Add support for using service tokens
This patch configures ironic-conductor to send a service token along
with the received user token on requests to other services. This allow
those other services to accept the request even if the user token has
been invalidated since received by Ironic. Also with this patch Ironic
will accept request from other services with invalid user tokens but
valid service tokens.
Update src/build.lock to get backported patches into
charm-helpers@stable/antelope
Closes-Bug: #1992840
Change-Id: Ie94b5ce9ba9d015a31a78bb71ce7ca786377d6d9
(cherry picked from commit c7dda3f3a8
)
This commit is contained in:
parent
0c3b72e911
commit
2af6acd1a7
|
@ -321,7 +321,7 @@
|
|||
"package": "charmhelpers",
|
||||
"url": "git+https://github.com/juju/charm-helpers.git",
|
||||
"branch": "stable/antelope",
|
||||
"version": "b9444c20fdf3dc938790ed208cd1053b60055590",
|
||||
"version": "837a8b58737d19e114ac7ac66f917101b2c01b04",
|
||||
"vcs": "git"
|
||||
},
|
||||
{
|
||||
|
@ -447,4 +447,4 @@
|
|||
"version": "6.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -33,4 +33,6 @@ signing_dir = {{ identity_credentials.signing_dir }}
|
|||
{% if options.use_memcache == true -%}
|
||||
memcached_servers = {{ options.memcache_url }}
|
||||
{% endif -%}
|
||||
service_token_roles = {{ identity_credentials.admin_role }}
|
||||
service_token_roles_required = True
|
||||
{% endif -%}
|
||||
|
|
|
@ -28,6 +28,8 @@ transport_url = {{ amqp.transport_url }}
|
|||
|
||||
{% include "parts/keystone-authtoken" %}
|
||||
|
||||
{% include "section-service-user" %}
|
||||
|
||||
[database]
|
||||
{% include "parts/database" %}
|
||||
|
||||
|
|
Loading…
Reference in New Issue