Move "Public ID Generators" to relevant docs

Currently, the section "Public ID Generators" is a subsection of
"Identity sources" but it reads as very out of place. Looking at the
commit that introduced the section (1a50986e7c), it's clear this was
meant to be part of the domain-specific-config section and was missed in
a reshuffle. This patch puts it back in place.

Change-Id: I2873f104adf6af4da4ba23f8c0d8afb0c1161da3
This commit is contained in:
Colleen Murphy 2018-12-10 13:52:47 +01:00
parent e287f58fbb
commit c04756e0cd
2 changed files with 26 additions and 27 deletions

View File

@ -184,6 +184,31 @@ LDAP has been configured or after ``mapping_purge``.
$ keystone-manage mapping_populate --domain DOMAINA
Public ID Generators
--------------------
Keystone supports a customizable public ID generator and it is specified in the
``[identity_mapping]`` section of the configuration file. Keystone provides a
sha256 generator as default, which produces regenerable public IDs. The
generator algorithm for public IDs is a balance between key size (i.e. the
length of the public ID), the probability of collision and, in some
circumstances, the security of the public ID. The maximum length of public ID
supported by keystone is 64 characters, and the default generator (sha256) uses
this full capability. Since the public ID is what is exposed externally by
keystone and potentially stored in external systems, some installations may
wish to make use of other generator algorithms that have a different trade-off
of attributes. A different generator can be installed by configuring the
following property:
* ``generator`` - identity mapping generator. Defaults to ``sha256``
(implemented by :class:`keystone.identity.id_generators.sha256.Generator`)
.. WARNING::
Changing the generator may cause all existing public IDs to be become
invalid, so typically the generator selection should be considered
immutable for a given installation.
Migrate domain-specific configuration files to the SQL database
---------------------------------------------------------------
@ -199,4 +224,4 @@ domain name:
.. code-block:: console
# keystone-manage domain_config_upload --domain-name DOMAIN_NAME
# keystone-manage domain_config_upload --domain-name DOMAIN_NAME

View File

@ -34,32 +34,6 @@ via SAML federation.
.. _Domain-specific Configuration: admin/identity-domain-specific-config.html
.. support_matrix:: identity-support-matrix.ini
Public ID Generators
--------------------
Keystone supports a customizable public ID generator and it is specified in the
``[identity_mapping]`` section of the configuration file. Keystone provides a
sha256 generator as default, which produces regenerable public IDs. The
generator algorithm for public IDs is a balance between key size (i.e. the
length of the public ID), the probability of collision and, in some
circumstances, the security of the public ID. The maximum length of public ID
supported by keystone is 64 characters, and the default generator (sha256) uses
this full capability. Since the public ID is what is exposed externally by
keystone and potentially stored in external systems, some installations may
wish to make use of other generator algorithms that have a different trade-off
of attributes. A different generator can be installed by configuring the
following property:
* ``generator`` - identity mapping generator. Defaults to ``sha256``
(implemented by :class:`keystone.identity.id_generators.sha256.Generator`)
.. WARNING::
Changing the generator may cause all existing public IDs to be become
invalid, so typically the generator selection should be considered
immutable for a given installation.
SSL
===