Comment 2 for bug 921814

We discussed this on bugsquash day...some observations:

- The create call is asynchronous. At the time of the call, there
is no way for the API node to determine whether the backend(s) even
support adminPass, so a check isn't viable.

- if adminPass _is_ specified, it might be ignored depending on the
hypervisor configurations.

- if adminPass is not specified, a generated one is returned, although
  it too might be ignored.

The strawman proposal for a fix is:

1) Add a new bool configuration flag 'enable_instance_password'
2) Change the API to return an error when a password is passed in,
   unless the flag is set.

The intent is to indicate that additional configuration is needed to
support adminPass. This would affect create, and probably the rebuild
and change_password calls as well.

This would be a stopgap until https://bugs.launchpad.net/nova/+bug/767202
is fixed.

, and at
- Theres no obvious way to indicate the returned password may not be valide