yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1261622] Re: change text or behaviour of the admin token in keystone.conf

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 22 Jan 2014 15:46:20 -0000
Reply-to: Bug 1261622 <1261622@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => icehouse-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1261622

Title:
  change text or behaviour of the admin token in keystone.conf

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  Given the outcome of: https://bugs.launchpad.net/keystone/+bug/1259440
  And a recent colleague asking why he can't use the admin token to get a list of projects we should address the misconception surrounding this part of the keystone.conf file.

  Currently, it reads:
  [DEFAULT]
  # A "shared secret" between keystone and other openstack services
  # admin_token = ADMIN

  which kind of gives the indication that it has overwhelming power,
  when in fact it does not represent a user and carries no explicit
  authorization that can be delegated. It's just a magical hack for
  bootstrapping keystone and should be removed from the wsgi pipeline
  after that.

  Suggest we either clean up the comment before the admin_token, or we
  actually make it usable, and let it grab the admin project/user (but
  if no users or project exist... )

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1261622/+subscriptions

References

[Bug 1261622] [NEW] change text or behaviour of the admin token in keystone.conf
From: Steve Martinelli, 2013-12-17