openstack/devstack
Code Issues Proposed changes

Support fernet token provider

Browse Source 
Keystone added the "fernet" token provider in Kilo. This adds
support for it.

Change-Id: I6b7342ea67157a40edc8b9ba3d84d118e39d86ed
This commit is contained in:
Brant Knudson 2015-06-25 17:57:53 -05:00
parent c782781a4c
commit cef5e40e0c
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/keystone
View File

@ -313,6 +313,8 @@ function configure_keystone {
iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS" iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
# Public workers will use the server default, typically number of CPU. # Public workers will use the server default, typically number of CPU.
iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
} }
function configure_keystone_extensions { function configure_keystone_extensions {
@ -476,11 +478,15 @@ function init_keystone {
$KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}" $KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}"
done done
if [[ "$KEYSTONE_TOKEN_FORMAT" != "uuid" ]]; then if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then
# Set up certificates # Set up certificates
rm -rf $KEYSTONE_CONF_DIR/ssl rm -rf $KEYSTONE_CONF_DIR/ssl
$KEYSTONE_BIN_DIR/keystone-manage pki_setup $KEYSTONE_BIN_DIR/keystone-manage pki_setup
fi fi
if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
$KEYSTONE_BIN_DIR/keystone-manage fernet_setup
fi
} }
# install_keystoneclient() - Collect source and prepare # install_keystoneclient() - Collect source and prepare