forked from redhat-openstack/openstack-puppet-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
engine: configure deferred authentication method
The default deferred_auth_method of password is deprecated as of Icehouse, so although it is still the default, deployers are strongly encouraged to move to using deferred_auth_method=trusts, which is planned to become the default for Juno. * It avoids storing user credentials in the heat database * It removes the need to provide a password as well as a token on stack create * It limits the actions the heat service user can perform on a users behalf. This patch aims to: * Set deferred_auth_method = trusts in /etc/heat/heat.conf for engine * Specify the roles to be delegated to the heat service user (trusts_delegated_roles in heat.conf, defaults to heat_stack_owner which will be referred to in the following instructions. You may wish to modify this list of roles to suit your local RBAC policies) * Create the role(s) in Keystone (optional and enabled by default). Change-Id: I99eaf29473bc4e70017580b3b340c24093aa0619
- Loading branch information
Emilien Macchi
committed
Oct 8, 2014
1 parent
e9e1ba0
commit 0e6d7ea
Showing
2 changed files
with
41 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters