diff --git a/doc/config-reference/source/bare-metal/config-options.rst b/doc/config-reference/source/bare-metal/config-options.rst
index 21b3b83ca4..a1ef896b29 100644
--- a/doc/config-reference/source/bare-metal/config-options.rst
+++ b/doc/config-reference/source/bare-metal/config-options.rst
@@ -8,7 +8,6 @@ service configuration options.
.. include:: ../tables/ironic-agent.rst
.. include:: ../tables/ironic-amqp.rst
.. include:: ../tables/ironic-amt.rst
-.. include:: ../tables/ironic-auth_token.rst
.. include:: ../tables/ironic-auth.rst
.. include:: ../tables/ironic-cisco_ucs.rst
.. include:: ../tables/ironic-common.rst
diff --git a/doc/config-reference/source/block-storage/volume-misc.rst b/doc/config-reference/source/block-storage/volume-misc.rst
index 10e0d13030..e4830e3151 100644
--- a/doc/config-reference/source/block-storage/volume-misc.rst
+++ b/doc/config-reference/source/block-storage/volume-misc.rst
@@ -7,7 +7,6 @@ These options can also be set in the ``cinder.conf`` file.
.. include:: ../tables/cinder-api.rst
.. include:: ../tables/cinder-amqp.rst
.. include:: ../tables/cinder-auth.rst
-.. include:: ../tables/cinder-auth_token.rst
.. include:: ../tables/cinder-backups.rst
.. include:: ../tables/cinder-block-device.rst
.. include:: ../tables/cinder-common.rst
diff --git a/doc/config-reference/source/compute/config-options.rst b/doc/config-reference/source/compute/config-options.rst
index ae6e4d00e3..55690af0fe 100644
--- a/doc/config-reference/source/compute/config-options.rst
+++ b/doc/config-reference/source/compute/config-options.rst
@@ -10,7 +10,6 @@ OpenStack Compute service, run
.. include:: ../tables/nova-apiv21.rst
.. include:: ../tables/nova-api_database.rst
.. include:: ../tables/nova-authentication.rst
-.. include:: ../tables/nova-auth_token.rst
.. include:: ../tables/nova-availabilityzones.rst
.. include:: ../tables/nova-barbican.rst
.. include:: ../tables/nova-ca.rst
diff --git a/doc/config-reference/source/data-processing-service.rst b/doc/config-reference/source/data-processing-service.rst
index f0f623fdcf..3237edafcd 100644
--- a/doc/config-reference/source/data-processing-service.rst
+++ b/doc/config-reference/source/data-processing-service.rst
@@ -20,7 +20,6 @@ service configuration options:
.. include:: tables/sahara-amqp.rst
.. include:: tables/sahara-api.rst
-.. include:: tables/sahara-auth_token.rst
.. include:: tables/sahara-clients.rst
.. include:: tables/sahara-common.rst
.. include:: tables/sahara-domain.rst
diff --git a/doc/config-reference/source/database.rst b/doc/config-reference/source/database.rst
index d784233ecc..203708532b 100644
--- a/doc/config-reference/source/database.rst
+++ b/doc/config-reference/source/database.rst
@@ -17,7 +17,6 @@ The following tables provide a comprehensive list of the Database service
configuration options.
.. include:: tables/trove-api.rst
-.. include:: tables/trove-auth_token.rst
.. include:: tables/trove-backup.rst
.. include:: tables/trove-clients.rst
.. include:: tables/trove-cluster.rst
diff --git a/doc/config-reference/source/identity/options.rst b/doc/config-reference/source/identity/options.rst
index 760bb50901..8ba235cbab 100644
--- a/doc/config-reference/source/identity/options.rst
+++ b/doc/config-reference/source/identity/options.rst
@@ -10,7 +10,6 @@ service options.
.. include:: ../tables/keystone-api.rst
.. include:: ../tables/keystone-assignment.rst
.. include:: ../tables/keystone-auth.rst
-.. include:: ../tables/keystone-auth_token.rst
.. include:: ../tables/keystone-ca.rst
.. include:: ../tables/keystone-catalog.rst
.. include:: ../tables/keystone-common.rst
diff --git a/doc/config-reference/source/image.rst b/doc/config-reference/source/image.rst
index 4151ae42ac..39d9771e54 100644
--- a/doc/config-reference/source/image.rst
+++ b/doc/config-reference/source/image.rst
@@ -28,7 +28,6 @@ documented in :ref:`nova-glance`.
You can modify many options in the Image service. The following tables provide
a comprehensive list.
-.. include:: tables/glance-auth_token.rst
.. include:: tables/glance-common.rst
.. include:: tables/glance-imagecache.rst
.. include:: tables/glance-logging.rst
diff --git a/doc/config-reference/source/message/zaqar-authentication.rst b/doc/config-reference/source/message/zaqar-authentication.rst
index 7f81b1756c..3ee137a98e 100644
--- a/doc/config-reference/source/message/zaqar-authentication.rst
+++ b/doc/config-reference/source/message/zaqar-authentication.rst
@@ -39,4 +39,3 @@ Options
Configure the authentication and authorization strategy through these options:
.. include:: ../tables/zaqar-authentication.rst
-.. include:: ../tables/zaqar-auth_token.rst
diff --git a/doc/config-reference/source/networking/networking_options_reference.rst b/doc/config-reference/source/networking/networking_options_reference.rst
index 43629d6ab7..4f8206b3ad 100644
--- a/doc/config-reference/source/networking/networking_options_reference.rst
+++ b/doc/config-reference/source/networking/networking_options_reference.rst
@@ -165,14 +165,6 @@ Use the following options to alter API-related settings.
.. include:: ../tables/neutron-api.rst
-Token authentication
-~~~~~~~~~~~~~~~~~~~~
-
-Use the following options to alter token authentication settings.
-
-.. include:: ../tables/neutron-auth_token.rst
-
-
Compute
~~~~~~~
diff --git a/doc/config-reference/source/orchestration.rst b/doc/config-reference/source/orchestration.rst
index 5dad8daa81..4dcd5237f1 100644
--- a/doc/config-reference/source/orchestration.rst
+++ b/doc/config-reference/source/orchestration.rst
@@ -27,7 +27,6 @@ distribution (`docs.openstack.org <http://docs.openstack.org>`__).
The following tables provide a comprehensive list of the Orchestration
configuration options:
-.. include:: tables/heat-auth_token.rst
.. include:: tables/heat-common.rst
.. include:: tables/heat-crypt.rst
.. include:: tables/heat-loadbalancer.rst
diff --git a/doc/config-reference/source/shared-file-systems/misc.rst b/doc/config-reference/source/shared-file-systems/misc.rst
index cc939adbd5..c6bb4cbb02 100644
--- a/doc/config-reference/source/shared-file-systems/misc.rst
+++ b/doc/config-reference/source/shared-file-systems/misc.rst
@@ -4,7 +4,6 @@ Additional options
These options can also be set in the ``manila.conf`` file.
-.. include:: ../tables/manila-auth_token.rst
.. include:: ../tables/manila-auth.rst
.. include:: ../tables/manila-ca.rst
.. include:: ../tables/manila-common.rst
diff --git a/doc/config-reference/source/tables/aodh-auth_token.rst b/doc/config-reference/source/tables/aodh-auth_token.rst
deleted file mode 100644
index 8c1a5d2a83..0000000000
--- a/doc/config-reference/source/tables/aodh-auth_token.rst
+++ /dev/null
@@ -1,96 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _aodh-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/ceilometer-auth_token.rst b/doc/config-reference/source/tables/ceilometer-auth_token.rst
deleted file mode 100644
index 52e79dad0a..0000000000
--- a/doc/config-reference/source/tables/ceilometer-auth_token.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _ceilometer-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/ceilometer-common.rst b/doc/config-reference/source/tables/ceilometer-common.rst
index fdcf4de2a7..573bd2d4d4 100644
--- a/doc/config-reference/source/tables/ceilometer-common.rst
+++ b/doc/config-reference/source/tables/ceilometer-common.rst
@@ -66,10 +66,6 @@
- (Integer) Maximum number of seconds between retry to join partitioning group
* - ``retry_backoff`` = ``1``
- (Integer) Retry backoff factor when retrying to connect withcoordination backend
- * - **[keystone_authtoken]**
- -
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
* - **[meter]**
-
* - ``meter_definitions_cfg_file`` = ``meters.yaml``
diff --git a/doc/config-reference/source/tables/cinder-auth_token.rst b/doc/config-reference/source/tables/cinder-auth_token.rst
deleted file mode 100644
index 29a8e50fa0..0000000000
--- a/doc/config-reference/source/tables/cinder-auth_token.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _cinder-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/cinder-common.rst b/doc/config-reference/source/tables/cinder-common.rst
index 2baab10609..abc2916809 100644
--- a/doc/config-reference/source/tables/cinder-common.rst
+++ b/doc/config-reference/source/tables/cinder-common.rst
@@ -128,7 +128,3 @@
- (Boolean) Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy.
* - ``watch_log_file`` = ``False``
- (Boolean) Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
- * - **[keystone_authtoken]**
- -
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
diff --git a/doc/config-reference/source/tables/common-auth_token.rst b/doc/config-reference/source/tables/common-auth_token.rst
index 826ca3f94e..201cca48cd 100644
--- a/doc/config-reference/source/tables/common-auth_token.rst
+++ b/doc/config-reference/source/tables/common-auth_token.rst
@@ -84,6 +84,8 @@
- (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
* - ``memcache_use_advanced_pool`` = ``False``
- (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
+ * - ``memcached_servers`` = ``None``
+ - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
* - ``region_name`` = ``None``
- (String) The region in which the identity server can be found.
* - ``revocation_cache_time`` = ``10``
diff --git a/doc/config-reference/source/tables/glance-auth_token.rst b/doc/config-reference/source/tables/glance-auth_token.rst
deleted file mode 100644
index c4ebff3ab5..0000000000
--- a/doc/config-reference/source/tables/glance-auth_token.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _glance-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/glance-common.rst b/doc/config-reference/source/tables/glance-common.rst
index 89b19575e1..3b3b98ab25 100644
--- a/doc/config-reference/source/tables/glance-common.rst
+++ b/doc/config-reference/source/tables/glance-common.rst
@@ -70,10 +70,6 @@
- (List) Supported values for the 'container_format' image attribute
* - ``disk_formats`` = ``ami, ari, aki, vhd, vmdk, raw, qcow2, vdi, iso``
- (List) Supported values for the 'disk_format' image attribute
- * - **[keystone_authtoken]**
- -
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
* - **[task]**
-
* - ``task_executor`` = ``taskflow``
diff --git a/doc/config-reference/source/tables/heat-auth_token.rst b/doc/config-reference/source/tables/heat-auth_token.rst
deleted file mode 100644
index 87e5ce3b4c..0000000000
--- a/doc/config-reference/source/tables/heat-auth_token.rst
+++ /dev/null
@@ -1,96 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _heat-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/ironic-auth_token.rst b/doc/config-reference/source/tables/ironic-auth_token.rst
deleted file mode 100644
index bc5e83a4c8..0000000000
--- a/doc/config-reference/source/tables/ironic-auth_token.rst
+++ /dev/null
@@ -1,96 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _ironic-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/keystone-auth_token.rst b/doc/config-reference/source/tables/keystone-auth_token.rst
deleted file mode 100644
index f34f158fa7..0000000000
--- a/doc/config-reference/source/tables/keystone-auth_token.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _keystone-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/keystone-common.rst b/doc/config-reference/source/tables/keystone-common.rst
index ebf5d54ecf..298d82b9d5 100644
--- a/doc/config-reference/source/tables/keystone-common.rst
+++ b/doc/config-reference/source/tables/keystone-common.rst
@@ -22,10 +22,6 @@
- (Integer) Size of executor thread pool.
* - ``memcached_servers`` = ``None``
- (List) Memcached servers or None for in process cache.
- * - **[keystone_authtoken]**
- -
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
* - **[oslo_concurrency]**
-
* - ``disable_process_locking`` = ``False``
diff --git a/doc/config-reference/source/tables/manila-auth_token.rst b/doc/config-reference/source/tables/manila-auth_token.rst
deleted file mode 100644
index 9adb013580..0000000000
--- a/doc/config-reference/source/tables/manila-auth_token.rst
+++ /dev/null
@@ -1,96 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _manila-auth_token:
-
-.. list-table:: Description of Authorization Token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/neutron-auth_token.rst b/doc/config-reference/source/tables/neutron-auth_token.rst
deleted file mode 100644
index d6aa3c864f..0000000000
--- a/doc/config-reference/source/tables/neutron-auth_token.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _neutron-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/neutron-common.rst b/doc/config-reference/source/tables/neutron-common.rst
index 32b284005a..5fa0fbb5b5 100644
--- a/doc/config-reference/source/tables/neutron-common.rst
+++ b/doc/config-reference/source/tables/neutron-common.rst
@@ -118,10 +118,6 @@
- (String) Root helper application. Use 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf' to use the real root filter facility. Change to 'sudo' to skip the filtering and just run the command directly.
* - ``root_helper_daemon`` = ``None``
- (String) Root helper daemon application to use when possible.
- * - **[keystone_authtoken]**
- -
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
* - **[qos]**
-
* - ``notification_drivers`` = ``message_queue``
diff --git a/doc/config-reference/source/tables/nova-auth_token.rst b/doc/config-reference/source/tables/nova-auth_token.rst
deleted file mode 100644
index bd60a89c3f..0000000000
--- a/doc/config-reference/source/tables/nova-auth_token.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _nova-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/nova-common.rst b/doc/config-reference/source/tables/nova-common.rst
index c4a83edbfe..3ef78dadf0 100644
--- a/doc/config-reference/source/tables/nova-common.rst
+++ b/doc/config-reference/source/tables/nova-common.rst
@@ -52,10 +52,6 @@
- (String) Explicitly specify the temporary working directory
* - ``use_rootwrap_daemon`` = ``False``
- (Boolean) Start and use a daemon that can run the commands that need to be run with root privileges. This option is usually enabled on nodes that run nova compute processes
- * - **[keystone_authtoken]**
- -
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
* - **[workarounds]**
-
* - ``destroy_after_evacuate`` = ``True``
diff --git a/doc/config-reference/source/tables/octavia-auth_token.rst b/doc/config-reference/source/tables/octavia-auth_token.rst
index 220691346f..1fbe74f309 100644
--- a/doc/config-reference/source/tables/octavia-auth_token.rst
+++ b/doc/config-reference/source/tables/octavia-auth_token.rst
@@ -16,84 +16,6 @@
* - Configuration option = Default value
- Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
* - **[keystone_authtoken_v3]**
-
* - ``admin_project_domain`` = ``default``
diff --git a/doc/config-reference/source/tables/sahara-auth_token.rst b/doc/config-reference/source/tables/sahara-auth_token.rst
deleted file mode 100644
index 7e24c3cc84..0000000000
--- a/doc/config-reference/source/tables/sahara-auth_token.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _sahara-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/sahara-common.rst b/doc/config-reference/source/tables/sahara-common.rst
index 5c3b0223a0..8ca03e2ee2 100644
--- a/doc/config-reference/source/tables/sahara-common.rst
+++ b/doc/config-reference/source/tables/sahara-common.rst
@@ -120,7 +120,3 @@
-
* - ``use_local`` = ``True``
- (Boolean) Perform sahara-conductor operations locally.
- * - **[keystone_authtoken]**
- -
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
diff --git a/doc/config-reference/source/tables/trove-auth_token.rst b/doc/config-reference/source/tables/trove-auth_token.rst
deleted file mode 100644
index 3d73223217..0000000000
--- a/doc/config-reference/source/tables/trove-auth_token.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _trove-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/tables/trove-common.rst b/doc/config-reference/source/tables/trove-common.rst
index 8783ecf0dd..5927926305 100644
--- a/doc/config-reference/source/tables/trove-common.rst
+++ b/doc/config-reference/source/tables/trove-common.rst
@@ -64,10 +64,6 @@
- (String) Name of the Barbican authentication method to use
* - ``cert_manager_type`` = ``barbican``
- (String) Certificate Manager plugin. Defaults to barbican.
- * - **[keystone_authtoken]**
- -
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
* - **[service_auth]**
-
* - ``admin_password`` = ``password``
diff --git a/doc/config-reference/source/tables/zaqar-auth_token.rst b/doc/config-reference/source/tables/zaqar-auth_token.rst
deleted file mode 100644
index 27f58a4683..0000000000
--- a/doc/config-reference/source/tables/zaqar-auth_token.rst
+++ /dev/null
@@ -1,96 +0,0 @@
-..
- Warning: Do not edit this file. It is automatically generated from the
- software project's code and your changes will be overwritten.
-
- The tool to generate this file lives in openstack-doc-tools repository.
-
- Please make any changes needed in the code, then run the
- autogenerate-config-doc tool from the openstack-doc-tools repository, or
- ask for help on the documentation mailing list, IRC channel or meeting.
-
-.. _zaqar-auth_token:
-
-.. list-table:: Description of authorization token configuration options
- :header-rows: 1
- :class: config-ref-table
-
- * - Configuration option = Default value
- - Description
- * - **[keystone_authtoken]**
- -
- * - ``admin_password`` = ``None``
- - (String) Service user password.
- * - ``admin_tenant_name`` = ``admin``
- - (String) Service tenant name.
- * - ``admin_token`` = ``None``
- - (String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
- * - ``admin_user`` = ``None``
- - (String) Service username.
- * - ``auth_admin_prefix`` =
- - (String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
- * - ``auth_host`` = ``127.0.0.1``
- - (String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_port`` = ``35357``
- - (Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_protocol`` = ``https``
- - (String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
- * - ``auth_section`` = ``None``
- - (Unknown) Config Section from which to load plugin specific options
- * - ``auth_type`` = ``None``
- - (Unknown) Authentication type to load
- * - ``auth_uri`` = ``None``
- - (String) Complete public Identity API endpoint.
- * - ``auth_version`` = ``None``
- - (String) API version of the admin Identity API endpoint.
- * - ``cache`` = ``None``
- - (String) Env key for the swift cache.
- * - ``cafile`` = ``None``
- - (String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
- * - ``certfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``check_revocations_for_cached`` = ``False``
- - (Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
- * - ``delay_auth_decision`` = ``False``
- - (Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
- * - ``enforce_token_bind`` = ``permissive``
- - (String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
- * - ``hash_algorithms`` = ``md5``
- - (List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
- * - ``http_connect_timeout`` = ``None``
- - (Integer) Request timeout value for communicating with Identity API server.
- * - ``http_request_max_retries`` = ``3``
- - (Integer) How many times are we trying to reconnect when communicating with Identity API Server.
- * - ``identity_uri`` = ``None``
- - (String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
- * - ``include_service_catalog`` = ``True``
- - (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
- * - ``insecure`` = ``False``
- - (Boolean) Verify HTTPS connections.
- * - ``keyfile`` = ``None``
- - (String) Required if identity server requires client certificate
- * - ``memcache_pool_conn_get_timeout`` = ``10``
- - (Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
- * - ``memcache_pool_dead_retry`` = ``300``
- - (Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
- * - ``memcache_pool_maxsize`` = ``10``
- - (Integer) (Optional) Maximum total number of open connections to every memcached server.
- * - ``memcache_pool_socket_timeout`` = ``3``
- - (Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
- * - ``memcache_pool_unused_timeout`` = ``60``
- - (Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
- * - ``memcache_secret_key`` = ``None``
- - (String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
- * - ``memcache_security_strategy`` = ``None``
- - (String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
- * - ``memcache_use_advanced_pool`` = ``False``
- - (Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
- * - ``memcached_servers`` = ``None``
- - (List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
- * - ``region_name`` = ``None``
- - (String) The region in which the identity server can be found.
- * - ``revocation_cache_time`` = ``10``
- - (Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
- * - ``signing_dir`` = ``None``
- - (String) Directory used to cache files related to PKI tokens.
- * - ``token_cache_time`` = ``300``
- - (Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
diff --git a/doc/config-reference/source/telemetry/alarming-config-options.rst b/doc/config-reference/source/telemetry/alarming-config-options.rst
index 8f3cd9ab4b..26e9c9f00b 100644
--- a/doc/config-reference/source/telemetry/alarming-config-options.rst
+++ b/doc/config-reference/source/telemetry/alarming-config-options.rst
@@ -7,7 +7,6 @@ Alarming service configuration options.
.. include:: ../tables/aodh-amqp.rst
.. include:: ../tables/aodh-api.rst
-.. include:: ../tables/aodh-auth_token.rst
.. include:: ../tables/aodh-common.rst
.. include:: ../tables/aodh-coordination.rst
.. include:: ../tables/aodh-logging.rst
diff --git a/doc/config-reference/source/telemetry/telemetry-config-options.rst b/doc/config-reference/source/telemetry/telemetry-config-options.rst
index e1c7c2a1df..5432477c0f 100644
--- a/doc/config-reference/source/telemetry/telemetry-config-options.rst
+++ b/doc/config-reference/source/telemetry/telemetry-config-options.rst
@@ -8,7 +8,6 @@ configuration options.
.. include:: ../tables/ceilometer-amqp.rst
.. include:: ../tables/ceilometer-api.rst
.. include:: ../tables/ceilometer-auth.rst
-.. include:: ../tables/ceilometer-auth_token.rst
.. include:: ../tables/ceilometer-collector.rst
.. include:: ../tables/ceilometer-common.rst
.. include:: ../tables/ceilometer-debug.rst
diff --git a/tools/autogenerate-config-flagmappings/aodh.flagmappings b/tools/autogenerate-config-flagmappings/aodh.flagmappings
index 518e48c336..acf15dd94c 100644
--- a/tools/autogenerate-config-flagmappings/aodh.flagmappings
+++ b/tools/autogenerate-config-flagmappings/aodh.flagmappings
@@ -94,44 +94,44 @@ database/slave_connection disable
database/sqlite_db disable
database/sqlite_synchronous disable
database/use_db_reconnect disable
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers auth_token
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
matchmaker_redis/check_timeout redis
matchmaker_redis/host redis
matchmaker_redis/password redis
diff --git a/tools/autogenerate-config-flagmappings/ceilometer.flagmappings b/tools/autogenerate-config-flagmappings/ceilometer.flagmappings
index cbb10bbc7c..c03cb4fb58 100644
--- a/tools/autogenerate-config-flagmappings/ceilometer.flagmappings
+++ b/tools/autogenerate-config-flagmappings/ceilometer.flagmappings
@@ -158,44 +158,44 @@ hardware/url_scheme tripleo
hyperv/force_volumeutils_v1 hyperv
ipmi/node_manager_init_retry ipmi
ipmi/polling_retry ipmi
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers common
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
matchmaker_redis/check_timeout redis
matchmaker_redis/host redis
matchmaker_redis/password redis
diff --git a/tools/autogenerate-config-flagmappings/cinder.flagmappings b/tools/autogenerate-config-flagmappings/cinder.flagmappings
index 7540cd32a8..6d6b7cc02b 100644
--- a/tools/autogenerate-config-flagmappings/cinder.flagmappings
+++ b/tools/autogenerate-config-flagmappings/cinder.flagmappings
@@ -744,44 +744,44 @@ keymgr/api_class keymgr
keymgr/encryption_api_url keymgr
keymgr/encryption_auth_url keymgr
keymgr/fixed_key keymgr
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers common
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
matchmaker_redis/check_timeout redis
matchmaker_redis/host redis
matchmaker_redis/password redis
diff --git a/tools/autogenerate-config-flagmappings/glance.flagmappings b/tools/autogenerate-config-flagmappings/glance.flagmappings
index cab814de0c..2074bceccd 100644
--- a/tools/autogenerate-config-flagmappings/glance.flagmappings
+++ b/tools/autogenerate-config-flagmappings/glance.flagmappings
@@ -234,44 +234,44 @@ glance_store/vmware_store_image_dir vmware
glance_store/vmware_task_poll_interval vmware
image_format/container_formats common
image_format/disk_formats common
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers common
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
matchmaker_redis/check_timeout redis
matchmaker_redis/host redis
matchmaker_redis/password redis
diff --git a/tools/autogenerate-config-flagmappings/heat.flagmappings b/tools/autogenerate-config-flagmappings/heat.flagmappings
index aa61d8c809..2bcf4e718d 100644
--- a/tools/autogenerate-config-flagmappings/heat.flagmappings
+++ b/tools/autogenerate-config-flagmappings/heat.flagmappings
@@ -230,44 +230,44 @@ heat_api_cloudwatch/key_file cloudwatch_api
heat_api_cloudwatch/max_header_line cloudwatch_api
heat_api_cloudwatch/tcp_keepidle cloudwatch_api
heat_api_cloudwatch/workers cloudwatch_api
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers auth_token
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
matchmaker_redis/check_timeout redis
matchmaker_redis/host redis
matchmaker_redis/password redis
diff --git a/tools/autogenerate-config-flagmappings/ironic.flagmappings b/tools/autogenerate-config-flagmappings/ironic.flagmappings
index 27fbc97c54..d712ee1995 100644
--- a/tools/autogenerate-config-flagmappings/ironic.flagmappings
+++ b/tools/autogenerate-config-flagmappings/ironic.flagmappings
@@ -211,44 +211,44 @@ irmc/snmp_version irmc
ironic_lib/fatal_exception_format_errors common
ironic_lib/root_helper common
keystone/region_name keystone
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers auth_token
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
matchmaker_redis/check_timeout redis
matchmaker_redis/host redis
matchmaker_redis/password redis
diff --git a/tools/autogenerate-config-flagmappings/keystone.flagmappings b/tools/autogenerate-config-flagmappings/keystone.flagmappings
index 1a40b8fbd5..5cef161892 100644
--- a/tools/autogenerate-config-flagmappings/keystone.flagmappings
+++ b/tools/autogenerate-config-flagmappings/keystone.flagmappings
@@ -160,44 +160,44 @@ identity/max_password_length identity
identity_mapping/backward_compatible_ids mapping
identity_mapping/driver mapping
identity_mapping/generator mapping
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers common
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
kvs/backends kvs
kvs/config_prefix kvs
kvs/default_lock_timeout kvs
diff --git a/tools/autogenerate-config-flagmappings/manila.flagmappings b/tools/autogenerate-config-flagmappings/manila.flagmappings
index 5453921aa8..5e13bf054e 100644
--- a/tools/autogenerate-config-flagmappings/manila.flagmappings
+++ b/tools/autogenerate-config-flagmappings/manila.flagmappings
@@ -381,44 +381,44 @@ hnas1/hds_hnas_stalled_job_timeout hds_hnas
hnas1/hds_hnas_user hds_hnas
hnas1/share_backend_name hds_hnas
hnas1/share_driver hds_hnas
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers auth_token
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
matchmaker_redis/check_timeout redis
matchmaker_redis/host redis
matchmaker_redis/password redis
diff --git a/tools/autogenerate-config-flagmappings/neutron.flagmappings b/tools/autogenerate-config-flagmappings/neutron.flagmappings
index 622fcfd841..ec36638863 100644
--- a/tools/autogenerate-config-flagmappings/neutron.flagmappings
+++ b/tools/autogenerate-config-flagmappings/neutron.flagmappings
@@ -307,44 +307,44 @@ haproxy/user_group lbaas_agent
ipsec/config_base_dir vpnaas_ipsec
ipsec/enable_detailed_logging vpnaas_ipsec
ipsec/ipsec_status_check_interval vpnaas_ipsec
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers common
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
l2pop/agent_boot_time ml2_l2pop
macvtap/physical_interface_mappings ml2_macvtap
matchmaker_redis/check_timeout redis
diff --git a/tools/autogenerate-config-flagmappings/nova.flagmappings b/tools/autogenerate-config-flagmappings/nova.flagmappings
index 9021a73631..42ec0cf122 100644
--- a/tools/autogenerate-config-flagmappings/nova.flagmappings
+++ b/tools/autogenerate-config-flagmappings/nova.flagmappings
@@ -486,44 +486,44 @@ ironic/cafile ironic
ironic/client_log_level ironic
keymgr/api_class keymgr
keymgr/fixed_key keymgr
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers common
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
libvirt/block_migration_flag libvirt
libvirt/checksum_base_images libvirt
libvirt/checksum_interval_seconds libvirt
diff --git a/tools/autogenerate-config-flagmappings/octavia.flagmappings b/tools/autogenerate-config-flagmappings/octavia.flagmappings
index f7316b6e79..9b341cb219 100644
--- a/tools/autogenerate-config-flagmappings/octavia.flagmappings
+++ b/tools/autogenerate-config-flagmappings/octavia.flagmappings
@@ -163,44 +163,44 @@ keepalived_vrrp/vrrp_fail_count common
keepalived_vrrp/vrrp_garp_refresh_count common
keepalived_vrrp/vrrp_garp_refresh_interval common
keepalived_vrrp/vrrp_success_count common
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers auth_token
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
keystone_authtoken_v3/admin_project_domain auth_token
keystone_authtoken_v3/admin_user_domain auth_token
matchmaker_redis/check_timeout redis
diff --git a/tools/autogenerate-config-flagmappings/sahara.flagmappings b/tools/autogenerate-config-flagmappings/sahara.flagmappings
index 3fbe1570f5..cc01946d8b 100644
--- a/tools/autogenerate-config-flagmappings/sahara.flagmappings
+++ b/tools/autogenerate-config-flagmappings/sahara.flagmappings
@@ -133,44 +133,44 @@ heat/endpoint_type clients
keystone/api_insecure clients
keystone/ca_file clients
keystone/endpoint_type clients
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers common
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
manila/api_insecure clients
manila/api_version clients
manila/ca_file clients
diff --git a/tools/autogenerate-config-flagmappings/trove.flagmappings b/tools/autogenerate-config-flagmappings/trove.flagmappings
index aa6d90a928..c7a1c66efd 100644
--- a/tools/autogenerate-config-flagmappings/trove.flagmappings
+++ b/tools/autogenerate-config-flagmappings/trove.flagmappings
@@ -293,44 +293,44 @@ db2/root_on_create db_db2
db2/tcp_ports db_db2
db2/udp_ports db_db2
db2/volume_support db_db2
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers common
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
mariadb/api_strategy db_mariadb
mariadb/backup_incremental_strategy db_mariadb
mariadb/backup_namespace db_mariadb
diff --git a/tools/autogenerate-config-flagmappings/zaqar.flagmappings b/tools/autogenerate-config-flagmappings/zaqar.flagmappings
index 4d8a61ceb4..2f96491682 100644
--- a/tools/autogenerate-config-flagmappings/zaqar.flagmappings
+++ b/tools/autogenerate-config-flagmappings/zaqar.flagmappings
@@ -77,44 +77,44 @@ drivers:transport:websocket/external_port websocket
drivers:transport:websocket/port websocket
drivers:transport:wsgi/bind wsgi
drivers:transport:wsgi/port wsgi
-keystone_authtoken/admin_password auth_token
-keystone_authtoken/admin_tenant_name auth_token
-keystone_authtoken/admin_token auth_token
-keystone_authtoken/admin_user auth_token
-keystone_authtoken/auth_admin_prefix auth_token
-keystone_authtoken/auth_host auth_token
-keystone_authtoken/auth_port auth_token
-keystone_authtoken/auth_protocol auth_token
-keystone_authtoken/auth_section auth_token
-keystone_authtoken/auth_type auth_token
-keystone_authtoken/auth_uri auth_token
-keystone_authtoken/auth_version auth_token
-keystone_authtoken/cache auth_token
-keystone_authtoken/cafile auth_token
-keystone_authtoken/certfile auth_token
-keystone_authtoken/check_revocations_for_cached auth_token
-keystone_authtoken/delay_auth_decision auth_token
-keystone_authtoken/enforce_token_bind auth_token
-keystone_authtoken/hash_algorithms auth_token
-keystone_authtoken/http_connect_timeout auth_token
-keystone_authtoken/http_request_max_retries auth_token
-keystone_authtoken/identity_uri auth_token
-keystone_authtoken/include_service_catalog auth_token
-keystone_authtoken/insecure auth_token
-keystone_authtoken/keyfile auth_token
-keystone_authtoken/memcache_pool_conn_get_timeout auth_token
-keystone_authtoken/memcache_pool_dead_retry auth_token
-keystone_authtoken/memcache_pool_maxsize auth_token
-keystone_authtoken/memcache_pool_socket_timeout auth_token
-keystone_authtoken/memcache_pool_unused_timeout auth_token
-keystone_authtoken/memcache_secret_key auth_token
-keystone_authtoken/memcache_security_strategy auth_token
-keystone_authtoken/memcache_use_advanced_pool auth_token
-keystone_authtoken/memcached_servers auth_token
-keystone_authtoken/region_name auth_token
-keystone_authtoken/revocation_cache_time auth_token
-keystone_authtoken/signing_dir auth_token
-keystone_authtoken/token_cache_time auth_token
+keystone_authtoken/admin_password disable
+keystone_authtoken/admin_tenant_name disable
+keystone_authtoken/admin_token disable
+keystone_authtoken/admin_user disable
+keystone_authtoken/auth_admin_prefix disable
+keystone_authtoken/auth_host disable
+keystone_authtoken/auth_port disable
+keystone_authtoken/auth_protocol disable
+keystone_authtoken/auth_section disable
+keystone_authtoken/auth_type disable
+keystone_authtoken/auth_uri disable
+keystone_authtoken/auth_version disable
+keystone_authtoken/cache disable
+keystone_authtoken/cafile disable
+keystone_authtoken/certfile disable
+keystone_authtoken/check_revocations_for_cached disable
+keystone_authtoken/delay_auth_decision disable
+keystone_authtoken/enforce_token_bind disable
+keystone_authtoken/hash_algorithms disable
+keystone_authtoken/http_connect_timeout disable
+keystone_authtoken/http_request_max_retries disable
+keystone_authtoken/identity_uri disable
+keystone_authtoken/include_service_catalog disable
+keystone_authtoken/insecure disable
+keystone_authtoken/keyfile disable
+keystone_authtoken/memcache_pool_conn_get_timeout disable
+keystone_authtoken/memcache_pool_dead_retry disable
+keystone_authtoken/memcache_pool_maxsize disable
+keystone_authtoken/memcache_pool_socket_timeout disable
+keystone_authtoken/memcache_pool_unused_timeout disable
+keystone_authtoken/memcache_secret_key disable
+keystone_authtoken/memcache_security_strategy disable
+keystone_authtoken/memcache_use_advanced_pool disable
+keystone_authtoken/memcached_servers disable
+keystone_authtoken/region_name disable
+keystone_authtoken/revocation_cache_time disable
+keystone_authtoken/signing_dir disable
+keystone_authtoken/token_cache_time disable
notification/smtp_command api
oslo_policy/policy_default_rule disable
oslo_policy/policy_dirs disable