openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes

Add note on admin_token_auth deprecation 

The admin_token_auth middleware has been deprecated. Include a note
informing users and providing instructions on removing it from
keystone's WSGI pipelines.

Closes-Bug: 1586159
Change-Id: I4ec9e6f098585ddbfcfb7ee826e582af7a12c734
This commit is contained in:
Jimmy McCrory 2016-06-15 15:24:54 -07:00
parent 89a0d7d586
commit d27d055dbe
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
releasenotes/notes/os-keystone-admin-token-auth-deprecation-24e84a18f8a56814.yaml Normal file
View File

@ -0,0 +1,17 @@
---
security:
- |
The admin_token_auth middleware presents a potential
security risk and will be removed in a future release
of keystone. Its use can be removed by setting the
``keystone_keystone_paste_ini_overrides`` variable.
::
keystone_keystone_paste_ini_overrides:
pipeline:public_api:
pipeline: cors sizelimit osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
pipeline:admin_api:
pipeline: cors sizelimit osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
pipeline:api_v3:
pipeline: cors sizelimit osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3