Browse code
Support fernet token provider
Keystone added the "fernet" token provider in Kilo. This adds
support for it.
Change-Id: I6b7342ea67157a40edc8b9ba3d84d118e39d86ed
Brant Knudson authored on 2015/06/26 07:57:53Showing 1 changed files
| ... | ... |
@@ -313,6 +313,8 @@ function configure_keystone {
|
| 313 | 313 |
|
| 314 | 314 |
iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS" |
| 315 | 315 |
# Public workers will use the server default, typically number of CPU. |
| 316 |
+ |
|
| 317 |
+ iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/" |
|
| 316 | 318 |
} |
| 317 | 319 |
|
| 318 | 320 |
function configure_keystone_extensions {
|
| ... | ... |
@@ -476,11 +478,15 @@ function init_keystone {
|
| 476 | 476 |
$KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}"
|
| 477 | 477 |
done |
| 478 | 478 |
|
| 479 |
- if [[ "$KEYSTONE_TOKEN_FORMAT" != "uuid" ]]; then |
|
| 479 |
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then |
|
| 480 | 480 |
# Set up certificates |
| 481 | 481 |
rm -rf $KEYSTONE_CONF_DIR/ssl |
| 482 | 482 |
$KEYSTONE_BIN_DIR/keystone-manage pki_setup |
| 483 | 483 |
fi |
| 484 |
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then |
|
| 485 |
+ rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/" |
|
| 486 |
+ $KEYSTONE_BIN_DIR/keystone-manage fernet_setup |
|
| 487 |
+ fi |
|
| 484 | 488 |
} |
| 485 | 489 |
|
| 486 | 490 |
# install_keystoneclient() - Collect source and prepare |