From 8dd5bcf56d5ef55eb968911be67e8aba9de5815a Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Fri, 28 Jul 2017 21:02:32 +0000 Subject: [PATCH] Move url safe naming docs to admin guide This is part of an effort to consolidate everything from the Operator guide into the Administrator guide. Change-Id: I76b0eaee11f5a8d68304a163381c905611edd43b --- doc/source/admin/identity-url-safe-naming.rst | 32 +++++++++++++++++++ doc/source/admin/index.rst | 1 + doc/source/configuration.rst | 32 ------------------- 3 files changed, 33 insertions(+), 32 deletions(-) create mode 100644 doc/source/admin/identity-url-safe-naming.rst diff --git a/doc/source/admin/identity-url-safe-naming.rst b/doc/source/admin/identity-url-safe-naming.rst new file mode 100644 index 0000000000..4c0c8d288c --- /dev/null +++ b/doc/source/admin/identity-url-safe-naming.rst @@ -0,0 +1,32 @@ +======================================= +URL safe naming of projects and domains +======================================= + +In the future, keystone may offer the ability to identify a project in a +hierarchy via a URL style of naming from the root of the hierarchy (for example +specifying 'projectA/projectB/projectC' as the project name in an +authentication request). In order to prepare for this, keystone supports the +optional ability to ensure both projects and domains are named without +including any of the reserved characters specified in section 2.2 of +`rfc3986 `_. + +The safety of the names of projects and domains can be controlled via two +configuration options: + +.. code-block:: ini + + [resource] + project_name_url_safe = off + domain_name_url_safe = off + +When set to ``off`` (which is the default), no checking is done on the URL +safeness of names. When set to ``new``, an attempt to create a new project or +domain with an unsafe name (or update the name of a project or domain to be +unsafe) will cause a status code of 400 (Bad Request) to be returned. Setting +the configuration option to ``strict`` will, in addition to preventing the +creation and updating of entities with unsafe names, cause an authentication +attempt which specifies a project or domain name that is unsafe to return a +status code of 401 (Unauthorized). + +It is recommended that installations take the steps necessary to where they +can run with both options set to ``strict`` as soon as is practical. diff --git a/doc/source/admin/index.rst b/doc/source/admin/index.rst index 7a4e2ee3f9..d904a6f9d8 100644 --- a/doc/source/admin/index.rst +++ b/doc/source/admin/index.rst @@ -20,6 +20,7 @@ command-line client. cli-keystone-manage-services.rst identity-certificates-for-pki.rst identity-domain-specific-config.rst + identity-url-safe-naming.rst identity-external-authentication.rst identity-integrate-with-ldap.rst identity-upgrading.rst diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index a97cc7163f..b5c1236111 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -717,38 +717,6 @@ status code will still be 200 (OK), but the ``truncated`` attribute in the collection will be set to ``true``. -URL safe naming of projects and domains -======================================= - -In the future, keystone may offer the ability to identify a project in a -hierarchy via a URL style of naming from the root of the hierarchy (for example -specifying 'projectA/projectB/projectC' as the project name in an -authentication request). In order to prepare for this, keystone supports the -optional ability to ensure both projects and domains are named without -including any of the reserved characters specified in section 2.2 of -`rfc3986 `_. - -The safety of the names of projects and domains can be controlled via two -configuration options: - -.. code-block:: ini - - [resource] - project_name_url_safe = off - domain_name_url_safe = off - -When set to ``off`` (which is the default), no checking is done on the URL -safeness of names. When set to ``new``, an attempt to create a new project or -domain with an unsafe name (or update the name of a project or domain to be -unsafe) will cause a status code of 400 (Bad Request) to be returned. Setting -the configuration option to ``strict`` will, in addition to preventing the -creation and updating of entities with unsafe names, cause an authentication -attempt which specifies a project or domain name that is unsafe to return a -status code of 401 (Unauthorized). - -It is recommended that installations take the steps necessary to where they -can run with both options set to ``strict`` as soon as is practical. - Health Check middleware =======================