From 254811b184068647fde8ba6983fe19c2eeb6be1c Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Tue, 1 Oct 2019 21:28:48 +0100 Subject: [PATCH] Add application credentials as a default authentication method Change-Id: I3fd50b45ad0f7cb0f7ee0d9eb70053c04e5d721f --- defaults/main.yml | 2 +- releasenotes/notes/app-credentials-709e7ae0573b4955.yaml | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/app-credentials-709e7ae0573b4955.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 379c960d..2c958992 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -60,7 +60,7 @@ keystone_system_comment: keystone system user keystone_system_user_home: "/var/lib/{{ keystone_system_user_name }}" ## Drivers -keystone_auth_methods: "password,token" +keystone_auth_methods: "password,token,application_credential" keystone_identity_driver: sql keystone_token_provider: fernet keystone_token_expiration: 43200 diff --git a/releasenotes/notes/app-credentials-709e7ae0573b4955.yaml b/releasenotes/notes/app-credentials-709e7ae0573b4955.yaml new file mode 100644 index 00000000..3e1b8a1d --- /dev/null +++ b/releasenotes/notes/app-credentials-709e7ae0573b4955.yaml @@ -0,0 +1,7 @@ +--- +upgrade: + - | + Application credentials are now enabled by default as a keystone + authentication method. If deployments do not wish to enable + application credentials then the existing keystone_auth_methods variable + can be overidden with the required set of authentication methods.