Clarify what exactly an "access file" is

The definition of an "access" file is very vague, but oslopolicy-checker expects it to be a token response body from keystone. If you don't pass a token response explicitly, oslopolicy-checker will fail. Change-Id: I5362fabb0344b67996367382dbc173eeaf39b06b
author: Lance Bragstad <lbragstad@gmail.com> 2020-07-20 09:15:42 -0500
committer: Lance Bragstad <lbragstad@gmail.com> 2020-07-20 09:15:42 -0500
commit: 884a4ea46153aa16fae0dc40cd271b081f9404f5 (patch)
tree: 3b40a388606254355902adc7bb7f44556092b997
parent: cab28649c689067970a51a2f9b329bdd6a0f0501 (diff)
download: oslo-policy-884a4ea46153aa16fae0dc40cd271b081f9404f5.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/source/cli/oslopolicy-checker.rst b/doc/source/cli/oslopolicy-checker.rst
index b72354f..bb4fee1 100644
--- a/doc/source/cli/oslopolicy-checker.rst
+++ b/doc/source/cli/oslopolicy-checker.rst
@@ -19,7 +19,9 @@ Description
 -----------
 
 The ``oslopolicy-policy-generator`` command can be used to check policy against
-the OpenStack Identity API access information.
+the OpenStack Identity API access information. The access information is a
+keystone token response from keystone's `authentication API
+<https://docs.openstack.org/api-ref/identity/v3/#password-authentication-with-scoped-authorization>`_.
 
 Options
 -------
@@ -28,8 +30,8 @@ Options
 
 .. option:: --access ACCESS
 
-    Path to a file containing OpenStack Identity API access info in JSON
-    format.
+    Path to a file containing an OpenStack Identity API token response body in
+    JSON format.
 
 .. option:: --enforcer_config ENFORCER_CONFIG
author	Lance Bragstad <lbragstad@gmail.com>	2020-07-20 09:15:42 -0500
committer	Lance Bragstad <lbragstad@gmail.com>	2020-07-20 09:15:42 -0500
commit	884a4ea46153aa16fae0dc40cd271b081f9404f5 (patch)
tree	3b40a388606254355902adc7bb7f44556092b997
parent	cab28649c689067970a51a2f9b329bdd6a0f0501 (diff)
download	oslo-policy-884a4ea46153aa16fae0dc40cd271b081f9404f5.tar.gz