Remove v2.0 from documentation guides
This commit removes all references to v2.0 from various guides found under doc/source/. Change-Id: I7c2ef1c9323faccc1ec371803f85f34890481f32
This commit is contained in:
parent
d5e9c0b4fe
commit
f6b6691d2e
|
@ -30,7 +30,7 @@ And set the following values in ``nova.conf`` as follows:
|
|||
auth_strategy=keystone
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://controller:5000/v2.0
|
||||
auth_uri = http://controller:5000/v3
|
||||
identity_uri = http://controller:35357
|
||||
admin_user = admin
|
||||
admin_password = SuperSekretPassword
|
||||
|
@ -55,7 +55,7 @@ This sample paste config filter makes use of the ``admin_user`` and
|
|||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
auth_uri = http://controller:5000/v2.0
|
||||
auth_uri = http://controller:5000/v3
|
||||
identity_uri = http://controller:35357
|
||||
auth_token = 012345SECRET99TOKEN012345
|
||||
admin_user = admin
|
||||
|
|
|
@ -118,7 +118,6 @@ Here is a list of actions that are affected by the cached time:
|
|||
* getting a new token
|
||||
* revoking tokens
|
||||
* validating tokens
|
||||
* checking v2 tokens
|
||||
* checking v3 tokens
|
||||
|
||||
The delete token API calls invalidate the cache for the tokens being
|
||||
|
|
|
@ -48,32 +48,3 @@ uses the `Python logging module`_, which provides extensive configuration
|
|||
options that let you define the output levels and formats.
|
||||
|
||||
.. _`Python logging module`: https://docs.python.org/library/logging.html
|
||||
|
||||
User CRUD
|
||||
---------
|
||||
|
||||
Identity provides a user CRUD (Create, Read, Update, and Delete) filter that
|
||||
Administrators can add to the ``public_api`` pipeline. The user CRUD filter
|
||||
enables users to use a HTTP PATCH to change their own password. To enable
|
||||
this extension you should define a ``user_crud_extension`` filter, insert
|
||||
it after the ``*_body`` middleware and before the ``public_service``
|
||||
application in the ``public_api`` WSGI pipeline in
|
||||
``keystone-paste.ini``. For example:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[filter:user_crud_extension]
|
||||
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service
|
||||
|
||||
Each user can then change their own password with a HTTP PATCH.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/USERID -H "Content-type: application/json" \
|
||||
-H "X_Auth_Token: AUTHTOKENID" -d '{"user": {"password": "ABCD", "original_password": "DCBA"}}'
|
||||
|
||||
In addition to changing their password, all current tokens for the user
|
||||
are invalidated.
|
||||
|
|
|
@ -22,8 +22,7 @@ Setting an account lockout threshold
|
|||
The account lockout feature limits the number of incorrect password attempts.
|
||||
If a user fails to authenticate after the maximum number of attempts, the
|
||||
service disables the user. Users can be re-enabled by explicitly setting the
|
||||
enable user attribute with the update user API call, either
|
||||
`v2.0`_ or `v3`_.
|
||||
enable user attribute with the update user `v3`_ API call.
|
||||
|
||||
You set the maximum number of failed authentication attempts by setting
|
||||
the ``lockout_failure_attempts``:
|
||||
|
@ -227,6 +226,4 @@ old password.
|
|||
|
||||
.. _Security Hardening PCI-DSS: https://specs.openstack.org/openstack/keystone-specs/specs/keystone/newton/pci-dss.html
|
||||
|
||||
.. _v2.0: https://developer.openstack.org/api-ref/identity/v2-admin/index.html?expanded=update-user-admin-endpoint-detail#update-user-admin-endpoint
|
||||
|
||||
.. _v3: https://developer.openstack.org/api-ref/identity/v3/index.html#update-user
|
||||
|
|
|
@ -23,8 +23,7 @@ identity of the user.
|
|||
Configuration
|
||||
=============
|
||||
|
||||
In Identity API v2, there is no way to disable external authentication. In
|
||||
order to activate the external authentication mechanism for Identity API v3,
|
||||
In order to activate the external authentication mechanism for Identity API v3,
|
||||
the ``external`` method must be in the list of enabled authentication methods.
|
||||
By default it is enabled, so if you don't want to use external authentication,
|
||||
remove it from the ``methods`` option in the ``auth`` section.
|
||||
|
|
|
@ -714,7 +714,7 @@ return an empty list from your new database):
|
|||
|
||||
.. code-block:: bash
|
||||
|
||||
$ openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v2.0/ project list
|
||||
$ openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v3/ project list
|
||||
|
||||
.. NOTE::
|
||||
|
||||
|
@ -754,7 +754,7 @@ to be passed as arguments each time:
|
|||
$ export OS_USERNAME=my_username
|
||||
$ export OS_PASSWORD=my_password
|
||||
$ export OS_PROJECT_NAME=my_project
|
||||
$ export OS_AUTH_URL=http://localhost:35357/v2.0
|
||||
$ export OS_AUTH_URL=http://localhost:35357/v3
|
||||
|
||||
For example, the commands ``user list``, ``token issue`` and ``project create``
|
||||
can be invoked as follows:
|
||||
|
@ -765,11 +765,11 @@ can be invoked as follows:
|
|||
$ export OS_USERNAME=admin
|
||||
$ export OS_PASSWORD=secret
|
||||
$ export OS_PROJECT_NAME=admin
|
||||
$ export OS_AUTH_URL=http://localhost:35357/v2.0
|
||||
$ export OS_AUTH_URL=http://localhost:35357/v3
|
||||
$ openstack user list
|
||||
$ openstack project create demo
|
||||
$ openstack token issue
|
||||
|
||||
# Using password authentication, with flags
|
||||
$ openstack --os-username=admin --os-password=secret --os-project-name=admin --os-auth-url=http://localhost:35357/v2.0 user list
|
||||
$ openstack --os-username=admin --os-password=secret --os-project-name=admin --os-auth-url=http://localhost:35357/v2.0 project create demo
|
||||
$ openstack --os-username=admin --os-password=secret --os-project-name=admin --os-auth-url=http://localhost:35357/v3 user list
|
||||
$ openstack --os-username=admin --os-password=secret --os-project-name=admin --os-auth-url=http://localhost:35357/v3 project create demo
|
||||
|
|
|
@ -62,15 +62,14 @@ Resource
|
|||
|
||||
The Resource service provides data about `projects` and `domains`.
|
||||
|
||||
Projects (Tenants)
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
Projects
|
||||
^^^^^^^^
|
||||
|
||||
``Projects`` (known as ``Tenants`` in v2.0) represent the base unit of
|
||||
``ownership`` in OpenStack, in that all resources in OpenStack should be owned
|
||||
by a specific project. A project itself must be owned by a specific domain, and
|
||||
hence all project names are **not** globally unique, but unique to their
|
||||
domain. If the domain for a project is not specified, then it is added to the
|
||||
default domain.
|
||||
``Projects`` represent the base unit of ``ownership`` in OpenStack, in that all
|
||||
resources in OpenStack should be owned by a specific project. A project itself
|
||||
must be owned by a specific domain, and hence all project names are **not**
|
||||
globally unique, but unique to their domain. If the domain for a project is not
|
||||
specified, then it is added to the default domain.
|
||||
|
||||
Domains
|
||||
^^^^^^^
|
||||
|
@ -276,9 +275,9 @@ interpolation)
|
|||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.adminURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v3
|
||||
catalog.RegionOne.identity.adminURL = http://localhost:$(public_port)s/v3
|
||||
catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v3
|
||||
catalog.RegionOne.identity.name = 'Identity Service'
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue