Support automatic token rotation for Openstack #227
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* By default Openstack's API tokens are only valid for 1 hour and AFAIK there is no way to generate tokens with long duration. This PR modifies the config accepted by Openstack manager and takes auth object as input. This auth object will be used to generate and rotate API tokens for every 1 hour. *We accept the same auth object as Openstack so we pass this object to keystone transparently which allows us to support all forms of auth object without much code. It is the user's responsibility to pass correct auth object to clusters config. * Add new handlers for mock servers and modify test resources appropriately * Update docs Signed-off-by: Mahendra Paipuri <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By default Openstack's API tokens are only valid for 1 hour and AFAIK there is no way to generate tokens with long duration. This PR modifies the config accepted by Openstack manager and takes auth object as input. This auth object will be used to generate and rotate API tokens for every 1 hour.
We accept the same auth object as Openstack so we pass this object to keystone transparently which allows us to support all forms of auth object without much code. It is the user's responsibility to pass correct auth object to clusters config.
Add new handlers for mock servers and modify test resources appropriately
Update docs