starlingx/docs
Code Issues Proposed changes

Merge "Content moved to Keystone Account Password Rules (r6)"

Browse Source
This commit is contained in:
Zuul 2022-04-14 19:56:55 +00:00 committed by Gerrit Code Review
commit 8687488811
3 changed files with 36 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/source/security/openstack/index-security-os-a2375141dcc2.rst
View File

@ -19,7 +19,6 @@ Keystone Accounts
openstack-keystone-accounts openstack-keystone-accounts
security-system-account-password-rules security-system-account-password-rules
openstack-login-protection openstack-login-protection
update-keystone-service-bb6a67e18d36
----------------- -----------------
Access the system Access the system

37
doc/source/security/openstack/security-system-account-password-rules.rst
View File

@ -8,7 +8,7 @@ Keystone Account Password Rules
|prod-os| enforces a set of strength requirements for new or changed passwords. |prod-os| enforces a set of strength requirements for new or changed passwords.
The following rules apply: By default, the following rules apply:
.. _security-system-account-password-rules-ul-jwb-g15-zw: .. _security-system-account-password-rules-ul-jwb-g15-zw:
@ -28,5 +28,40 @@ The following rules apply:
- at least one special character - at least one special character
The Keystone service can be configured to use customized password rules. For
more information, see the keystone documentation: `Configuring password
strength requirements
<https://docs.openstack.org/keystone/ussuri/admin/configuration.html#configuring-password-strength-requirements>`__.
The steps below can be used as a reference to update the Keystone service via
``helm-override`` to customize the password rules and their description.
#. Create the yaml override file with the following contents:
.. code-block:: none
conf:
keystone:
security_compliance:
password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$
password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
unique_last_password_count = 5
#. Update the Keystone helm overrides.
.. parsed-literal::
system helm-override-update |prefix|-openstack keystone openstack --reuse-values --values keystone-password-override.yaml
#. Apply the new overrides.
.. parsed-literal::
system application-apply |prefix|-openstack
#. Wait for apply to complete.
.. code-block:: none
watch system application-list

38
doc/source/security/openstack/update-keystone-service-bb6a67e18d36.rst
View File

@ -1,38 +0,0 @@
.. _update-keystone-service-bb6a67e18d36:
=======================
Update Keystone Service
=======================
.. rubric:: |context|
The Keystone service can be configured to use customized regular expressions
for password validation. For more information, see the keystone documentation:
`Configuring password strength requirements
<https://docs.openstack.org/keystone/ussuri/admin/configuration.html#configuring-password-strength-requirements>`__.
.. rubric:: |proc|
The steps below can be used as a reference to update the Keystone service via
``helm-override`` to customize the password validation regular expression and
description.
Create the override file and update the keystone service.
#. Create the yaml override with the following contents:
.. code-block:: none
conf:
keystone:
security_compliance:
password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$
password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
#. Apply the override:
.. parsed-literal::
system helm-override-update |prefix|-openstack keystone openstack --reuse-values --values keystone-password-override.yaml