From acf907b45df214a8aa077b751be2f57bed76fedf Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Mon, 11 Jul 2016 17:38:03 -0400 Subject: [PATCH] Improve keystone.conf [trust] documentation Change-Id: I8df36ec2efb4e7cf65ad71d5c2f417f8d0b3a250 --- keystone/conf/trust.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/keystone/conf/trust.py b/keystone/conf/trust.py index 1e73df74b5..1c1067f522 100644 --- a/keystone/conf/trust.py +++ b/keystone/conf/trust.py @@ -19,28 +19,34 @@ enabled = cfg.BoolOpt( 'enabled', default=True, help=utils.fmt(""" -Delegation and impersonation features can be optionally disabled. +Delegation and impersonation features using trusts can be optionally disabled. """)) allow_redelegation = cfg.BoolOpt( 'allow_redelegation', default=False, help=utils.fmt(""" -Enable redelegation feature. +Allows authorization to be redelegated from one user to another, effectively +chaining trusts together. When disabled, the `remaining_uses` attribute of a +trust is constrained to be zero. """)) max_redelegation_count = cfg.IntOpt( 'max_redelegation_count', default=3, help=utils.fmt(""" -Maximum depth of trust redelegation. +Maximum number of times that authorization can be redelegated from one user to +another in a chain of trusts. This number may be reduced further for a specific +trust. """)) driver = cfg.StrOpt( 'driver', default='sql', help=utils.fmt(""" -Entrypoint for the trust backend driver in the keystone.trust namespace. +Entry point for the trust backend driver in the `keystone.trust` namespace. +Keystone only provides a `sql` driver, so there is no reason to change this +unless you are providing a custom entry point. """))