Merge "Opt out of the service catalog"

2013-12-06 22:26:10 +00:00 · 2013-12-06 22:26:10 +00:00 · b715fc7819
commit b715fc7819
parent fb1a985ff0 4873fcf626
2 changed files with 11 additions and 0 deletions
--- a/doc/source/overview_auth.rst
+++ b/doc/source/overview_auth.rst
@ -102,6 +102,7 @@ add the configuration for the authtoken middleware::
  admin_user = swift
  admin_password = password
  cache = swift.cache
+  include_service_catalog = False

 The actual values for these variables will need to be set depending on
 your situation.  For more information, please refer to the Keystone
@ -114,6 +115,15 @@ documentation on the ``auth_token`` middleware, but in short:
 * The admin auth credentials (``admin_user``, ``admin_tenant_name``,
  ``admin_password``) will be used to retrieve an admin token. That
  token will be used to authorize user tokens behind the scenes.
+* cache is set to ``swift.cache``. This means that the middleware
+  will get the Swift memcache from the request environment.
+* include_service_catalog defaults to True if not set. This means
+  that when validating a token, the service catalog is retrieved
+  and stored in the X-Service-Catalog header. Since Swift does not
+  use the X-Service-Catalog header, there is no point in getting
+  the service catalog. We recommend you set include_service_catalog
+  to False.
+

 .. note::

--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@ -270,6 +270,7 @@ user_test_tester3 = testing3
 # admin_password = password
 # delay_auth_decision = 1
 # cache = swift.cache
+# include_service_catalog = False
 #
 # [filter:keystoneauth]
 # use = egg:swift#keystoneauth