Add support for using service tokens
This patch configures ironic-conductor to send a service token along
with the received user token on requests to other services. This allow
those other services to accept the request even if the user token has
been invalidated since received by Ironic. Also with this patch Ironic
will accept request from other services with invalid user tokens but
valid service tokens.
Update src/build.lock to get backported patches into
charm-helpers@stable/zed
Closes-Bug: #1992840
Change-Id: Ie94b5ce9ba9d015a31a78bb71ce7ca786377d6d9
(cherry picked from commit c7dda3f3a8
)
This commit is contained in:
parent
e19cc9410d
commit
aa73b57b9c
|
@ -417,7 +417,7 @@
|
|||
"package": "charmhelpers",
|
||||
"url": "git+https://github.com/juju/charm-helpers.git",
|
||||
"branch": "stable/zed",
|
||||
"version": "4f884fa39609e55a04348a44baa6b0ac3336bd08",
|
||||
"version": "ab5dfd7973375500da59122b14fabab376a705c6",
|
||||
"vcs": "git"
|
||||
},
|
||||
{
|
||||
|
|
|
@ -33,4 +33,6 @@ signing_dir = {{ identity_credentials.signing_dir }}
|
|||
{% if options.use_memcache == true -%}
|
||||
memcached_servers = {{ options.memcache_url }}
|
||||
{% endif -%}
|
||||
service_token_roles = {{ identity_credentials.admin_role }}
|
||||
service_token_roles_required = True
|
||||
{% endif -%}
|
||||
|
|
|
@ -28,6 +28,8 @@ transport_url = {{ amqp.transport_url }}
|
|||
|
||||
{% include "parts/keystone-authtoken" %}
|
||||
|
||||
{% include "section-service-user" %}
|
||||
|
||||
[database]
|
||||
{% include "parts/database" %}
|
||||
|
||||
|
|
Loading…
Reference in New Issue