OpenStack Identity (keystone)

Nova middleware integration (paste.ini) has hardcoded admin token ...

Bug #843072 reported by klmitch on 2011-08-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	High	Unassigned

Bug Description

examples/paste/nova-api-paste.ini
------------------------------------------------
...
[filter:tokenauth]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 808
auth_host = 127.0.0.1
auth_port = 5001
auth_protocol = http
admin_token = 999888777666

This requires a special tenant/token/user to be created on the keystone side. It should just use normal keystone auth to get the admin token.

Revision history for this message

klmitch (q-noreply) wrote on 2011-08-10:

Do you expect the username/password to be stored in the conf file instead?

Revision history for this message

klmitch (q-noreply) wrote on 2011-08-10:

hmm, yeah, the more I think about it I suppose it's pie/cake which approach we take. Ideally we should be storing that stuff in an HSM or something. Feel free to disregard.

Revision history for this message

klmitch (q-noreply) wrote on 2011-08-10:

I think this could be addressed by #84. Let me know if not and we can re-open...

Revision history for this message

klmitch (q-noreply) wrote on 2011-08-10:

Yeah, I like the idea in #84 better ... not tying it to a tenant (that's where I was getting the exception initially, so I made a bogus tenant ID)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.