone_password'.
# Required if no context is passed to the credential factory. (string value)
#auth_type = <None>
# Token for authentication. Required for 'token' and 'keystone_token' auth_type if no context is passed to the credential factory. (string
# value)
#token = <None>
# Username for authentication. Required for 'password' auth_type. Optional for the 'keystone_password' auth_type. (string value)
#username = <None>
# Password for authentication. Required for 'password' and 'keystone_password' auth_type. (string value)
#password = <None>
# User ID for authentication. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#user_id = <None>
# User's domain ID for authentication. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#user_domain_id = <None>
# User's domain name for authentication. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#user_domain_name = <None>
# Trust ID for trust scoping. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#trust_id = <None>
# Domain ID for domain scoping. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#domain_id = <None>
# Domain name for domain scoping. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#domain_name = <None>
# Project ID for project scoping. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#project_id = <None>
# Project name for project scoping. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#project_name = <None>
# Project's domain ID for project. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#project_domain_id = <None>
# Project's domain name for project. Optional for 'keystone_token' and 'keystone_password' auth_type. (string value)
#project_domain_name = <None>
# Allow fetching a new token if the current one is going to expire. Optional for 'keystone_token' and 'keystone_password' auth_type.
# (boolean value)
#reauthenticate = true
|