Replacing Keystone deprecated configuration auth_uri with www_authenticate_uri

The auth_uri option is deprecated in favor of www_authenticate_uri and
will be removed in the Stien releasee and silently ignored in
the future. This change updates Keystone's auth_uri to
www_authenticate_uri in the security checklist docs.

Change-Id: I942db5fff874df20ce77b0f5741925e4cea8d859
This commit is contained in:
Scott Solkhon 2019-03-20 14:52:10 +00:00
parent 9375908823
commit c8d81b2cfd
4 changed files with 16 additions and 16 deletions

View File

@ -96,13 +96,13 @@ try to eavesdrop on the channel in order to get access to sensitive
information. Thus all the components must communicate with each other using a
secured communication protocol.
**Pass:** If value of parameter ``auth_uri`` under
**Pass:** If value of parameter ``www_authenticate_uri`` under
``[keystone_authtoken]`` section in ``/etc/cinder/cinder.conf`` is set to
Identity API endpoint starting with ``https://`` and value of parameter
``insecure`` under the same ``[keystone_authtoken]`` section in the same
``/etc/cinder/cinder.conf`` is set to ``False``.
**Fail:** If value of parameter ``auth_uri`` under
**Fail:** If value of parameter ``www_authenticate_uri`` under
``[keystone_authtoken]`` section in ``/etc/cinder/cinder.conf`` is not set to
Identity API endpoint starting with ``https://`` or value of parameter
``insecure`` under the same ``[keystone_authtoken]`` section in the same

View File

@ -105,13 +105,13 @@ try to eavesdrop on the channel in order to get access to sensitive
information. All the components must communicate with each other using a
secured communication protocol.
**Pass:** If value of parameter ``auth_uri`` under
**Pass:** If value of parameter ``www_authenticate_uri`` under
``[keystone_authtoken]`` section in ``/etc/nova/nova.conf`` is set to
Identity API endpoint starting with ``https://`` and value of parameter
``insecure`` under the same ``[keystone_authtoken]`` section in the same
``/etc/nova/nova.conf`` is set to ``False``.
**Fail:** If value of parameter ``auth_uri`` under
**Fail:** If value of parameter ``www_authenticate_uri`` under
``[keystone_authtoken]`` section in ``/etc/nova/nova.conf`` is not set to
Identity API endpoint starting with ``https://`` or value of parameter
``insecure`` under the same ``[keystone_authtoken]`` section in the same

View File

@ -116,17 +116,17 @@ may try to eavesdrop on the channel in order to get access to sensitive
information. All components must communicate with each other using a
secured communication protocol.
**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]``
section in ``/etc/glance/glance-api.conf`` is set to the Identity API endpoint
starting with ``https://``, and the value of the parameter ``insecure`` is under
the same ``[keystone_authtoken]`` section in the same
``/etc/glance/glance-registry.conf`` is set to ``False``.
**Pass:** If value of parameter ``www_authenticate_uri`` under
``[keystone_authtoken]`` section in ``/etc/glance/glance-api.conf`` is set to
the Identity API endpoint starting with ``https://``, and the value of the
parameter ``insecure`` is under the same ``[keystone_authtoken]`` section
in the same ``/etc/glance/glance-registry.conf`` is set to ``False``.
**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]``
section in ``/etc/glance/glance-api.conf`` is not set to Identity API endpoint
starting with ``https://``, or value of parameter ``insecure`` under the same
``[keystone_authtoken]`` section in the same ``/etc/glance/glance-api.conf``
is set to ``True``.
**Fail:** If value of parameter ``www_authenticate_uri`` under
``[keystone_authtoken]`` section in ``/etc/glance/glance-api.conf`` is not set
to Identity API endpoint starting with ``https://``, or value of parameter
``insecure`` under the same ``[keystone_authtoken]`` section in the same
``/etc/glance/glance-api.conf`` is set to ``True``.
.. _check_image_05:

View File

@ -97,13 +97,13 @@ try to eavesdrop on the channel in order to get access to sensitive
information. Thus all the components must communicate with each other using a
secured communication protocol.
**Pass:** If value of parameter ``auth_uri`` under
**Pass:** If value of parameter ``www_authenticate_uri`` under
``[keystone_authtoken]`` section in ``/etc/neutron/neutron.conf`` is set to
Identity API endpoint starting with ``https://`` and value of parameter
``insecure`` under the same ``[keystone_authtoken]`` section in the same
``/etc/neutron/neutron.conf`` is set to ``False``.
**Fail:** If value of parameter ``auth_uri`` under
**Fail:** If value of parameter ``www_authenticate_uri`` under
``[keystone_authtoken]`` section in ``/etc/neutron/neutron.conf`` is not set to
Identity API endpoint starting with ``https://`` or value of parameter
``insecure`` under the same ``[keystone_authtoken]`` section in the same