From 95ba901ac0a6db4349541558c18691c90cd5b053 Mon Sep 17 00:00:00 2001
From: Steve Martinelli <s.martinelli@gmail.com>
Date: Wed, 11 May 2016 22:46:09 -0700
Subject: [PATCH] generate sample config automatically

Let's use sphinx extensions to generate the config options instead of
updating them manually.

The following options will no longer appear since we use auth plugins
now:
  auth_admin_prefix
  auth_url
  auth_host
  auth_port
  auth_protocol
  identity_uri
  admin_token
  admin_user
  admin_password
  admin_tenant_name

Change-Id: I0a6eac26f93bfb1c2cbba17a98629108915f78c6
---
 .gitignore                               |   3 +
 config-generator/keystonemiddleware.conf |   4 +
 doc/source/conf.py                       |   8 +-
 doc/source/middlewarearchitecture.rst    | 161 +----------------------
 4 files changed, 14 insertions(+), 162 deletions(-)
 create mode 100644 config-generator/keystonemiddleware.conf

diff --git a/.gitignore b/.gitignore
index 2d2cbdf3..96eb68e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -56,3 +56,6 @@ ChangeLog
 
 # Files created by releasenotes build
 releasenotes/build
+
+# sample config included in docs
+doc/source/_static/keystonemiddleware.conf.sample
diff --git a/config-generator/keystonemiddleware.conf b/config-generator/keystonemiddleware.conf
new file mode 100644
index 00000000..0f49573c
--- /dev/null
+++ b/config-generator/keystonemiddleware.conf
@@ -0,0 +1,4 @@
+[DEFAULT]
+output_file = etc/keystone.conf.sample
+wrap_width = 79
+namespace = keystonemiddleware.auth_token
diff --git a/doc/source/conf.py b/doc/source/conf.py
index e86dd93a..284bcb3b 100644
--- a/doc/source/conf.py
+++ b/doc/source/conf.py
@@ -49,9 +49,13 @@ extensions = ['sphinx.ext.autodoc',
               # remove this Sphinx extension when
               # https://launchpad.net/bugs/1260495 is fixed.
               'ext.apidoc',
-              'oslosphinx'
+              'oslosphinx',
+              'oslo_config.sphinxconfiggen'
              ]
 
+config_generator_config_file = '../../config-generator/keystonemiddleware.conf'
+sample_config_basename = '_static/keystonemiddleware'
+
 todo_include_todos = True
 
 # Add any paths that contain templates here, relative to this directory.
@@ -156,7 +160,7 @@ man_pages = []
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-#html_static_path = ['static']
+html_static_path = ['_static']
 
 # If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
 # using the given strftime format.
diff --git a/doc/source/middlewarearchitecture.rst b/doc/source/middlewarearchitecture.rst
index 9317df47..65744990 100644
--- a/doc/source/middlewarearchitecture.rst
+++ b/doc/source/middlewarearchitecture.rst
@@ -124,166 +124,7 @@ a WSGI component. Example for the auth_token middleware:
     [filter:authtoken]
     paste.filter_factory = keystonemiddleware.auth_token:filter_factory
 
-    # Prefix to prepend at the beginning of the path (string
-    # value)
-    # Deprecated group/name - [keystone_authtoken]/auth_url
-    #auth_admin_prefix=
-
-    # Authentication URL (string value)
-    auth_url=http://127.0.0.1:35357
-
-    # Host providing the admin Identity API endpoint (string
-    # value)
-    # Deprecated group/name - [keystone_authtoken]/auth_url
-    #auth_host=127.0.0.1
-
-    # Port of the admin Identity API endpoint (integer value)
-    # Deprecated group/name - [keystone_authtoken]/auth_url
-    #auth_port=35357
-
-    # Protocol of the admin Identity API endpoint(http or https)
-    # (string value)
-    # Deprecated group/name - [keystone_authtoken]/auth_url
-    #auth_protocol=https
-
-    # Complete admin Identity API endpoint.
-    # This should specify the unversioned root endpoint
-    # e.g. https://localhost:35357/. (string value)
-    # Deprecated group/name - [keystone_authtoken]/auth_url
-    #identity_uri=<None>
-
-    # Complete public Identity API endpoint (string value)
-    #auth_uri=<None>
-
-    # API version of the admin Identity API endpoint (string
-    # value)
-    #auth_version=<None>
-
-    # Do not handle authorization requests within the middleware,
-    # but delegate the authorization decision to downstream WSGI
-    # components (boolean value)
-    #delay_auth_decision=false
-
-    # Request timeout value for communicating with Identity API
-    # server. (boolean value)
-    #http_connect_timeout=<None>
-
-    # How many times are we trying to reconnect when communicating
-    # with Identity API Server. (integer value)
-    #http_request_max_retries=3
-
-    # Single shared secret with the Keystone configuration used
-    # for bootstrapping a Keystone installation, or otherwise
-    # bypassing the normal authentication process. (string value)
-    # Deprecated, use username and password instead.
-    #admin_token=<None>
-
-    # Keystone account username (string value)
-    #admin_user=<None>
-
-    # Keystone account password (string value)
-    admin_password=SuperSekretPassword
-
-    # Keystone service account tenant name to validate user tokens
-    # (string value)
-    #admin_tenant_name=admin
-
-    # Env key for the swift cache (string value)
-    #cache=<None>
-
-    # Required if Keystone server requires client certificate
-    # (string value)
-    #certfile=<None>
-
-    # Required if Keystone server requires client certificate
-    # (string value)
-    #keyfile=<None>
-
-    # A PEM encoded Certificate Authority to use when verifying
-    # HTTPs connections. Defaults to system CAs. (string value)
-    #cafile=<None>
-
-    # Verify HTTPS connections. (boolean value)
-    #insecure=false
-
-    # Directory used to cache files related to PKI tokens (string
-    # value)
-    #signing_dir=<None>
-
-    # If defined, the memcached server(s) to use for caching (list
-    # value)
-    # Deprecated group/name - [DEFAULT]/memcache_servers
-    #memcached_servers=<None>
-
-    # In order to prevent excessive requests and validations, the
-    # middleware uses an in-memory cache for the tokens the
-    # Keystone API returns. This is only valid if memcache_servers
-    # is defined. Set to -1 to disable caching completely.
-    # (integer value)
-    #token_cache_time=300
-
-    # Determines the frequency at which the list of revoked tokens
-    # is retrieved from the Identity service (in seconds). A high
-    # number of revocation events combined with a low cache duration
-    # may significantly reduce performance. Only valid for PKI tokens.
-    # (integer value)
-    #revocation_cache_time = 10
-
-    # (optional) if defined, indicate whether token data should be
-    # authenticated or authenticated and encrypted. Acceptable
-    # values are MAC or ENCRYPT.  If MAC, token data is
-    # authenticated (with HMAC) in the cache. If ENCRYPT, token
-    # data is encrypted and authenticated in the cache. If the
-    # value is not one of these options or empty, auth_token will
-    # raise an exception on initialization. (string value)
-    #memcache_security_strategy=<None>
-
-    # (optional, mandatory if memcache_security_strategy is
-    # defined) this string is used for key derivation. (string
-    # value)
-    #memcache_secret_key=<None>
-
-    # (optional) indicate whether to set the X-Service-Catalog
-    # header. If False, middleware will not ask for service
-    # catalog on token validation and will not set the X-Service-
-    # Catalog header. (boolean value)
-    #include_service_catalog=true
-
-    # Used to control the use and type of token binding. Can be
-    # set to: "disabled" to not check token binding. "permissive"
-    # (default) to validate binding information if the bind type
-    # is of a form known to the server and ignore it if not.
-    # "strict" like "permissive" but if the bind type is unknown
-    # the token will be rejected. "required" any form of token
-    # binding is needed to be allowed. Finally the name of a
-    # binding method that must be present in tokens. (string
-    # value)
-    #enforce_token_bind=permissive
-
-    # If true, the revocation list will be checked for cached
-    # tokens. This requires that PKI tokens are configured on the
-    # identity server. 
-    # (boolean value)
-    #check_revocations_for_cached = false
-
-    # Hash algorithms to use for hashing PKI tokens. This may be a
-    # single algorithm or multiple. The algorithms are those supported
-    # by Python standard hashlib.new(). The hashes will be tried in the
-    # order given, so put the preferred one first for performance. The
-    # result of the first hash will be  stored in the cache. This will
-    # typically be set to multiple values only while migrating from a
-    # less secure algorithm to a more secure  one. Once all the old
-    # tokens are expired this option should be set to a single value
-    # for better performance. (list value)
-    #hash_algorithms = md5
-
-    # Authentication type to load (unknown value)
-    # Deprecated group/name - [DEFAULT]/auth_plugin
-    #auth_type = <None>
-
-    # Config Section from which to load plugin specific options
-    # (unknown value)
-    #auth_section = <None>
+.. literalinclude:: _static/keystonemiddleware.conf.sample
 
 If the ``auth_plugin`` configuration option is set, you may need to refer to
 the `Authentication Plugins <http://docs.openstack.org/developer/