Set tenantName to 'admin' in get_admin_auth_token.

Sets the tenantName to 'admin' in get_admin_auth_token. This
is required because user-only roles are currently not supported.
Give that wsgi is hard coded to check for 'role:admin' this
seems to be a reasonable thing to do. In the future it would be nice
to add a custom admin_role setting in the config file so the
role wouldn't be hard coded to 'admin'.

Also removes unused version of get_admin_auth_token.

Fixes LP Bug #939015.

Change-Id: I545b458e31c8a44a5a69cad1e875f0fe02956246

1 files changed, 24 insertions, 0 deletions

diff --git a/docs/source/configuringservices.rst b/docs/source/configuringservices.rst
index 11085e9d..bfbada65 100644
--- a/docs/source/configuringservices.rst
+++ b/docs/source/configuringservices.rst
@@ -259,3 +259,27 @@ S3 api.
 .. Note::
    With the S3 middleware you are connecting to the `Swift` proxy and
    not to `keystone`.
+
+Auth-Token Middleware with Username and Password
+--------------------------------
+
+It is also possible to configure Keystone's auth_token middleware using the
+'admin_user' and 'admin_password' options. When using the 'admin_user' and
+'admin_password' options the 'admin_token' parameter is optional. If
+'admin_token' is specified it will by used only if the specified token is
+still valid.
+
+Here is an example paste config filter that makes use of the 'admin_user' and
+'admin_password' parameters::
+
+    [filter:tokenauth]
+    paste.filter_factory = keystone.middleware.auth_token:filter_factory
+    service_port = 5000
+    service_host = 127.0.0.1
+    auth_port = 35357
+    auth_host = 127.0.0.1
+    auth_token = ADMIN
+    admin_user = admin
+    admin_password = keystone123
+
+It should be noted that when using this option an 'admin' tenant/role relationship is required. The admin user is granted access to to the 'admin' role via the 'admin' tenant.