Ironic admin_auth_token option should be deprecated

Bug #1451605 reported by Eric Brown
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Low
Eric Brown

Bug Description

The ironic driver has config options for admin_username, admin_password, admin_auth_token so that the ironic client can authenticate using the keystoneclient.

From nova/virt/ironic/driver.py:

    cfg.StrOpt('admin_auth_token',
               help='Ironic keystone auth token.'),

The keystoneclient has deprecated admin_auth_token since Icehouse (at least) and thus the ironic driver option should similarly be deprecated. The keystone admin token is intended only for bootstrapping keystone, no for other services to utilize.

https://github.com/openstack/python-keystoneclient/blob/stable/icehouse/keystoneclient/middleware/auth_token.py#L244

    cfg.StrOpt('admin_token',
               secret=True,
               help='This option is deprecated and may be removed in a future'
               ' release. Single shared secret with the Keystone configuration'
               ' used for bootstrapping a Keystone installation, or otherwise'
               ' bypassing the normal authentication process. This option'
               ' should not be used, use `admin_user` and `admin_password`'
               ' instead.'),

Tags: ironic
Eric Brown (ericwb)
Changed in nova:
assignee: nobody → Eric Brown (ericwb)
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/179960

Changed in nova:
status: New → In Progress
Michael Still (mikal)
tags: added: ironic
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/179960
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=317d9d8f13e8a34af189504ae1258d315154cc82
Submitter: Jenkins
Branch: master

commit 317d9d8f13e8a34af189504ae1258d315154cc82
Author: Eric Brown <email address hidden>
Date: Mon May 4 15:30:58 2015 -0700

    Deprecate nova ironic driver's admin_auth_token

    The admin_auth_token config option is deprecated in the keystone
    client and should similarly be deprecated in the ironic driver.

    Change-Id: Ia9981b831ed9159ca3a01a8bb9d5eab7309f9a65
    Closes-Bug: #1451605

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → liberty-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: liberty-1 → 12.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers