Configure auth_token middleware by auth plugin
As of release 1.3 auth_token middleware can be configured to use any
authentication plugin. This allows us to move to the more generic
password mechanism which will default to using keystone v3 if available.
This will allow in future revisions to move the devstack service users
out of the default domain.
Work will need to be done in heat to remove it's dependency on the
(supposed to be private) keystone_authtoken CONF values.
Change-Id: Ieac26806bd420aa08fc79bbc6a11eb6a1c15c7df
diff --git a/lib/heat b/lib/heat
index 4e72cae..019f668 100644
--- a/lib/heat
+++ b/lib/heat
@@ -114,7 +114,18 @@
setup_colorized_logging $HEAT_CONF DEFAULT tenant user
fi
- configure_auth_token_middleware $HEAT_CONF heat $HEAT_AUTH_CACHE_DIR
+ # NOTE(jamielennox): heat re-uses specific values from the
+ # keystone_authtoken middleware group and so currently fails when using the
+ # auth plugin setup. This should be fixed in heat. Heat is also the only
+ # service that requires the auth_uri to include a /v2.0. Remove this custom
+ # setup when bug #1300246 is resolved.
+ iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
+ iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
+ iniset $HEAT_CONF keystone_authtoken admin_user heat
+ iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+ iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+ iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
+ iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
if is_ssl_enabled_service "key"; then
iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE