[Openstack] Heat, keystone trust, and horizon: why is the password box there?

Steven Hardy shardy at redhat.com
Mon Aug 18 11:17:50 UTC 2014

On Fri, Aug 15, 2014 at 08:49:12AM -0400, Don Waterloo wrote:
> I believe I have heat setup correctly using trust & domain model (on
> icehouse / ubuntu 14.04), I followed
> http://hardysteven.blogspot.ca/2014/04/heat-auth-model-updates-part-1-trusts.html
> and
> http://hardysteven.blogspot.ca/2014/04/heat-auth-model-updates-part-2-stack.html
> and heat is working fine from the command line (when the environment
> variables are set), and from horizon (when I enter my password a
> second time on the 'launch stack' box).
> But my understand was I would not have to supply my password a second
> time. I can't leave the box blank (it says its required).
> Am I misunderstanding this? I don't see code in horizon that would
> 'hide' this box.
> If i'm not misunderstanding, is there a way to 'test' the setup of the
> domain, of the trust?

As already mentioned by Julie, the option to optionally remove the
password box from the Horizon Heat UI has not been added yet.

Note that when using deferred_auth_method=trusts, you can put a dummy
string in that box, as heat will ignore it.

Note that trusts is the default heat configuration for devstack, but not
necessarily all heat deployments, because our sample config still specifies


I'll try to get back to looking at that so we can hopefully move to trusts
by default for Juno, but note there are some use-cases where password
remains appropriate, for example running heat in standalone mode.


More information about the Openstack mailing list