From f06744915d2c93b6a8dc24b4a531ee4d36391a43 Mon Sep 17 00:00:00 2001
From: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
Date: Thu, 7 Apr 2022 16:41:40 -0300
Subject: [PATCH] Created section Update Keystone Service (pick r6)

Added new section with procedure to strengthen Horizon password.

Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
Change-Id: I7feaa1bbd17c17d90b3d5daa80de2f8651e004bf
---
 .../index-security-os-a2375141dcc2.rst        |  1 +
 .../update-keystone-service-bb6a67e18d36.rst  | 38 +++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 doc/source/security/openstack/update-keystone-service-bb6a67e18d36.rst

diff --git a/doc/source/security/openstack/index-security-os-a2375141dcc2.rst b/doc/source/security/openstack/index-security-os-a2375141dcc2.rst
index 548019c20..297ecfadf 100644
--- a/doc/source/security/openstack/index-security-os-a2375141dcc2.rst
+++ b/doc/source/security/openstack/index-security-os-a2375141dcc2.rst
@@ -19,6 +19,7 @@ Keystone Accounts
    openstack-keystone-accounts
    security-system-account-password-rules
    openstack-login-protection
+   update-keystone-service-bb6a67e18d36
 
 -----------------
 Access the system
diff --git a/doc/source/security/openstack/update-keystone-service-bb6a67e18d36.rst b/doc/source/security/openstack/update-keystone-service-bb6a67e18d36.rst
new file mode 100644
index 000000000..30d9c985d
--- /dev/null
+++ b/doc/source/security/openstack/update-keystone-service-bb6a67e18d36.rst
@@ -0,0 +1,38 @@
+.. _update-keystone-service-bb6a67e18d36:
+
+=======================
+Update Keystone Service
+=======================
+
+.. rubric:: |context|
+
+The Keystone service can be configured to use customized regular expressions
+for password validation. For more information, see the keystone documentation:
+`Configuring password strength requirements
+<https://docs.openstack.org/keystone/ussuri/admin/configuration.html#configuring-password-strength-requirements>`__.
+
+
+.. rubric:: |proc|
+
+The steps below can be used as a reference to update the Keystone service via
+``helm-override`` to customize the password validation regular expression and
+description.
+
+Create the override file and update the keystone service.
+
+#.  Create the yaml override with the following contents:
+
+    .. code-block:: none
+
+        conf:
+            keystone:
+                security_compliance:
+                    password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$
+                    password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
+
+#.  Apply the override:
+
+    .. parsed-literal::
+
+        system helm-override-update |prefix|-openstack keystone openstack --reuse-values --values keystone-password-override.yaml
+