Comment 12 for bug 1658821

Revision history for this message
Takeshi Matsuda (matsuda-2357) wrote :

Hi Zhiqiang,

Thank you for your explanation.
What customer want are:
- to use these utilities as they use in R2.21.x (from the view point of convenience)
    -> Reading from /etc/contrail/contrail-keystone-auth.conf by default is customer's suggestion.
- not to exposure the credential on the terminal (from the view point of security)

I think that the default values of "--admin" and "--admin-password" (admin/contrail123) are worthless because no customer should use this credential.
So, how do you think about the following idea?

(1) giving the highest priority to --admin/--admin-password only when they are specified in the command line.
(2) if --admin/--admin-password are not specified and --conf-file is specified, read the file specified by --conf-file.
(3) if any of --admin/--admin-password/--conf-file are not specified, read the default conf file.
(4) if any options are not specified and the credential cannot be read from the default conf file, try without credential(authentication should fail).

Regards,
Takeshi Matsuda