上QQ阅读APP看书,第一时间看更新
The authorization model configuration
Heat used to support the password-based authorization until the kilo version of OpenStack was released. Using the kilo version of OpenStack, the following changes can be made to enable trusts-based authorization in the Heat configuration file:
- The default setting in
heat.conf:deferred_auth_method=password
- To be replaced for enabling trusts-based authentication:
deferred_auth_method=trusts
- The following parameters need to be set to specify trustor roles:
trusts_delegated_roles =
As mentioned earlier, all available roles for the trustor will be assigned to the trustee if no specific roles are mentioned in the heat.conf file.