new keystone support
diff --git a/files/keystone.conf b/files/keystone.conf
index 6d0fd7e..0649e90 100644
--- a/files/keystone.conf
+++ b/files/keystone.conf
@@ -1,112 +1,61 @@
[DEFAULT]
-# Show more verbose log output (sets INFO log level output)
-verbose = False
-
-# Show debugging output in logs (sets DEBUG log level output)
-debug = False
-
-# Which backend store should Keystone use by default.
-# Default: 'sqlite'
-# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
-default_store = sqlite
-
-# Log to this file. Make sure you do not set the same log
-# file for both the API and registry servers!
+public_port = 5000
+admin_port = 35357
+admin_token = %SERVICE_TOKEN%
log_file = %DEST%/keystone/keystone.log
-# List of backends to be configured
-backends = keystone.backends.sqlalchemy
-#For LDAP support, add: ,keystone.backends.ldap
+[sql]
+connection = %SQL_CONN%
+idle_timeout = 30
+min_pool_size = 5
+max_pool_size = 10
+pool_timeout = 200
-# Dictionary Maps every service to a header.Missing services would get header
-# X_(SERVICE_NAME) Key => Service Name, Value => Header Name
-service-header-mappings = {
- 'nova' : 'X-Server-Management-Url',
- 'swift' : 'X-Storage-Url',
- 'cdn' : 'X-CDN-Management-Url'}
+[identity]
+driver = keystone.backends.sql.SqlIdentity
-#List of extensions currently supported
-extensions= osksadm,oskscatalog
+[catalog]
+driver = keystone.backends.templated.TemplatedCatalog
+template_file = ./etc/default_catalog.templates
-# Address to bind the API server
-# TODO Properties defined within app not available via pipeline.
-service_host = 0.0.0.0
+[token]
+driver = keystone.backends.kvs.KvsToken
-# Port the bind the API server to
-service_port = 5000
-
-# SSL for API server
-service_ssl = False
-
-# Address to bind the Admin API server
-admin_host = 0.0.0.0
-
-# Port the bind the Admin API server to
-admin_port = 35357
-
-# SSL for API Admin server
-admin_ssl = False
-
-# Keystone certificate file (modify as needed)
-# Only required if *_ssl is set to True
-certfile = /etc/keystone/ssl/certs/keystone.pem
-
-# Keystone private key file (modify as needed)
-# Only required if *_ssl is set to True
-keyfile = /etc/keystone/ssl/private/keystonekey.pem
-
-# Keystone trusted CA certificates (modify as needed)
-# Only required if *_ssl is set to True
-ca_certs = /etc/keystone/ssl/certs/ca.pem
-
-# Client certificate required
-# Only relevant if *_ssl is set to True
-cert_required = True
-
-#Role that allows to perform admin operations.
-keystone-admin-role = admin
-
-#Role that allows to perform service admin operations.
-keystone-service-admin-role = KeystoneServiceAdmin
-
-#Tells whether password user need to be hashed in the backend
-hash-password = True
-
-[keystone.backends.sqlalchemy]
-# SQLAlchemy connection string for the reference implementation registry
-# server. Any valid SQLAlchemy connection string is fine.
-# See: http://bit.ly/ideIpI
-sql_connection = %SQL_CONN%
-backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',
- 'User', 'Credentials', 'EndpointTemplates', 'Token',
- 'Service']
-
-# Period in seconds after which SQLAlchemy should reestablish its connection
-# to the database.
-sql_idle_timeout = 30
-
-[pipeline:admin]
-pipeline =
- urlrewritefilter
- admin_api
-
-[pipeline:keystone-legacy-auth]
-pipeline =
- urlrewritefilter
- legacy_auth
- service_api
-
-[app:service_api]
-paste.app_factory = keystone.server:service_app_factory
-
-[app:admin_api]
-paste.app_factory = keystone.server:admin_app_factory
-
-[filter:urlrewritefilter]
-paste.filter_factory = keystone.middleware.url:filter_factory
-
-[filter:legacy_auth]
-paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory
+[policy]
+driver = keystone.backends.policy.SimpleMatch
[filter:debug]
-paste.filter_factory = keystone.common.wsgi:debug_filter_factory
+paste.filter_factory = keystone.wsgi:Debug.factory
+
+[filter:token_auth]
+paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
+
+[filter:admin_token_auth]
+paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
+
+[filter:json_body]
+paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
+
+[filter:crud_extension]
+paste.filter_factory = keystone.service:AdminCrudExtension.factory
+
+
+[app:public_service]
+paste.app_factory = keystone.service:public_app_factory
+
+[app:admin_service]
+paste.app_factory = keystone.service:admin_app_factory
+
+[pipeline:public_api]
+pipeline = token_auth admin_token_auth json_body debug public_service
+
+[pipeline:admin_api]
+pipeline = token_auth admin_token_auth json_body debug crud_extension admin_service
+
+[composite:main]
+use = egg:Paste#urlmap
+/v2.0 = public_api
+
+[composite:admin]
+use = egg:Paste#urlmap
+/v2.0 = admin_api