yahoo-eng-team team mailing list archive

[Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>]

** Changed in: nova
       Status: Fix Committed => Fix Released

** Changed in: nova
    Milestone: None => liberty-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1451605

Title:
  Ironic admin_auth_token option should be deprecated

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  The ironic driver has config options for admin_username,
  admin_password, admin_auth_token so that the ironic client can
  authenticate using the keystoneclient.

  From nova/virt/ironic/driver.py:

      cfg.StrOpt('admin_auth_token',
                 help='Ironic keystone auth token.'),

  
  The keystoneclient has deprecated admin_auth_token since Icehouse (at least) and thus the ironic driver option should similarly be deprecated.  The keystone admin token is intended only for bootstrapping keystone, no for other services to utilize.

  https://github.com/openstack/python-
  keystoneclient/blob/stable/icehouse/keystoneclient/middleware/auth_token.py#L244

      cfg.StrOpt('admin_token',
                 secret=True,
                 help='This option is deprecated and may be removed in a future'
                 ' release. Single shared secret with the Keystone configuration'
                 ' used for bootstrapping a Keystone installation, or otherwise'
                 ' bypassing the normal authentication process. This option'
                 ' should not be used, use `admin_user` and `admin_password`'
                 ' instead.'),

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1451605/+subscriptions