[openstack-dev] [heat] Problems with Heat software configurations and KeystoneV2
Steve Baker
sbaker at redhat.com
Mon Apr 7 01:15:07 UTC 2014
On 07/04/14 12:52, Michael Elder wrote:
>
>
> I think the net of the statement still holds though: the Keystone
> token mechanism defines a mechanism for authorization, why doesn't the
> heat stack manage a token for any behavior that requires authorization?
Heat does use a token, but that token is associated with a user which
can only perform limited operations on one heat resource. This reduces
the risk that an unauthorized action can be performed due to using some
form of shared user.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140407/9bae3438/attachment.html>
More information about the OpenStack-dev
mailing list