From 0ed9e206ed1c6271121d3acf52a6bf757411286b Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Thu, 9 Jun 2016 12:43:34 +0300
Subject: [PATCH] Ensure service_token_off is set in save-only

Deletes keystone service token after deploying
keystone to minimize security risk.

This additional patch is required because save only
and normal application modes configure settings
independently. In master branch, this is already
functioning together without requiring this patch.

Change-Id: I70f10f46330a5d1fbaeb8812299747660017569b
Depends-On: I776644f727ce086369954f383a09b48b60bf11a5
Closes-Bug: #1582893
---
 fuelmenu/fuelmenu.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fuelmenu/fuelmenu.py b/fuelmenu/fuelmenu.py
index 4669b51..ecbe02e 100755
--- a/fuelmenu/fuelmenu.py
+++ b/fuelmenu/fuelmenu.py
@@ -421,6 +421,7 @@ def save_only(iface, settingsfile=consts.SETTINGS_FILE):
             "keystone/nailgun_password": pwgen.password(),
             "keystone/monitord_user": "monitord",
             "keystone/monitord_password": pwgen.password(),
+            "keystone/service_token_off": "true",
             "mcollective/user": "mcollective",
             "mcollective/password": pwgen.password(),
             "postgres/keystone_dbname": "keystone",