Remove references to UUID from token documentation
Support for the UUID token provider was removed when the Rocky cycle opened for development: I76d5c29f6b1572ee3ec7f2b1af63ff31572de2ce This commit removes references to the UUID token provider from the token provider documentation. Change-Id: I85aa4eac1098628f090b3e95a9234bc5777d274d Partial-Bug: 1757151
This commit is contained in:
parent
ac4baf99f0
commit
c402691371
|
@ -3,10 +3,8 @@ Keystone tokens
|
|||
===============
|
||||
|
||||
Tokens are used to authenticate and authorize your interactions with the
|
||||
various OpenStack APIs. Tokens come in many flavors, representing various
|
||||
authorization scopes and sources of identity. There are also several different
|
||||
"token providers", each with their own user experience, performance, and
|
||||
deployment characteristics.
|
||||
various OpenStack APIs. Tokens come in many scopes, representing various
|
||||
authorization and sources of identity.
|
||||
|
||||
Authorization scopes
|
||||
--------------------
|
||||
|
@ -79,32 +77,8 @@ Token providers
|
|||
---------------
|
||||
|
||||
The token type issued by keystone is configurable through the
|
||||
``/etc/keystone/keystone.conf`` file. Currently, there are two supported
|
||||
token types, ``UUID`` and ``fernet``.
|
||||
|
||||
UUID tokens
|
||||
~~~~~~~~~~~
|
||||
|
||||
UUID was the first token type supported but was deprecated in Pike. UUID tokens
|
||||
are 32 bytes in length and must be persisted in a back end. Clients must pass
|
||||
their UUID token to the Identity service in order to validate it.
|
||||
|
||||
As mentioned above, UUID tokens must be persisted. By default, keystone
|
||||
persists UUID tokens using a SQL backend. An unfortunate side-effect is that
|
||||
the size of the database will grow over time regardless of the token's
|
||||
expiration time. Expired UUID tokens can be pruned from the backend using
|
||||
keystone's command line utility:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ keystone-manage token_flush
|
||||
|
||||
We recommend invoking this command periodically using ``cron``.
|
||||
|
||||
.. NOTE::
|
||||
|
||||
It is not required to run this command at all if using Fernet tokens. Fernet
|
||||
tokens are not persisted and do not contribute to database bloat.
|
||||
``/etc/keystone/keystone.conf`` file. Currently, the only supported token
|
||||
provider is ``fernet``.
|
||||
|
||||
Fernet tokens
|
||||
~~~~~~~~~~~~~
|
||||
|
|
Loading…
Reference in New Issue