Allow attribute for deferred_auth_method
We should switch to using deferred_auth_method=trusts by default, for the following reasons: - It's more secure, we won't have to store username/password anymore - It's better for users, because they won't have to provide a username/password anymore, e.g the box in horizon where we force them to enter a password even though horizon is already passing us a token. Change-Id: I04634d065c785a13991a9a4ac76e544d7a6f34fe Closes-Bug: #1429722
This commit is contained in:
parent
8ca986118d
commit
98b51e2e64
|
@ -147,6 +147,9 @@ default['openstack']['orchestration']['stack_user_domain_name'] = nil
|
||||||
# users and projects in the stack_user_domain. (string value)
|
# users and projects in the stack_user_domain. (string value)
|
||||||
default['openstack']['orchestration']['stack_domain_admin'] = nil
|
default['openstack']['orchestration']['stack_domain_admin'] = nil
|
||||||
|
|
||||||
|
# Select deferred auth method, stored password or trusts.
|
||||||
|
default['openstack']['orchestration']['deferred_auth_method'] = 'trusts'
|
||||||
|
|
||||||
# If set, heat API service will bind to the address on this interface,
|
# If set, heat API service will bind to the address on this interface,
|
||||||
# otherwise it will bind to the API endpoint's host.
|
# otherwise it will bind to the API endpoint's host.
|
||||||
default['openstack']['orchestration']['api']['bind_interface'] = nil
|
default['openstack']['orchestration']['api']['bind_interface'] = nil
|
||||||
|
|
|
@ -331,6 +331,7 @@ shared_examples 'expects to create heat conf' do
|
||||||
/^admin_user=heat$/,
|
/^admin_user=heat$/,
|
||||||
/^admin_password=heat-pass$/,
|
/^admin_password=heat-pass$/,
|
||||||
/^admin_tenant_name=service$/,
|
/^admin_tenant_name=service$/,
|
||||||
|
/^deferred_auth_method=trusts$/,
|
||||||
%r{^signing_dir=/var/cache/heat$},
|
%r{^signing_dir=/var/cache/heat$},
|
||||||
/^region_name_for_services=RegionOne$/
|
/^region_name_for_services=RegionOne$/
|
||||||
].each do |line|
|
].each do |line|
|
||||||
|
|
|
@ -35,7 +35,9 @@
|
||||||
|
|
||||||
# Select deferred auth method, stored password or trusts.
|
# Select deferred auth method, stored password or trusts.
|
||||||
# (string value)
|
# (string value)
|
||||||
#deferred_auth_method=password
|
<% if node['openstack']['orchestration']['deferred_auth_method'] -%>
|
||||||
|
deferred_auth_method=<%= node['openstack']['orchestration']['deferred_auth_method'] %>
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
# Subset of trustor roles to be delegated to heat. (list
|
# Subset of trustor roles to be delegated to heat. (list
|
||||||
# value)
|
# value)
|
||||||
|
|
Loading…
Reference in New Issue