← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #32610

[Bug 1451605] [NEW] Ironic admin_auth_token option should be deprecated

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The ironic driver has config options for admin_username, admin_password,
admin_auth_token so that the ironic client can authenticate using the
keystoneclient.

>From nova/virt/ironic/driver.py:

    cfg.StrOpt('admin_auth_token',
               help='Ironic keystone auth token.'),


The keystoneclient has deprecated admin_auth_token since Icehouse (at least) and thus the ironic driver option should similarly be deprecated.  The keystone admin token is intended only for bootstrapping keystone, no for other services to utilize.

https://github.com/openstack/python-
keystoneclient/blob/stable/icehouse/keystoneclient/middleware/auth_token.py#L244

    cfg.StrOpt('admin_token',
               secret=True,
               help='This option is deprecated and may be removed in a future'
               ' release. Single shared secret with the Keystone configuration'
               ' used for bootstrapping a Keystone installation, or otherwise'
               ' bypassing the normal authentication process. This option'
               ' should not be used, use `admin_user` and `admin_password`'
               ' instead.'),

** Affects: nova
     Importance: Low
     Assignee: Eric Brown (ericwb)
         Status: In Progress

** Changed in: nova
     Assignee: (unassigned) => Eric Brown (ericwb)

** Changed in: nova
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1451605

Title:
  Ironic admin_auth_token option should be deprecated

Status in OpenStack Compute (Nova):
  In Progress

Bug description:
  The ironic driver has config options for admin_username,
  admin_password, admin_auth_token so that the ironic client can
  authenticate using the keystoneclient.

  From nova/virt/ironic/driver.py:

      cfg.StrOpt('admin_auth_token',
                 help='Ironic keystone auth token.'),

  
  The keystoneclient has deprecated admin_auth_token since Icehouse (at least) and thus the ironic driver option should similarly be deprecated.  The keystone admin token is intended only for bootstrapping keystone, no for other services to utilize.

  https://github.com/openstack/python-
  keystoneclient/blob/stable/icehouse/keystoneclient/middleware/auth_token.py#L244

      cfg.StrOpt('admin_token',
                 secret=True,
                 help='This option is deprecated and may be removed in a future'
                 ' release. Single shared secret with the Keystone configuration'
                 ' used for bootstrapping a Keystone installation, or otherwise'
                 ' bypassing the normal authentication process. This option'
                 ' should not be used, use `admin_user` and `admin_password`'
                 ' instead.'),

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1451605/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next