From 260a31067d58d045477908de62bcc2e6798e1bae Mon Sep 17 00:00:00 2001 From: jolie Date: Fri, 2 Dec 2016 09:45:59 +0800 Subject: [PATCH] release notes and config guide new settings OpenStack operators and folks who automate openstack deployments with tools like puppet rely on the release notes and config guides to highlight new, changed, deleted, and deprecated config options. Change-Id: I15abb241af8a41edc3dd3850b08be4ab7a31c9c5 Closes-bug:#1640504 --- .../source/tables/conf-changes/keystone.rst | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/doc/config-reference/source/tables/conf-changes/keystone.rst b/doc/config-reference/source/tables/conf-changes/keystone.rst index 1f0c844395..69264d2114 100644 --- a/doc/config-reference/source/tables/conf-changes/keystone.rst +++ b/doc/config-reference/source/tables/conf-changes/keystone.rst @@ -7,6 +7,33 @@ New, updated, and deprecated options in Newton for Identity service openstack-doc-tools repository. +.. list-table:: New options + :header-rows: 1 + :class: config-ref-table + + * - Option = default value + - (Type) Help string + * - ``[security_compliance] disable_user_account_days_inactive =`` + - (IntOpt) The maximum number of days a user can go without authenticating before being considered "inactive" and automatically disabled (locked). + * - ``[security_compliance] lockout_failure_attempts =`` + - (IntOpt) The maximum number of times that a user can fail to authenticate before the user account is locked. + * - ``[security_compliance] lockout_duration = 1800`` + - (IntOpt) The number of seconds a user account will be locked when the maximum number of failed authentication attempts is exceeded. + * - ``[security_compliance] password_expires_days = `` + - (IntOpt) The number of days for which a password will be considered valid before requiring it to be changed. + * - ``[security_compliance] password_expires_ignore_user_ids =`` + - (StrOpt) User IDs to be ignored when checking if a password is expired. + * - ``[security_compliance] unique_last_password_count = 1`` + - (IntOpt) Controls the number of previous user password iterations to keep in history, in order to enforce that newly created passwords are unique. + * - ``[security_compliance] minimum_password_age = 0`` + - (IntOpt)The number of days that a password must be used before the user can change it. + * - ``[security_compliance] password_regex = `` + - (StrOpt) Validate password strength requirements. + * - ``[security_compliance] password_regex_description = `` + - (StrOpt) Humans language to describe password regular expression. + * - ``[token] cache_on_issue = false`` + - (BoolOpt) Enable storing issued token data to token validation cache so that first token validation doesn't actually cause full validation cycle. + .. list-table:: Deprecated options :header-rows: 1 @@ -16,4 +43,10 @@ New, updated, and deprecated options in Newton for Identity service - New Option * - ``[DEFAULT] use_syslog`` - ``None`` + * - ``[endpoint_policy] enabled`` + - ``None`` + * - ``[token] hash_algorithm`` + - ``None`` + * - ``[os_inherit]`` + - ``None``