openstack
/
nova
Code Issues Proposed changes

Merge "Service token is not experimental"

This commit is contained in:
Zuul 2017-11-21 20:52:45 +00:00 committed by Gerrit Code Review
parent 24152a8f8f 1acfac0101
commit 8628c75738
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
nova/conf/service_token.py
View File

@ -20,8 +20,8 @@ service_user = cfg.OptGroup(
title = 'Service token authentication type options', title = 'Service token authentication type options',
help = """ help = """
Configuration options for service to service authentication using a service Configuration options for service to service authentication using a service
token. These options allow to send a service token along with the token. These options allow sending a service token along with the user's token
user's token when contacting external REST APIs. when contacting external REST APIs.
""" """
) )
@ -29,19 +29,16 @@ service_user_opts = [
cfg.BoolOpt('send_service_user_token', cfg.BoolOpt('send_service_user_token',
default=False, default=False,
help=""" help="""
When True, if sending a user token to an REST API, also send a service token. When True, if sending a user token to a REST API, also send a service token.
Nova often reuses the user token provided to the nova-api to talk to other Nova often reuses the user token provided to the nova-api to talk to other REST
REST APIs, such as Cinder, Glance and Neutron. It is possible that while the APIs, such as Cinder, Glance and Neutron. It is possible that while the user
user token was valid when the request was made to Nova, the token may expire token was valid when the request was made to Nova, the token may expire before
before it reaches the other service. To avoid any failures, and to it reaches the other service. To avoid any failures, and to make it clear it is
make it clear it is Nova calling the service on the users behalf, we include Nova calling the service on the user's behalf, we include a service token along
a server token along with the user token. Should the user's token have with the user token. Should the user's token have expired, a valid service
expired, a valid service token ensures the REST API request will still be token ensures the REST API request will still be accepted by the keystone
accepted by the keystone middleware. middleware.
This feature is currently experimental, and as such is turned off by default
while full testing and performance tuning of this feature is completed.
"""), """),
] ]