From d27d055dbe2857dde236c8c8e6df5f530cc83efa Mon Sep 17 00:00:00 2001 From: Jimmy McCrory Date: Wed, 15 Jun 2016 15:24:54 -0700 Subject: [PATCH] Add note on admin_token_auth deprecation The admin_token_auth middleware has been deprecated. Include a note informing users and providing instructions on removing it from keystone's WSGI pipelines. Closes-Bug: 1586159 Change-Id: I4ec9e6f098585ddbfcfb7ee826e582af7a12c734 --- ...token-auth-deprecation-24e84a18f8a56814.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 releasenotes/notes/os-keystone-admin-token-auth-deprecation-24e84a18f8a56814.yaml diff --git a/releasenotes/notes/os-keystone-admin-token-auth-deprecation-24e84a18f8a56814.yaml b/releasenotes/notes/os-keystone-admin-token-auth-deprecation-24e84a18f8a56814.yaml new file mode 100644 index 00000000..9b9e057b --- /dev/null +++ b/releasenotes/notes/os-keystone-admin-token-auth-deprecation-24e84a18f8a56814.yaml @@ -0,0 +1,17 @@ +--- +security: + - | + The admin_token_auth middleware presents a potential + security risk and will be removed in a future release + of keystone. Its use can be removed by setting the + ``keystone_keystone_paste_ini_overrides`` variable. + + :: + + keystone_keystone_paste_ini_overrides: + pipeline:public_api: + pipeline: cors sizelimit osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service + pipeline:admin_api: + pipeline: cors sizelimit osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service + pipeline:api_v3: + pipeline: cors sizelimit osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3