Support fernet token provider
Keystone added the "fernet" token provider in Kilo. This adds
support for it.
Change-Id: I6b7342ea67157a40edc8b9ba3d84d118e39d86ed
diff --git a/lib/keystone b/lib/keystone
index 7a949cf..99e31b4 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -313,6 +313,8 @@
iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
# Public workers will use the server default, typically number of CPU.
+
+ iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
}
function configure_keystone_extensions {
@@ -476,11 +478,15 @@
$KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}"
done
- if [[ "$KEYSTONE_TOKEN_FORMAT" != "uuid" ]]; then
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then
# Set up certificates
rm -rf $KEYSTONE_CONF_DIR/ssl
$KEYSTONE_BIN_DIR/keystone-manage pki_setup
fi
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
+ rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
+ $KEYSTONE_BIN_DIR/keystone-manage fernet_setup
+ fi
}
# install_keystoneclient() - Collect source and prepare