From f6b6691d2e6f3039fc3ebc9934269f1e8a88d168 Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Fri, 2 Feb 2018 19:45:44 +0000 Subject: [PATCH] Remove v2.0 from documentation guides This commit removes all references to v2.0 from various guides found under doc/source/. Change-Id: I7c2ef1c9323faccc1ec371803f85f34890481f32 --- .../admin/identity-auth-token-middleware.rst | 4 +-- doc/source/admin/identity-caching-layer.rst | 1 - .../identity-keystone-usage-and-features.rst | 29 ------------------- .../admin/identity-security-compliance.rst | 5 +--- doc/source/advanced-topics/external-auth.rst | 3 +- doc/source/configuration.rst | 10 +++---- doc/source/getting-started/architecture.rst | 21 +++++++------- 7 files changed, 19 insertions(+), 54 deletions(-) diff --git a/doc/source/admin/identity-auth-token-middleware.rst b/doc/source/admin/identity-auth-token-middleware.rst index 291d4f777b..839d91781c 100644 --- a/doc/source/admin/identity-auth-token-middleware.rst +++ b/doc/source/admin/identity-auth-token-middleware.rst @@ -30,7 +30,7 @@ And set the following values in ``nova.conf`` as follows: auth_strategy=keystone [keystone_authtoken] - auth_uri = http://controller:5000/v2.0 + auth_uri = http://controller:5000/v3 identity_uri = http://controller:35357 admin_user = admin admin_password = SuperSekretPassword @@ -55,7 +55,7 @@ This sample paste config filter makes use of the ``admin_user`` and [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory - auth_uri = http://controller:5000/v2.0 + auth_uri = http://controller:5000/v3 identity_uri = http://controller:35357 auth_token = 012345SECRET99TOKEN012345 admin_user = admin diff --git a/doc/source/admin/identity-caching-layer.rst b/doc/source/admin/identity-caching-layer.rst index d438c06875..4465cfb2a1 100644 --- a/doc/source/admin/identity-caching-layer.rst +++ b/doc/source/admin/identity-caching-layer.rst @@ -118,7 +118,6 @@ Here is a list of actions that are affected by the cached time: * getting a new token * revoking tokens * validating tokens -* checking v2 tokens * checking v3 tokens The delete token API calls invalidate the cache for the tokens being diff --git a/doc/source/admin/identity-keystone-usage-and-features.rst b/doc/source/admin/identity-keystone-usage-and-features.rst index b8a20a3155..ade44151f9 100644 --- a/doc/source/admin/identity-keystone-usage-and-features.rst +++ b/doc/source/admin/identity-keystone-usage-and-features.rst @@ -48,32 +48,3 @@ uses the `Python logging module`_, which provides extensive configuration options that let you define the output levels and formats. .. _`Python logging module`: https://docs.python.org/library/logging.html - -User CRUD ---------- - -Identity provides a user CRUD (Create, Read, Update, and Delete) filter that -Administrators can add to the ``public_api`` pipeline. The user CRUD filter -enables users to use a HTTP PATCH to change their own password. To enable -this extension you should define a ``user_crud_extension`` filter, insert -it after the ``*_body`` middleware and before the ``public_service`` -application in the ``public_api`` WSGI pipeline in -``keystone-paste.ini``. For example: - -.. code-block:: ini - - [filter:user_crud_extension] - paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory - - [pipeline:public_api] - pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service - -Each user can then change their own password with a HTTP PATCH. - -.. code-block:: console - - $ curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/USERID -H "Content-type: application/json" \ - -H "X_Auth_Token: AUTHTOKENID" -d '{"user": {"password": "ABCD", "original_password": "DCBA"}}' - -In addition to changing their password, all current tokens for the user -are invalidated. diff --git a/doc/source/admin/identity-security-compliance.rst b/doc/source/admin/identity-security-compliance.rst index aab1c1b406..d46bcdbf0b 100644 --- a/doc/source/admin/identity-security-compliance.rst +++ b/doc/source/admin/identity-security-compliance.rst @@ -22,8 +22,7 @@ Setting an account lockout threshold The account lockout feature limits the number of incorrect password attempts. If a user fails to authenticate after the maximum number of attempts, the service disables the user. Users can be re-enabled by explicitly setting the -enable user attribute with the update user API call, either -`v2.0`_ or `v3`_. +enable user attribute with the update user `v3`_ API call. You set the maximum number of failed authentication attempts by setting the ``lockout_failure_attempts``: @@ -227,6 +226,4 @@ old password. .. _Security Hardening PCI-DSS: https://specs.openstack.org/openstack/keystone-specs/specs/keystone/newton/pci-dss.html -.. _v2.0: https://developer.openstack.org/api-ref/identity/v2-admin/index.html?expanded=update-user-admin-endpoint-detail#update-user-admin-endpoint - .. _v3: https://developer.openstack.org/api-ref/identity/v3/index.html#update-user diff --git a/doc/source/advanced-topics/external-auth.rst b/doc/source/advanced-topics/external-auth.rst index 8e7081e25a..23c29f915c 100644 --- a/doc/source/advanced-topics/external-auth.rst +++ b/doc/source/advanced-topics/external-auth.rst @@ -23,8 +23,7 @@ identity of the user. Configuration ============= -In Identity API v2, there is no way to disable external authentication. In -order to activate the external authentication mechanism for Identity API v3, +In order to activate the external authentication mechanism for Identity API v3, the ``external`` method must be in the list of enabled authentication methods. By default it is enabled, so if you don't want to use external authentication, remove it from the ``methods`` option in the ``auth`` section. diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index 29ae151321..a77e9532c3 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -714,7 +714,7 @@ return an empty list from your new database): .. code-block:: bash - $ openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v2.0/ project list + $ openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v3/ project list .. NOTE:: @@ -754,7 +754,7 @@ to be passed as arguments each time: $ export OS_USERNAME=my_username $ export OS_PASSWORD=my_password $ export OS_PROJECT_NAME=my_project - $ export OS_AUTH_URL=http://localhost:35357/v2.0 + $ export OS_AUTH_URL=http://localhost:35357/v3 For example, the commands ``user list``, ``token issue`` and ``project create`` can be invoked as follows: @@ -765,11 +765,11 @@ can be invoked as follows: $ export OS_USERNAME=admin $ export OS_PASSWORD=secret $ export OS_PROJECT_NAME=admin - $ export OS_AUTH_URL=http://localhost:35357/v2.0 + $ export OS_AUTH_URL=http://localhost:35357/v3 $ openstack user list $ openstack project create demo $ openstack token issue # Using password authentication, with flags - $ openstack --os-username=admin --os-password=secret --os-project-name=admin --os-auth-url=http://localhost:35357/v2.0 user list - $ openstack --os-username=admin --os-password=secret --os-project-name=admin --os-auth-url=http://localhost:35357/v2.0 project create demo + $ openstack --os-username=admin --os-password=secret --os-project-name=admin --os-auth-url=http://localhost:35357/v3 user list + $ openstack --os-username=admin --os-password=secret --os-project-name=admin --os-auth-url=http://localhost:35357/v3 project create demo diff --git a/doc/source/getting-started/architecture.rst b/doc/source/getting-started/architecture.rst index c2aec48842..153f676611 100644 --- a/doc/source/getting-started/architecture.rst +++ b/doc/source/getting-started/architecture.rst @@ -62,15 +62,14 @@ Resource The Resource service provides data about `projects` and `domains`. -Projects (Tenants) -^^^^^^^^^^^^^^^^^^ +Projects +^^^^^^^^ -``Projects`` (known as ``Tenants`` in v2.0) represent the base unit of -``ownership`` in OpenStack, in that all resources in OpenStack should be owned -by a specific project. A project itself must be owned by a specific domain, and -hence all project names are **not** globally unique, but unique to their -domain. If the domain for a project is not specified, then it is added to the -default domain. +``Projects`` represent the base unit of ``ownership`` in OpenStack, in that all +resources in OpenStack should be owned by a specific project. A project itself +must be owned by a specific domain, and hence all project names are **not** +globally unique, but unique to their domain. If the domain for a project is not +specified, then it is added to the default domain. Domains ^^^^^^^ @@ -276,9 +275,9 @@ interpolation) .. code-block:: ini [DEFAULT] - catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0 - catalog.RegionOne.identity.adminURL = http://localhost:$(public_port)s/v2.0 - catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0 + catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v3 + catalog.RegionOne.identity.adminURL = http://localhost:$(public_port)s/v3 + catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v3 catalog.RegionOne.identity.name = 'Identity Service'