Allow attribute for deferred_auth_method
We should switch to using deferred_auth_method=trusts by default, for the following reasons: - It's more secure, we won't have to store username/password anymore - It's better for users, because they won't have to provide a username/password anymore, e.g the box in horizon where we force them to enter a password even though horizon is already passing us a token. Change-Id: I04634d065c785a13991a9a4ac76e544d7a6f34fe Closes-Bug: #1429722
This commit is contained in:
parent
8ca986118d
commit
98b51e2e64
|
@ -147,6 +147,9 @@ default['openstack']['orchestration']['stack_user_domain_name'] = nil
|
|||
# users and projects in the stack_user_domain. (string value)
|
||||
default['openstack']['orchestration']['stack_domain_admin'] = nil
|
||||
|
||||
# Select deferred auth method, stored password or trusts.
|
||||
default['openstack']['orchestration']['deferred_auth_method'] = 'trusts'
|
||||
|
||||
# If set, heat API service will bind to the address on this interface,
|
||||
# otherwise it will bind to the API endpoint's host.
|
||||
default['openstack']['orchestration']['api']['bind_interface'] = nil
|
||||
|
|
|
@ -331,6 +331,7 @@ shared_examples 'expects to create heat conf' do
|
|||
/^admin_user=heat$/,
|
||||
/^admin_password=heat-pass$/,
|
||||
/^admin_tenant_name=service$/,
|
||||
/^deferred_auth_method=trusts$/,
|
||||
%r{^signing_dir=/var/cache/heat$},
|
||||
/^region_name_for_services=RegionOne$/
|
||||
].each do |line|
|
||||
|
|
|
@ -35,7 +35,9 @@
|
|||
|
||||
# Select deferred auth method, stored password or trusts.
|
||||
# (string value)
|
||||
#deferred_auth_method=password
|
||||
<% if node['openstack']['orchestration']['deferred_auth_method'] -%>
|
||||
deferred_auth_method=<%= node['openstack']['orchestration']['deferred_auth_method'] %>
|
||||
<% end -%>
|
||||
|
||||
# Subset of trustor roles to be delegated to heat. (list
|
||||
# value)
|
||||
|
|
Loading…
Reference in New Issue