barbican/doc/source/configuration/noauth.rst
chenxing 2a58454289 Update the documentation link for doc migration
These links need to be updated due to the doc migration. Current
links are no longer effective.

Change-Id: I218995d5c8cde34286e2133a53bd7d19ae46c75d
2017-10-11 18:11:17 +08:00

1.7 KiB

No Auth barbican

As of OpenStack Newton, barbican will default to using Keystone like every other OpenStack service for identity and access control. Nonetheless, sometimes it may be useful to run barbican without any authentication service for development purposes.

To this end, barbican-api-paste.ini contains a filter pipeline without any authentication (no auth mode):

# Use this pipeline for barbican API - DEFAULT no authentication
[pipeline:barbican_api]
pipeline = unauthenticated-context apiapp

To enable this pipe line proceed as follows:

  1. Turn off any active instances of barbican

  2. Edit /etc/barbican/barbican-api-paste.ini

    Change the pipeline /v1 value from authenticated barbican-api-keystone to the unauthenticated barbican_api

    [composite:main]
    use = egg:Paste#urlmap
    /: barbican_version
    /v1: barbican_api

With every OpenStack service integrated with keystone, its API requires access token to retireve certain information and validate user's information and privileges. If you are running barbican in no auth mode, you have to specify project_id instead of an access token which was retrieved from the token instead. In case of API, replace 'X-Auth-Token: $TOKEN' with 'X-Project-Id: {project_id}' for every API request in ../api/index.

You can also find detailed explanation to run barbican client with an unauthenticated context here and run barbican CLI in no auth mode here.