Heat used to support the password-based authorization until the kilo version of OpenStack was released. Using the kilo version of OpenStack, the following changes can be made to enable trusts-based authorization in the Heat configuration file:
The default setting in
heat.conf
:deferred_auth_method=password
To be replaced for enabling trusts-based authentication:
deferred_auth_method=trusts
The following parameters need to be set to specify trustor roles:
trusts_delegated_roles =
As mentioned earlier, all available roles for the trustor will be assigned to the trustee if no specific roles are mentioned in the heat.conf
file.