yahoo-eng-team team mailing list archive

[Steve Martinelli <1659995@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

`password_expires_ignore_user_ids` is a list option in
[security_compliance], but this is impractical since any update would
require a restart of keystone.

instead let's use per-resouce "options" available in the identity
database.

also, `lockout_ignored_user_ids` is another config option we should
remove, but no need to deprecate it since it was introduced in ocata
(and will be removed in ocata)

** Affects: keystone
     Importance: High
     Assignee: Steve Martinelli (stevemar)
         Status: In Progress

** Changed in: keystone
    Milestone: None => ocata-rc1

** Changed in: keystone
     Assignee: (unassigned) => Steve Martinelli (stevemar)

** Changed in: keystone
   Importance: Undecided => High

** Changed in: keystone
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1659995

Title:
  stop using per-user id settings in security_compliance

Status in OpenStack Identity (keystone):
  In Progress

Bug description:
  `password_expires_ignore_user_ids` is a list option in
  [security_compliance], but this is impractical since any update would
  require a restart of keystone.

  instead let's use per-resouce "options" available in the identity
  database.

  also, `lockout_ignored_user_ids` is another config option we should
  remove, but no need to deprecate it since it was introduced in ocata
  (and will be removed in ocata)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1659995/+subscriptions