tripleo

Migrate use of admin_token

Bug #1665287 reported by Luke Hinds on 2017-02-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Expired	Undecided	Unassigned	tripleo stein-2

Bug Description

`admin_token` is depreciated and recently removed from in paste-ini [1] with a recommendation is to move to using bootstrap. It will be removed entirely by keystone.

The current occurrences of admin_token are:

    $ grep -R AdminToken ./* | cut -d: -f1 | sort | uniq
    ./ceph-rgw.yaml
    ./keystone.yaml
    ./network/contrail-base.yaml
    ./neutron-midonet.yaml
    ./neutron-plugin-opencontrail.yaml

ceph/rgw have already proposed and merged a patch [2]

[1] https://review.openstack.org/#/c/427878/

[2] https://review.openstack.org/#/c/405625/

excerpt from keystone.conf

# Using this feature is *NOT* recommended. Instead, use the `keystone-manage
# bootstrap` command. The value of this option is treated as a "shared secret"
# that can be used to bootstrap Keystone through the API. This "token" does not
# represent a user (it has no identity), and carries no explicit authorization
# (it effectively bypasses most authorization checks). If set to `None`, the
# value is ignored and the `admin_token` middleware is effectively disabled.
# However, to completely disable `admin_token` in production (highly
# recommended, as it presents a security risk), remove
# `AdminTokenAuthMiddleware` (the `admin_token_auth` filter) from your paste
# application pipelines (for example, in `keystone-paste.ini`). (string value)

# This is deprecated in the M release and will be removed in the O release.
# Use `keystone-manage bootstrap` and remove this from the pipelines below.

Tags:

Luke Hinds (lhinds) on 2017-02-16

Changed in tripleo:
milestone:	none → pike-3
importance:	Undecided → High

Revision history for this message

Emilien Macchi (emilienm) wrote on 2017-02-17:

Excellent thing. I wanted to propose it for a while. Thanks!

Changed in tripleo:
milestone:	pike-3 → pike-1

Emilien Macchi (emilienm) on 2017-04-11

Changed in tripleo:
milestone:	pike-1 → pike-2

Emilien Macchi (emilienm) on 2017-06-08

Changed in tripleo:
milestone:	pike-2 → pike-3

Emilien Macchi (emilienm) on 2017-07-30

Changed in tripleo:
milestone:	pike-3 → pike-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-14: Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/493524

Changed in tripleo:
assignee:	nobody → Christopher Brown (snecklifter)
status:	Triaged → In Progress

Emilien Macchi (emilienm) on 2017-08-25

Changed in tripleo:
milestone:	pike-rc1 → pike-rc2

Emilien Macchi (emilienm) on 2017-09-05

Changed in tripleo:
milestone:	pike-rc2 → queens-1

Emilien Macchi (emilienm) on 2017-10-23

Changed in tripleo:
milestone:	queens-1 → queens-2

Alex Schultz (alex-schultz) on 2017-12-05

Changed in tripleo:
milestone:	queens-2 → queens-3

Emilien Macchi (emilienm) on 2018-01-26

Changed in tripleo:
milestone:	queens-3 → queens-rc1

OpenStack Infra (hudson-openstack) on 2018-02-20

Changed in tripleo:
assignee:	Christopher Brown (snecklifter) → Alex Schultz (alex-schultz)

Alex Schultz (alex-schultz) on 2018-03-02

Changed in tripleo:
milestone:	queens-rc1 → rocky-1

Alex Schultz (alex-schultz) on 2018-04-20

Changed in tripleo:
milestone:	rocky-1 → rocky-2

Emilien Macchi (emilienm) on 2018-06-05

Changed in tripleo:
milestone:	rocky-2 → rocky-3

Emilien Macchi (emilienm) on 2018-07-26

Changed in tripleo:
milestone:	rocky-3 → rocky-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-31: Change abandoned on tripleo-heat-templates (master)

Change abandoned by Alex Schultz (<email address hidden>) on branch: master
Review: https://review.openstack.org/493524
Reason: Abandoning this patch per the TripleO Patch Abandonment guidelines (https://specs.openstack.org/openstack/tripleo-specs/specs/policy/patch-abandonment.html). If you wish to have this restored and cannot do so yourself, please reach out via #tripleo on freenode or the OpenStack Dev mailing list.

Alex Schultz (alex-schultz) on 2018-07-31

Changed in tripleo:
status:	In Progress → Triaged
assignee:	Alex Schultz (alex-schultz) → nobody

Alex Schultz (alex-schultz) on 2018-08-14

Changed in tripleo:
milestone:	rocky-rc1 → stein-1

Juan Antonio Osorio Robles (juan-osorio-robles) on 2018-10-30

Changed in tripleo:
milestone:	stein-1 → stein-2

Revision history for this message

Emilien Macchi (emilienm) wrote on 2018-12-29: Cleanup EOL bug report

This is an automated cleanup. This bug report has been closed because it
is older than 18 months and there is no open code change to fix this.
After this time it is unlikely that the circumstances which lead to
the observed issue can be reproduced.

If you can reproduce the bug, please:
* reopen the bug report (set to status "New")
* AND add the detailed steps to reproduce the issue (if applicable)
* AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>"
Only still supported release names are valid (FUTURE, PIKE, QUEENS, ROCKY, STEIN).
Valid example: CONFIRMED FOR: FUTURE

Changed in tripleo:
importance:	High → Undecided
status:	Triaged → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.