diff options
author | Kristi Nikolla <knikolla@bu.edu> | 2017-09-19 15:53:09 -0400 |
---|---|---|
committer | Kristi Nikolla <kristi@nikolla.me> | 2018-07-05 15:13:29 +0000 |
commit | 5fa536e6c51c22ab1cce958fb69a9eb7285ea607 (patch) | |
tree | 0d641fbbed263f297c24e6fe5c21315e7e18ae1b /doc | |
parent | d1b7a1f0922419f956001f4bf14ad3e77449c860 (diff) | |
download | keystonemiddleware-5fa536e6c51c22ab1cce958fb69a9eb7285ea607.tar.gz |
Document endpoint interface and region behavior
After some debugging following [0] to figure out why ksm was
not connecting to the specified auth_url, found out that
ksm connects to the identity server on the 'admin' interface
[1] after authenticating with auth_url and fetching the catalog if
keystoneauth is being used. Otherwise it connects on identity_uri
and disregards the service catalog [2]. This behavior was not
documented.
[0]. http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2017-09-19.log.html#t2017-09-19T17:50:06
[1]. https://github.com/openstack/keystonemiddleware/blob/d1b7a1f0922419f956001f4bf14ad3e77449c860/keystonemiddleware/auth_token/__init__.py#L936-L938
[2]. https://github.com/openstack/keystonemiddleware/blob/d1b7a1f0922419f956001f4bf14ad3e77449c860/keystonemiddleware/auth_token/_auth.py#L121-L130
Change-Id: Ide40835de856012ac4dd71975beac9d32771f356
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/middlewarearchitecture.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/source/middlewarearchitecture.rst b/doc/source/middlewarearchitecture.rst index e9ec7c8..b613805 100644 --- a/doc/source/middlewarearchitecture.rst +++ b/doc/source/middlewarearchitecture.rst @@ -177,6 +177,11 @@ when ``auth_plugin`` is set to ``password``. auth_url = http://127.0.0.1:35357 # Any of the options that could be set in api-paste.ini can be set here. +If using an ``auth_plugin``, connection to the Identity service will be +established on the ``admin`` interface as registered in the service catalog. +In the case where you are using an ``auth_plugin`` and have multiple regions, +also specify the ``region_name`` option to fetch the correct endpoint. + If the service doesn't use the global oslo.config object (CONF), then the oslo config project name can be set it in paste config and keystonemiddleware will load the project configuration itself. |