OpenStack Identity (keystone)

re-add admin_password/admin_user support to auth_token middleware

Bug #939015 reported by Dan Prince
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Undecided
Dan Prince
OpenStack Identity (keystone) 2012.1 "essex"

Bug Description

Support for 'admin_user' and 'admin_password' was removed from the auth_token middleware with the KSL merge.

Dan Prince (dan-prince)
Changed in keystone:
assignee: nobody → Dan Prince (dan-prince)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/4427

Revision history for this message
Jesse Andrews (anotherjesse) wrote :

Perhaps see https://bugs.launchpad.net/keystone/+bug/938253

Revision history for this message
Chmouel Boudjnah (chmouel) wrote :

I am not entirely sure what that variable does but it seems to be a bit more spread than in just the tokenauth middleware:

http://sprunge.us/dWLX

(there is no such varibles in current keystone)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/4427
Committed: http://github.com/openstack/keystone/commit/08a3060bade8f14c2f81d4d502d27f097b016b93
Submitter: Jenkins
Branch: master

commit 08a3060bade8f14c2f81d4d502d27f097b016b93
Author: Dan Prince <email address hidden>
Date: Tue Feb 21 12:19:46 2012 -0500

    Re-adds admin_pass/user to auth_tok middleware.

    Re-adds support for 'admin_user' and 'admin_password' options to
    the auth_token middleware. This was removed in KSL.

    Fixes LP bug #939015.
    Change-Id: Ia6eb8ccf65777175964c1c1d2e58b8de54062d67

Changed in keystone:
status: In Progress → Fix Committed
Revision history for this message
Dan Prince (dan-prince) wrote :

Chmouel:

The use case for this feature is to be able to configure auth_token middleware in Nova, Glance, etc. like this (without using a an admin_token):

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_user = admin
admin_password = AABBCC112233

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/4438

Changed in keystone:
status: Fix Committed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/4438
Committed: http://github.com/openstack/keystone/commit/6c60d6c783656f35657b6cb462d93390fc689ac0
Submitter: Jenkins
Branch: master

commit 6c60d6c783656f35657b6cb462d93390fc689ac0
Author: Dan Prince <email address hidden>
Date: Wed Feb 22 22:28:42 2012 -0500

    Set tenantName to 'admin' in get_admin_auth_token.

    Sets the tenantName to 'admin' in get_admin_auth_token. This
    is required because user-only roles are currently not supported.
    Give that wsgi is hard coded to check for 'role:admin' this
    seems to be a reasonable thing to do. In the future it would be nice
    to add a custom admin_role setting in the config file so the
    role wouldn't be hard coded to 'admin'.

    Also removes unused version of get_admin_auth_token.

    Fixes LP Bug #939015.

    Change-Id: I545b458e31c8a44a5a69cad1e875f0fe02956246

Changed in keystone:
status: In Progress → Fix Committed
Joseph Heck (heckj)
Changed in keystone:
milestone: none → essex-4
Thierry Carrez (ttx)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: essex-4 → 2012.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.