openstack/castellan
Code Issues Proposed changes
castellan/releasenotes/notes/barbican-service-user-11ebbfcd33dace9d.yaml
Mark Goddard 162039467a barbican key manager: Add support for service user 
This change adds support to the Barbican key manager for configuring a
service user. This can be used to provide additional security through
the combination of a user token and a service token, with appropriate
modifications to Barbican API policy.

Use of a service user is enabled via the [barbican]
send_service_user_token option, which defaults to False. When set to
True, the service user is configured via keystoneauth options in the
barbican_service_user group.

Change-Id: I143cb57c8534a8dc0a91e6e42917dd0c134170c0
2021-06-21 12:48:03 +00:00

8 lines
281 B
YAML
Raw Permalink Blame History

---
features:
- |
Adds support for using a service user with the Barbican key manager.
This is enabled via ``[barbican] send_service_user_token``, with
credentials for the service user configured via keystoneauth options in the
``[barbican_service_user]`` group.
View Git Blame Copy Permalink