diff --git a/doc/source/security/openstack/index-security-os-a2375141dcc2.rst b/doc/source/security/openstack/index-security-os-a2375141dcc2.rst index 297ecfadf..548019c20 100644 --- a/doc/source/security/openstack/index-security-os-a2375141dcc2.rst +++ b/doc/source/security/openstack/index-security-os-a2375141dcc2.rst @@ -19,7 +19,6 @@ Keystone Accounts openstack-keystone-accounts security-system-account-password-rules openstack-login-protection - update-keystone-service-bb6a67e18d36 ----------------- Access the system diff --git a/doc/source/security/openstack/security-system-account-password-rules.rst b/doc/source/security/openstack/security-system-account-password-rules.rst index d41fa726f..2ef25cec9 100644 --- a/doc/source/security/openstack/security-system-account-password-rules.rst +++ b/doc/source/security/openstack/security-system-account-password-rules.rst @@ -8,7 +8,7 @@ Keystone Account Password Rules |prod-os| enforces a set of strength requirements for new or changed passwords. -The following rules apply: +By default, the following rules apply: .. _security-system-account-password-rules-ul-jwb-g15-zw: @@ -28,5 +28,40 @@ The following rules apply: - at least one special character +The Keystone service can be configured to use customized password rules. For +more information, see the keystone documentation: `Configuring password +strength requirements +`__. +The steps below can be used as a reference to update the Keystone service via +``helm-override`` to customize the password rules and their description. + +#. Create the yaml override file with the following contents: + + .. code-block:: none + + conf: + keystone: + security_compliance: + password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$ + password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character + unique_last_password_count = 5 + +#. Update the Keystone helm overrides. + + .. parsed-literal:: + + system helm-override-update |prefix|-openstack keystone openstack --reuse-values --values keystone-password-override.yaml + +#. Apply the new overrides. + + .. parsed-literal:: + + system application-apply |prefix|-openstack + +#. Wait for apply to complete. + + .. code-block:: none + + watch system application-list diff --git a/doc/source/security/openstack/update-keystone-service-bb6a67e18d36.rst b/doc/source/security/openstack/update-keystone-service-bb6a67e18d36.rst deleted file mode 100644 index 30d9c985d..000000000 --- a/doc/source/security/openstack/update-keystone-service-bb6a67e18d36.rst +++ /dev/null @@ -1,38 +0,0 @@ -.. _update-keystone-service-bb6a67e18d36: - -======================= -Update Keystone Service -======================= - -.. rubric:: |context| - -The Keystone service can be configured to use customized regular expressions -for password validation. For more information, see the keystone documentation: -`Configuring password strength requirements -`__. - - -.. rubric:: |proc| - -The steps below can be used as a reference to update the Keystone service via -``helm-override`` to customize the password validation regular expression and -description. - -Create the override file and update the keystone service. - -#. Create the yaml override with the following contents: - - .. code-block:: none - - conf: - keystone: - security_compliance: - password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$ - password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character - -#. Apply the override: - - .. parsed-literal:: - - system helm-override-update |prefix|-openstack keystone openstack --reuse-values --values keystone-password-override.yaml -