diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-05-02 16:10:54 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-05-02 16:10:54 +0000 |
commit | 3653231715ed4e5ba0fd0e80615e44cba1b92ca2 (patch) | |
tree | cf56999dcff3e610c6633d9076172b1ee2e18ecc /doc | |
parent | e59eee6db5876fa86954f1cab10c667c80f35763 (diff) | |
parent | 812801561d2bb1dc8b9db3a82f0dd73bf45d7bc3 (diff) | |
download | nova-3653231715ed4e5ba0fd0e80615e44cba1b92ca2.tar.gz |
Merge "Update devref with vendordata changes."
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/vendordata.rst | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/doc/source/vendordata.rst b/doc/source/vendordata.rst index facd2fe4e1..e108e3cad5 100644 --- a/doc/source/vendordata.rst +++ b/doc/source/vendordata.rst @@ -111,6 +111,12 @@ The following data is passed to your REST service as a JSON encoded POST: | metadata | As specified by the user at boot time. | +-------------+-------------------------------------------------+ -The REST service is also passed the Keystone authentication details for the -original API request which caused this boot, which can be used by the REST -service to determine if the action is authorized. +Deployment considerations +========================= + +Nova provides authentication to external metadata services in order to provide +some level of certainty that the request came from nova. This is done by +providing a service token with the request -- you can then just deploy your +metadata service with the keystone authentication WSGI middleware. This is +configured using the keystone authentication parameters in the +``vendordata_dynamic_auth`` configuration group. |