From 884a4ea46153aa16fae0dc40cd271b081f9404f5 Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragstad@gmail.com>
Date: Mon, 20 Jul 2020 09:15:42 -0500
Subject: Clarify what exactly an "access file" is

The definition of an "access" file is very vague, but oslopolicy-checker
expects it to be a token response body from keystone. If you don't pass
a token response explicitly, oslopolicy-checker will fail.

Change-Id: I5362fabb0344b67996367382dbc173eeaf39b06b
---
 doc/source/cli/oslopolicy-checker.rst | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/doc/source/cli/oslopolicy-checker.rst b/doc/source/cli/oslopolicy-checker.rst
index b72354f..bb4fee1 100644
--- a/doc/source/cli/oslopolicy-checker.rst
+++ b/doc/source/cli/oslopolicy-checker.rst
@@ -19,7 +19,9 @@ Description
 -----------
 
 The ``oslopolicy-policy-generator`` command can be used to check policy against
-the OpenStack Identity API access information.
+the OpenStack Identity API access information. The access information is a
+keystone token response from keystone's `authentication API
+<https://docs.openstack.org/api-ref/identity/v3/#password-authentication-with-scoped-authorization>`_.
 
 Options
 -------
@@ -28,8 +30,8 @@ Options
 
 .. option:: --access ACCESS
 
-    Path to a file containing OpenStack Identity API access info in JSON
-    format.
+    Path to a file containing an OpenStack Identity API token response body in
+    JSON format.
 
 .. option:: --enforcer_config ENFORCER_CONFIG
 
-- 
cgit v1.2.1