From b96871e4865ac603aba0bb38af019cc7b83d038b Mon Sep 17 00:00:00 2001
From: Jesse Andrews <anotherjesse@gmail.com>
Date: Sun, 2 Oct 2011 09:02:46 -0700
Subject: [PATCH] don't use the same keystone admin token for everything

---
 files/glance-api.conf      |  2 +-
 files/glance-registry.conf |  2 +-
 files/keystone_data.sh     |  2 +-
 stack.sh                   | 13 ++++++++++---
 4 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/files/glance-api.conf b/files/glance-api.conf
index d386c95..0358a7a 100644
--- a/files/glance-api.conf
+++ b/files/glance-api.conf
@@ -175,4 +175,4 @@ auth_host = 127.0.0.1
 auth_port = 35357
 auth_protocol = http
 auth_uri = http://127.0.0.1:5000/
-admin_token = 999888777666
+admin_token = %SERVICE_TOKEN%
diff --git a/files/glance-registry.conf b/files/glance-registry.conf
index 5bbc6c0..c3ca9a7 100644
--- a/files/glance-registry.conf
+++ b/files/glance-registry.conf
@@ -64,7 +64,7 @@ auth_host = 127.0.0.1
 auth_port = 35357
 auth_protocol = http
 auth_uri = http://127.0.0.1:5000/
-admin_token = 999888777666
+admin_token = %SERVICE_TOKEN%
 
 [filter:keystone_shim]
 paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index e6f384f..cfb4572 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -34,7 +34,7 @@ $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOS
 # $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
 
 # Tokens
-$BIN_DIR/keystone-manage $* token add 999888777666 admin admin 2015-02-05T00:00
+$BIN_DIR/keystone-manage $* token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00
 
 # EC2 related creds
 $BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials"
diff --git a/stack.sh b/stack.sh
index 2e87352..285e101 100755
--- a/stack.sh
+++ b/stack.sh
@@ -146,6 +146,10 @@ RABBIT_HOST=${RABBIT_HOST:-localhost}
 # Glance connection info.  Note the port must be specified.
 GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}
 
+# Service Token - Openstack components need to have an admin token
+# to validate user tokens.
+SERVICE_TOKEN=${SERVICE_TOKEN:-`uuidgen`}
+
 # Install Packages
 # ================
 #
@@ -318,11 +322,13 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
     GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf
     cp $FILES/glance-registry.conf $GLANCE_CONF
     sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF
+    sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_CONF
     sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_CONF
 
     GLANCE_API_CONF=$GLANCE_DIR/etc/glance-api.conf
     cp $FILES/glance-api.conf $GLANCE_API_CONF
     sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_API_CONF
+    sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_API_CONF
 fi
 
 # Nova
@@ -428,6 +434,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
     KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh
     cp $FILES/keystone_data.sh $KEYSTONE_DATA
     sudo sed -e "s,%HOST_IP%,$HOST_IP,g" -i $KEYSTONE_DATA
+    sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_DATA
     # initialize keystone with default users/endpoints
     BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
 fi
@@ -508,9 +515,9 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
 
     # add images to glance
     # FIXME: kernel/ramdisk is hardcoded - use return result from add
-    glance add -A 999888777666 name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image
-    glance add -A 999888777666 name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image
-    glance add -A 999888777666 name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image
+    glance add -A $SERVICE_TOKEN name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image
+    glance add -A $SERVICE_TOKEN name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image
+    glance add -A $SERVICE_TOKEN name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image
 fi
 
 # Using the cloud