3fa3891595
This patch introduces the send_identity_headers config option that allows glance-api to pass auth identity headers when making calls to the registry v1. docImpact Fixes bug 1199990 Change-Id: Ie5f07ed6dfeaa8428de4f79c4d40d182328e6ab4
26 lines
866 B
INI
26 lines
866 B
INI
# Use this pipeline for no auth - DEFAULT
|
|
[pipeline:glance-registry]
|
|
pipeline = unauthenticated-context registryapp
|
|
|
|
# Use this pipeline for keystone auth
|
|
[pipeline:glance-registry-keystone]
|
|
pipeline = authtoken context registryapp
|
|
|
|
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
# user as authenticated without making requests to keystone to reauthenticate
|
|
# the user.
|
|
[pipeline:glance-registry-trusted-auth]
|
|
pipeline = context registryapp
|
|
|
|
[app:registryapp]
|
|
paste.app_factory = glance.registry.api.v1:API.factory
|
|
|
|
[filter:context]
|
|
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
|
|
|
[filter:unauthenticated-context]
|
|
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
|
|
|
[filter:authtoken]
|
|
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|