← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1261622] [NEW] change text or behaviour of the admin token in keystone.conf

 

Public bug reported:

Given the outcome of: https://bugs.launchpad.net/keystone/+bug/1259440
And a recent colleague asking why he can't use the admin token to get a list of projects we should address the misconception surrounding this part of the keystone.conf file.

Currently, it reads:
[DEFAULT]
# A "shared secret" between keystone and other openstack services
# admin_token = ADMIN

which kind of gives the indication that it has overwhelming power, when
in fact it does not represent a user and carries no explicit
authorization that can be delegated. It's just a magical hack for
bootstrapping keystone and should be removed from the wsgi pipeline
after that.

Suggest we either clean up the comment before the admin_token, or we
actually make it usable, and let it grab the admin project/user (but if
no users or project exist... )

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1261622

Title:
  change text or behaviour of the admin token in keystone.conf

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Given the outcome of: https://bugs.launchpad.net/keystone/+bug/1259440
  And a recent colleague asking why he can't use the admin token to get a list of projects we should address the misconception surrounding this part of the keystone.conf file.

  Currently, it reads:
  [DEFAULT]
  # A "shared secret" between keystone and other openstack services
  # admin_token = ADMIN

  which kind of gives the indication that it has overwhelming power,
  when in fact it does not represent a user and carries no explicit
  authorization that can be delegated. It's just a magical hack for
  bootstrapping keystone and should be removed from the wsgi pipeline
  after that.

  Suggest we either clean up the comment before the admin_token, or we
  actually make it usable, and let it grab the admin project/user (but
  if no users or project exist... )

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1261622/+subscriptions


Follow ups

References