OpenStack Keystone Charm

  1. Bug #1776688
  2. Comment #4

Comment 4 for bug 1776688

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-keystone (master)

Reviewed: https://review.opendev.org/702684
Committed: https://git.openstack.org/cgit/openstack/charm-keystone/commit/?id=e83cb05bf86ab797c83964e4287b5879297ecda0
Submitter: Zuul
Branch: master

commit e83cb05bf86ab797c83964e4287b5879297ecda0
Author: Alex Kavanagh <email address hidden>
Date: Wed Jan 15 15:15:06 2020 +0000

    Implement Security Compiance option for password

    This feature adds a "password-security-compliance" option to the
    charm to enable setting of keys in the "[security_compliance]" section
    of the keystone.conf file. This section was added in the Newton
    release, and so this feature supports this from the Newton release.

    It also protects the service accounts from two of the PCI-DSS options
    but setting the user options 'ignore_password_expiry' and
    'ignore_change_password_upon_first_use' to True to prevent the cloud
    from being broken.

    Change-Id: If7c54fae73188284bd9b03a53626cdf52158b994
    Closes-Bug: #1776688