45 lines
1.7 KiB
ReStructuredText
45 lines
1.7 KiB
ReStructuredText
No Auth barbican
|
|
================
|
|
|
|
As of OpenStack Newton, barbican will default to using Keystone like every
|
|
other OpenStack service for identity and access control. Nonetheless, sometimes
|
|
it may be useful to run barbican without any authentication service for
|
|
development purposes.
|
|
|
|
To this end, `barbican-api-paste.ini` contains a filter pipeline
|
|
without any authentication (no auth mode):
|
|
|
|
.. code-block:: ini
|
|
|
|
# Use this pipeline for barbican API - DEFAULT no authentication
|
|
[pipeline:barbican_api]
|
|
pipeline = unauthenticated-context apiapp
|
|
|
|
To enable this pipe line proceed as follows:
|
|
|
|
1. Turn off any active instances of barbican
|
|
|
|
2. Edit ``/etc/barbican/barbican-api-paste.ini``
|
|
|
|
Change the pipeline ``/v1`` value from authenticated ``barbican-api-keystone``
|
|
to the unauthenticated ``barbican_api``
|
|
|
|
.. code-block:: ini
|
|
|
|
[composite:main]
|
|
use = egg:Paste#urlmap
|
|
/: barbican_version
|
|
/v1: barbican_api
|
|
|
|
With every OpenStack service integrated with keystone, its API requires access
|
|
token to retireve certain information and validate user's information and
|
|
privileges. If you are running barbican in no auth mode, you have to specify
|
|
project_id instead of an access token which was retrieved from the token
|
|
instead. In case of API, replace ``'X-Auth-Token: $TOKEN'`` with
|
|
``'X-Project-Id: {project_id}'`` for every API request in :doc:`../api/index`.
|
|
|
|
You can also find detailed explanation to run barbican client with an
|
|
unauthenticated context
|
|
`here <https://docs.openstack.org/python-barbicanclient/latest/cli/authentication.html#unauthenticated-context>`__ and run barbican CLI in no auth mode
|
|
`here <https://docs.openstack.org/python-barbicanclient/latest/cli/authentication.html#no-auth-mode>`__.
|