From 812801561d2bb1dc8b9db3a82f0dd73bf45d7bc3 Mon Sep 17 00:00:00 2001 From: Michael Still Date: Wed, 1 Feb 2017 14:55:08 +1100 Subject: [PATCH] Update devref with vendordata changes. Change-Id: Id0e39e998b6fa46b0fc91d3512afdafcf50a01a2 --- doc/source/vendordata.rst | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/doc/source/vendordata.rst b/doc/source/vendordata.rst index facd2fe4e103..e108e3cad52b 100644 --- a/doc/source/vendordata.rst +++ b/doc/source/vendordata.rst @@ -111,6 +111,12 @@ The following data is passed to your REST service as a JSON encoded POST: | metadata | As specified by the user at boot time. | +-------------+-------------------------------------------------+ -The REST service is also passed the Keystone authentication details for the -original API request which caused this boot, which can be used by the REST -service to determine if the action is authorized. +Deployment considerations +========================= + +Nova provides authentication to external metadata services in order to provide +some level of certainty that the request came from nova. This is done by +providing a service token with the request -- you can then just deploy your +metadata service with the keystone authentication WSGI middleware. This is +configured using the keystone authentication parameters in the +``vendordata_dynamic_auth`` configuration group.