change text or behaviour of the admin token in keystone.conf
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Steve Martinelli | ||
Bug Description
Given the outcome of: https:/
And a recent colleague asking why he can't use the admin token to get a list of projects we should address the misconception surrounding this part of the keystone.conf file.
Currently, it reads:
[DEFAULT]
# A "shared secret" between keystone and other openstack services
# admin_token = ADMIN
which kind of gives the indication that it has overwhelming power, when in fact it does not represent a user and carries no explicit authorization that can be delegated. It's just a magical hack for bootstrapping keystone and should be removed from the wsgi pipeline after that.
Suggest we either clean up the comment before the admin_token, or we actually make it usable, and let it grab the admin project/user (but if no users or project exist... )
| Changed in keystone: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| assignee: | nobody → Steve Martinelli (stevemar) |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #1 |
| Changed in keystone: | |
| status: | Confirmed → In Progress |
| Changed in keystone: | |
| importance: | High → Medium |
| Changed in keystone: | |
| assignee: | Steve Martinelli (stevemar) → Dolph Mathews (dolph) |
| Changed in keystone: | |
| assignee: | Dolph Mathews (dolph) → Steve Martinelli (stevemar) |
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #2 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| milestone: | none → icehouse-2 |
| status: | Fix Committed → Fix Released |
| Changed in keystone: | |
| milestone: | icehouse-2 → 2014.1 |
Fix proposed to branch: master
Review: https:/