Make KeystoneChangePasswordUponFirstUse boolean
... because this parameter is used to configure the boolean value in Keystone. The actual parameter in Keystone defaults to false so is not needed by default. Change-Id: I1f2d0ef077e9b10299d4f1966139b590de880db9
This commit is contained in:
parent
8cb7c81d20
commit
2188b4ff94
|
@ -243,13 +243,11 @@ parameters:
|
|||
Cron to purge expired or soft-deleted trusts - User
|
||||
default: 'keystone'
|
||||
KeystoneChangePasswordUponFirstUse:
|
||||
type: string
|
||||
default: ''
|
||||
type: boolean
|
||||
default: false
|
||||
description: >-
|
||||
Enabling this option requires users to change their password when the
|
||||
user is created, or upon administrative reset.
|
||||
constraints:
|
||||
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
||||
KeystoneDisableUserAccountDaysInactive:
|
||||
type: string
|
||||
default: ''
|
||||
|
@ -477,7 +475,6 @@ conditions:
|
|||
- {get_param: EnableCache}
|
||||
- {get_param: MemcachedTLS}
|
||||
# Security compliance
|
||||
change_password_upon_first_use_set: {not: {equals: [{get_param: KeystoneChangePasswordUponFirstUse}, '']}}
|
||||
disable_user_account_days_inactive_set: {not: {equals: [{get_param: KeystoneDisableUserAccountDaysInactive}, '']}}
|
||||
lockout_duration_set: {not: {equals: [{get_param: KeystoneLockoutDuration}, '']}}
|
||||
lockout_failure_attempts_set: {not: {equals: [{get_param: KeystoneLockoutFailureAttempts}, '']}}
|
||||
|
@ -663,8 +660,8 @@ outputs:
|
|||
- keystone::policy::enforce_scope: true
|
||||
keystone::policy::enforce_new_defaults: true
|
||||
- if:
|
||||
- change_password_upon_first_use_set
|
||||
- keystone::security_compliance::change_password_upon_first_use: {get_param: KeystoneChangePasswordUponFirstUse}
|
||||
- {get_param: KeystoneChangePasswordUponFirstUse}
|
||||
- keystone::security_compliance::change_password_upon_first_use: true
|
||||
- if:
|
||||
- disable_user_account_days_inactive_set
|
||||
- keystone::security_compliance::disable_user_account_days_inactive: {get_param: KeystoneDisableUserAccountDaysInactive}
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
The ``KeystoneChangePasswordUponFirstUse`` parameter is now enforced to
|
||||
be a boolean value.
|
Loading…
Reference in New Issue