From 6efee0ebb12a8d0c36aad83d4fd592c4e51c5722 Mon Sep 17 00:00:00 2001 From: Alistair Coles Date: Wed, 16 Mar 2016 11:38:33 +0000 Subject: [PATCH] Make keystone middleware options consistent in docs Bring overview_auth.rst and proxy server man page up to date with changes made in [1] [1] Change-Id: I373734933189c87c4094203b0752dd3762689034 Change-Id: Ia16f0c391e7c357ccb9c13945839dc5647e49a13 --- doc/manpages/proxy-server.conf.5 | 13 ++++++++----- doc/source/overview_auth.rst | 26 +++++++++++++++----------- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/doc/manpages/proxy-server.conf.5 b/doc/manpages/proxy-server.conf.5 index 45531685c6..41144a87a1 100644 --- a/doc/manpages/proxy-server.conf.5 +++ b/doc/manpages/proxy-server.conf.5 @@ -275,11 +275,14 @@ there you can change it to: authtoken keystoneauth .PD 0 .RS 10 .IP "paste.filter_factory = keystonemiddleware.auth_token:filter_factory" -.IP "identity_uri = http://keystonehost:35357/" -.IP "auth_uri = http://keystonehost:5000/" -.IP "admin_tenant_name = service" -.IP "admin_user = swift" -.IP "admin_password = password" +.IP "auth_uri = http://keystonehost:5000" +.IP "auth_url = http://keystonehost:35357" +.IP "auth_plugin = password" +.IP "project_domain_id = default" +.IP "user_domain_id = default" +.IP "project_name = service" +.IP "username = swift" +.IP "password = password" .IP "" .IP "# delay_auth_decision defaults to False, but leaving it as false will" .IP "# prevent other auth systems, staticweb, tempurl, formpost, and ACLs from" diff --git a/doc/source/overview_auth.rst b/doc/source/overview_auth.rst index 29ac1459e9..aa5a0c61e5 100644 --- a/doc/source/overview_auth.rst +++ b/doc/source/overview_auth.rst @@ -154,11 +154,14 @@ add the configuration for the authtoken middleware:: [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory - identity_uri = http://keystonehost:35357/ - admin_tenant_name = service - admin_user = swift - admin_password = password auth_uri = http://keystonehost:5000/ + auth_url = http://keystonehost:35357/ + auth_plugin = password + project_domain_id = default + user_domain_id = default + project_name = service + username = swift + password = password cache = swift.cache include_service_catalog = False delay_auth_decision = True @@ -166,16 +169,17 @@ add the configuration for the authtoken middleware:: The actual values for these variables will need to be set depending on your situation, but in short: -* ``identity_uri`` points to the Keystone Admin service. This information is - used by the middleware to actually query Keystone about the validity of the - authentication tokens. It is not necessary to append any Keystone API version - number to this URI. -* The admin auth credentials (``admin_user``, ``admin_tenant_name``, - ``admin_password``) will be used to retrieve an admin token. That - token will be used to authorize user tokens behind the scenes. * ``auth_uri`` should point to a Keystone service from which users may retrieve tokens. This value is used in the `WWW-Authenticate` header that auth_token sends with any denial response. +* ``auth_url`` points to the Keystone Admin service. This information is + used by the middleware to actually query Keystone about the validity of the + authentication tokens. It is not necessary to append any Keystone API version + number to this URI. +* The auth credentials (``project_domain_id``, ``user_domain_id``, + ``username``, ``project_name``, ``password``) will be used to retrieve an + admin token. That token will be used to authorize user tokens behind the + scenes. * ``cache`` is set to ``swift.cache``. This means that the middleware will get the Swift memcache from the request environment. * ``include_service_catalog`` defaults to ``True`` if not set. This means