Given the outcome of: https://bugs.launchpad.net/keystone/+bug/1259440
And a recent colleague asking why he can't use the admin token to get a list of projects we should address the misconception surrounding this part of the keystone.conf file.
Currently, it reads:
[DEFAULT]
# A "shared secret" between keystone and other openstack services
# admin_token = ADMIN
which kind of gives the indication that it has overwhelming power, when in fact it does not represent a user and carries no explicit authorization that can be delegated. It's just a magical hack for bootstrapping keystone and should be removed from the wsgi pipeline after that.
Suggest we either clean up the comment before the admin_token, or we actually make it usable, and let it grab the admin project/user (but if no users or project exist... )
Fix proposed to branch: master /review. openstack. org/62998
Review: https:/