assignment的作用,楼主可以参考这个表中红字内容
Keystone 管理这些概念的方法组件名称 | 管理对象 | 生成方法 | 保存方式 | 配置项 | identity | user,以及 user group | - | sql, kvs, ldap | [identity] driver = keystone.identity.backends.[sql|kvs|ldap].Identity | token | 用户的临时 token | pki,pkiz,uuid | sql, kvs,memcached | [token] driver = keystone.token.persistence.backends.[sql|kvs|memcached].Token provider=keystone.token.providers.[pkiz|pki|uuid].Provider | credential | EC2 credential | | sql | [credential] driver = keystone.credential.backends.sql.Credential | catalog | region,service,endpoint | | sql|kvs| template | [catalog] driver = keystone.catalog.backends.[sql|kvs| template].Catalog | assignment | tenant,domain,role 以及它们与 user 之间的关系 | external, password, token | | [assignment] methods = external, password, token password = keystone.auth.plugins.password.Password | trust | trust | sql,kvs | | [trust] driver = keystone.trust.backends.[ssql|kvs].Trust | policy | Keystone service 的用户鉴权策略 | | sql | [default] policy_file = policy.json [policy] driver = keystone.policy.backends.sql.Policy
|
|