Add support for using service tokens
This patch configures ironic-api to send a service token along with the
received user token on requests to other services. This allow those
other services to accept the request even if the user token has been
invalidated since received by Ironic. Also with this patch Ironic will
accept request from other services with invalid user tokens but valid
service tokens.
Update src/build.lock to get backported patches into
charm-helpers@stable/yoga
Closes-Bug: #1992840
Change-Id: Ic84e4706b93c38916e89b91dfc30bf32396e5213
(cherry picked from commit 02b7180a6b
)
This commit is contained in:
parent
8cb57f07ac
commit
fca3372744
|
@ -225,7 +225,7 @@
|
|||
"package": "charmhelpers",
|
||||
"url": "git+https://github.com/juju/charm-helpers.git",
|
||||
"branch": "refs/heads/stable/yoga",
|
||||
"version": "971ac5117c96bd1cb4a6a520787e4509564da582",
|
||||
"version": "32772ff502e179027f46daaa04729a2f5d49f5e5",
|
||||
"vcs": "git"
|
||||
},
|
||||
{
|
||||
|
@ -235,4 +235,4 @@
|
|||
"version": "2.0.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,4 +32,6 @@ signing_dir = {{ identity_service.signing_dir }}
|
|||
{% if options.use_memcache == true -%}
|
||||
memcached_servers = {{ options.memcache_url }}
|
||||
{% endif -%}
|
||||
service_token_roles = {{ identity_service.admin_role }}
|
||||
service_token_roles_required = True
|
||||
{% endif -%}
|
||||
|
|
|
@ -8,6 +8,8 @@ transport_url = {{ amqp.transport_url }}
|
|||
|
||||
{% include "parts/keystone-authtoken" %}
|
||||
|
||||
{% include "section-service-user" %}
|
||||
|
||||
[api]
|
||||
port = {{ options.service_listen_info.ironic_api.port }}
|
||||
|
||||
|
|
Loading…
Reference in New Issue