commit 004f17bf81986802d1193187fb92f5f48edc926c
author Oleksandr Shyshko <oshyshko@mirantis.com> Thu Feb 21 12:51:25 2019 +0000
committer Oleksandr Shyshko <oshyshko@mirantis.com> Mon Mar 04 15:50:16 2019 +0000
tree 4743b691dacfff0445f89de3fc5c15dbda84403f
parent 49a50833cc96fb2eb775547af1d39a414fc2756b

Unhardcoded [security_compliance] section.

Change-Id: I075e4b7171e037e656f0ee330dbfb1cb15836d2c
Related-PROD: PROD-26638
Related-PROD: PROD-27663

README.rst

diff --git a/README.rst b/README.rst
index 53d0198..7f7fbe7 100644
--- a/README.rst
+++ b/README.rst
@@ -895,6 +895,31 @@
           max_active_keys: 27
         ...
 
+Enable security compliance policies.
+-----------------------------------
+By default security compliance policies disabled. You are able to define follow params independency each other.
+
+Notice: To ignore `change_password_upon_first_use` requirement for specific users, such as service users,
+set the `options` attribute `ignore_change_password_upon_first_use`
+to `True` for the desired user via the update user API
+
+Notice: Symbol "$" should have escape character and looks like "$$".
+
+.. code-block:: yaml
+
+keystone:
+  server:
+    security_compliance:
+      disable_user_account_days_inactive: 90
+      lockout_failure_attempts: 5
+      lockout_duration: 600
+      password_expires_days: 90
+      unique_last_password_count: 10
+      minimum_password_age: 0
+      password_regex: '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$'
+      password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
+      change_password_upon_first_use: true
+
 Upgrades
 ========