Trove ships with a default admin_token in paste

Reviewed: https://review.openstack.org/83270
Committed: https://git.openstack.org/cgit/openstack/trove/commit/?id=ae696056fbac7d74a395710934950e0013cd4d37
Submitter: Jenkins
Branch: master

commit ae696056fbac7d74a395710934950e0013cd4d37
Author: Jamie Lennox <email address hidden>
Date: Thu Mar 27 12:08:21 2014 +1000

    Don't specify admin_token in paste config

    This is not a value that is going to be useful on other systems and
    shouldn't be included in the default pipeline.

    Closes-Bug: #1299332
    Change-Id: I714539b7536965fa08a3ddc64493b481df7397e3

Fix proposed to branch: master
Review: https://review.openstack.org/95057

It has been fixed for the sample etc file, however it managed to sneak back into some test config files that devstack uses.

Just removing the admin_token isn't a satisfying solution. There should be admin_{user,tenant_name,password}.

Absolutely all other OpenStack projects have these. Even after the above patch, I have to manually patch the trove configuration file to fix it in my package, this is annoying.

Reviewed: https://review.openstack.org/95057
Committed: https://git.openstack.org/cgit/openstack/trove/commit/?id=9db80e79ea3e687000121729648af7e79b7b2d78
Submitter: Jenkins
Branch: master

commit 9db80e79ea3e687000121729648af7e79b7b2d78
Author: Jamie Lennox <email address hidden>
Date: Fri May 23 13:02:45 2014 +1000

    Remove admin_token from configs

    A previous review removed the admin_token from the sample config file.
    It appears that devstack doesn't use that file but instead uses one of
    the .test files.

    Admin tokens are actively discouraged as a form of authenticating in
    auth_token middleware and the behaviour when using admin_token in
    combination with a username and password (as this default produces in
    devstack) can lead to problems in authentication.

    Closes-Bug: #1299332
    Change-Id: I78d2c184f7937006b808d580e3663ab055f7c5fe

Thomas, you write : "Absolutely all other OpenStack projects have these. Even after the above patch, I have to manually patch the trove configuration file to fix it in my package, this is annoying.". Could you provide a few URLs showing that ? It looks like there is a confusion between devstack needs and packaging requirement ;-)

Loic, I'm not talking about the *.test files, but really trove.conf and so on. These are the one which I care for. I don't really care about devstack (I don't use it, though I do use tempest for package validation).

Thomas,
I agree with you, and other OpenStack components (cinder, glance, neutron, etc.) also have these configs as default.
I opened a new Bug #1325482 about admin_{user,tenant_name,password}.
If you have a chance it would be great to hear any feedback.

Fix proposed to branch: stable/icehouse
Review: https://review.openstack.org/100659

Reviewed: https://review.openstack.org/100659
Committed: https://git.openstack.org/cgit/openstack/trove/commit/?id=6fd76f882f08c6c617851f460eab87d67e9df86c
Submitter: Jenkins
Branch: stable/icehouse

commit 6fd76f882f08c6c617851f460eab87d67e9df86c
Author: Jamie Lennox <email address hidden>
Date: Thu Mar 27 12:08:21 2014 +1000

    Don't specify admin_token in paste config

    This is not a value that is going to be useful on other systems and
    shouldn't be included in the default or test pipelines.

    The two similar commits were squashed together here.

    (cherry picked from commit ae696056fbac7d74a395710934950e0013cd4d37)
    (cherry picked from commit 9db80e79ea3e687000121729648af7e79b7b2d78)

    Closes-Bug: #1299332
    Change-Id: I714539b7536965fa08a3ddc64493b481df7397e3