From 8a2c8b128bfc7491c92eed9326e489d9ea11dbdd Mon Sep 17 00:00:00 2001 From: Jake Yip Date: Fri, 11 Aug 2023 13:25:38 +1000 Subject: [PATCH] Update doc for include_service_catalog with app cred If swift is used with an Application Credential with access_rules [1], the catalog needs to be sent with the token for it to be evaluated by keystonemiddleware. [1]: https://docs.openstack.org/keystone/2023.1/user/application_credentials.html#access-rules Change-Id: I0b02821722ffc819bc8a97281a33391072242ffc --- doc/source/overview_auth.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/doc/source/overview_auth.rst b/doc/source/overview_auth.rst index 9453aca951..d5b1be6324 100644 --- a/doc/source/overview_auth.rst +++ b/doc/source/overview_auth.rst @@ -174,10 +174,9 @@ your situation, but in short: will get the Swift memcache from the request environment. * ``include_service_catalog`` defaults to ``True`` if not set. This means that when validating a token, the service catalog is retrieved - and stored in the ``X-Service-Catalog`` header. Since Swift does not - use the ``X-Service-Catalog`` header, there is no point in getting - the service catalog. We recommend you set ``include_service_catalog`` - to ``False``. + and stored in the ``X-Service-Catalog`` header. This is required if you use + access-rules in Application Credentials. You may also need to increase + `max_header_size`. .. note::