Doc updates for Certificates for PKI

There were several issuses with the "Certificates for PKI" subsection of the "Identity management" section of the Cloud Administrator Guide. - Keystone doesn't have a token_format or ca_password setting in the [signing] section of its config file, so the doc shouldn't say that there is one. - Keystone does have a cert_subject option, so add that for completeness. - The token provider class is now used instead of token_format. Change-Id: Id8fe05797948e107d5fdb1e781eb40046c293872
2015-03-29 11:42:03 -05:00 · 2015-03-29 11:42:03 -05:00 · b4a5035dd0
commit b4a5035dd0
parent 8e892da2bf
1 changed files with 10 additions and 14 deletions
--- a/doc/common/section_keystone_certificates-for-pki.xml
+++ b/doc/common/section_keystone_certificates-for-pki.xml
@ -36,13 +36,6 @@
        under the <literal>[signing]</literal> section of the
        configuration file. The configuration values are:</para>
    <itemizedlist>
-        <listitem>
-            <para>
-                <literal>token_format</literal> - Determines the
-                algorithm used to generate tokens. Can be either
-                    <literal>UUID</literal> or <literal>PKI</literal>.
-                Defaults to <literal>PKI</literal>.</para>
-        </listitem>
        <listitem>
            <para>
                <literal>certfile</literal> - Location of certificate
@ -81,9 +74,10 @@
        </listitem>
        <listitem>
            <para>
-                <literal>ca_password</literal> - Password required to
-                read the <literal>ca_file</literal>. Default is
-                    <literal>None</literal>.</para>
+                <literal>cert_subject</literal> - Certificate subject (auto
+                    generated certificate) for token signing. Default is
+                    <literal>/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com</literal>.
+                    </para>
        </listitem>
    </itemizedlist>
    <para>When generating certificates with the
@ -95,11 +89,13 @@
        is not used to generate certificates, or you are providing
        your own certificates, these values do not need
        to be set.</para>
-    <para>If <literal>token_format=UUID</literal>, a typical token
-        looks like
+    <para>If
+        <literal>provider=keystone.token.providers.uuid.Provider</literal> in
+        the <literal>[token]</literal> section of the keystone configuration, a
+        typical token looks like
        <literal>53f7f6ef0cc344b5be706bcc8b1479e1</literal>. If
-            <literal>token_format=PKI</literal>, a typical token is a
-        much longer string, such as:</para>
+        <literal>provider=keystone.token.providers.pki.Provider</literal>, a
+        typical token is a much longer string, such as:</para>
    <screen>MIIKtgYJKoZIhvcNAQcCoIIKpzCCCqMCAQExCTAHBgUrDgMCGjCCCY8GCSqGSIb3DQEHAaCCCYAEggl8eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0z
 MFQxNTo1MjowNi43MzMxOTgiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMxVDE1OjUyOjA2WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVs
 bCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiYzJjNTliNGQzZDI4NGQ4ZmEwOWYxNjljYjE4MDBlMDYiLCAibmFtZSI6ICJkZW1vIn19LCAic2VydmljZUNhdGFsb2ciOiBbeyJlbmRw