Browse Source

Move "Public ID Generators" to relevant docs

Currently, the section "Public ID Generators" is a subsection of
"Identity sources" but it reads as very out of place. Looking at the
commit that introduced the section (1a50986e7c), it's clear this was
meant to be part of the domain-specific-config section and was missed in
a reshuffle. This patch puts it back in place.

Change-Id: I2873f104adf6af4da4ba23f8c0d8afb0c1161da3
tags/15.0.0.0rc1
Colleen Murphy 6 months ago
parent
commit
c04756e0cd
2 changed files with 26 additions and 27 deletions
  1. 26
    1
      doc/source/admin/identity-domain-specific-config.rst
  2. 0
    26
      doc/source/configuration.rst

+ 26
- 1
doc/source/admin/identity-domain-specific-config.rst View File

@@ -184,6 +184,31 @@ LDAP has been configured or after ``mapping_purge``.
184 184
 
185 185
     $ keystone-manage mapping_populate --domain DOMAINA
186 186
 
187
+Public ID Generators
188
+--------------------
189
+
190
+Keystone supports a customizable public ID generator and it is specified in the
191
+``[identity_mapping]`` section of the configuration file. Keystone provides a
192
+sha256 generator as default, which produces regenerable public IDs. The
193
+generator algorithm for public IDs is a balance between key size (i.e. the
194
+length of the public ID), the probability of collision and, in some
195
+circumstances, the security of the public ID. The maximum length of public ID
196
+supported by keystone is 64 characters, and the default generator (sha256) uses
197
+this full capability. Since the public ID is what is exposed externally by
198
+keystone and potentially stored in external systems, some installations may
199
+wish to make use of other generator algorithms that have a different trade-off
200
+of attributes. A different generator can be installed by configuring the
201
+following property:
202
+
203
+* ``generator`` - identity mapping generator. Defaults to ``sha256``
204
+  (implemented by :class:`keystone.identity.id_generators.sha256.Generator`)
205
+
206
+.. WARNING::
207
+
208
+    Changing the generator may cause all existing public IDs to be become
209
+    invalid, so typically the generator selection should be considered
210
+    immutable for a given installation.
211
+
187 212
 Migrate domain-specific configuration files to the SQL database
188 213
 ---------------------------------------------------------------
189 214
 
@@ -199,4 +224,4 @@ domain name:
199 224
 
200 225
 .. code-block:: console
201 226
 
202
-   # keystone-manage domain_config_upload --domain-name DOMAIN_NAME
227
+   # keystone-manage domain_config_upload --domain-name DOMAIN_NAME

+ 0
- 26
doc/source/configuration.rst View File

@@ -34,32 +34,6 @@ via SAML federation.
34 34
 .. _Domain-specific Configuration: admin/identity-domain-specific-config.html
35 35
 .. support_matrix:: identity-support-matrix.ini
36 36
 
37
-Public ID Generators
38
---------------------
39
-
40
-Keystone supports a customizable public ID generator and it is specified in the
41
-``[identity_mapping]`` section of the configuration file. Keystone provides a
42
-sha256 generator as default, which produces regenerable public IDs. The
43
-generator algorithm for public IDs is a balance between key size (i.e. the
44
-length of the public ID), the probability of collision and, in some
45
-circumstances, the security of the public ID. The maximum length of public ID
46
-supported by keystone is 64 characters, and the default generator (sha256) uses
47
-this full capability. Since the public ID is what is exposed externally by
48
-keystone and potentially stored in external systems, some installations may
49
-wish to make use of other generator algorithms that have a different trade-off
50
-of attributes. A different generator can be installed by configuring the
51
-following property:
52
-
53
-* ``generator`` - identity mapping generator. Defaults to ``sha256``
54
-  (implemented by :class:`keystone.identity.id_generators.sha256.Generator`)
55
-
56
-.. WARNING::
57
-
58
-    Changing the generator may cause all existing public IDs to be become
59
-    invalid, so typically the generator selection should be considered
60
-    immutable for a given installation.
61
-
62
-
63 37
 SSL
64 38
 ===
65 39
 

Loading…
Cancel
Save