Merge "Configurable token hashing algorithm"
diff --git a/lib/horizon b/lib/horizon
index a422529..c0c3f82 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -112,6 +112,9 @@
_horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
_horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""
+ if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
+ _horizon_config_set $local_settings "" OPENSTACK_TOKEN_HASH_ALGORITHM \""$KEYSTONE_TOKEN_HASH_ALGORITHM"\"
+ fi
if [ -f $SSL_BUNDLE_FILE ]; then
_horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"
diff --git a/lib/keystone b/lib/keystone
index 2b2f31c..06f6735 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -296,6 +296,10 @@
iniset $KEYSTONE_CONF DEFAULT admin_workers "$API_WORKERS"
# Public workers will use the server default, typically number of CPU.
+
+ if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
+ iniset $KEYSTONE_CONF token hash_algorithm "$KEYSTONE_TOKEN_HASH_ALGORITHM"
+ fi
}
function configure_keystone_extensions {
@@ -417,6 +421,9 @@
iniset $conf_file $section admin_user $admin_user
iniset $conf_file $section admin_password $SERVICE_PASSWORD
iniset $conf_file $section signing_dir $signing_dir
+ if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
+ iniset $conf_file keystone_authtoken hash_algorithms "$KEYSTONE_TOKEN_HASH_ALGORITHM"
+ fi
}
# init_keystone() - Initialize databases, etc.