Merge "Fixed exception handling" into release/2019.2.0
diff --git a/README.rst b/README.rst
index 6ce524f..b0b4caa 100644
--- a/README.rst
+++ b/README.rst
@@ -884,16 +884,16 @@
keystone:
server:
security_compliance:
- disable_user_account_days_inactive: 90
- lockout_failure_attempts: 5
+ disable_user_account_days_inactive: 365
+ lockout_failure_attempts: 60
lockout_duration: 600
- password_expires_days: 90
- unique_last_password_count: 10
+ password_expires_days: 730
+ unique_last_password_count: 5
minimum_password_age: 0
- password_regex: '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$'
- password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
- change_password_upon_first_use: true
-
+ password_regex: '^[a-zA-Z0-9~!@#%^&\*_=+]{32,}$$'
+ password_regex_description: |
+ 'Your password could contains capital letters, lowercase letters, digits, symbols "~ ! @ # % ^ & * _ = +" and have a minimum length of 32 characters'
+ change_password_upon_first_use: False
Define extra user options.
-------------------------
diff --git a/keystone/server.sls b/keystone/server.sls
index 2c9e6b1..886b5e8 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls
@@ -425,7 +425,7 @@
- runas: 'keystone'
- unless:
. /var/lib/keystone/keystonercv3; openstack endpoint list --service identity --interface internal -f value -c URL |grep {{ server.bind.get('port', 5000) }}
- {%- if grains.get('noservices', False) %}
+ {%- if server.get('role', 'secondary') != 'primary' or grains.get('noservices', False) %}
- onlyif: /bin/false
{%- endif %}
- require:
diff --git a/tests/pillar/cluster.sls b/tests/pillar/cluster.sls
index 24b17f4..11e0e7d 100644
--- a/tests/pillar/cluster.sls
+++ b/tests/pillar/cluster.sls
@@ -30,14 +30,15 @@
notification_format: cadf
security_compliance:
disable_user_account_days_inactive: 90
- lockout_failure_attempts: 5
+ lockout_failure_attempts: 60
lockout_duration: 600
- password_expires_days: 90
- unique_last_password_count: 10
+ password_expires_days: 730
+ unique_last_password_count: 5
minimum_password_age: 0
- password_regex: '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$'
- password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
- change_password_upon_first_use: True
+ password_regex: '^[a-zA-Z0-9]{32,}$$'
+ password_regex_description: |
+ Your password could contains capital letters, lowercase letters, digits and have a minimum length of 32 characters
+ change_password_upon_first_use: False
logging:
log_appender: false
log_handlers:
diff --git a/tests/pillar/single.sls b/tests/pillar/single.sls
index 3570ed1..7227af7 100644
--- a/tests/pillar/single.sls
+++ b/tests/pillar/single.sls
@@ -31,14 +31,15 @@
notification_format: cadf
security_compliance:
disable_user_account_days_inactive: 90
- lockout_failure_attempts: 5
+ lockout_failure_attempts: 60
lockout_duration: 600
- password_expires_days: 90
- unique_last_password_count: 10
+ password_expires_days: 730
+ unique_last_password_count: 5
minimum_password_age: 0
- password_regex: '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$'
- password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
- change_password_upon_first_use: True
+ password_regex: '^[a-zA-Z0-9]{32,}$$'
+ password_regex_description: |
+ Your password could contains capital letters, lowercase letters, digits and have a minimum length of 32 characters
+ change_password_upon_first_use: False
logging:
log_appender: false
log_handlers: