Use Keystone Trusts to authenticate instead of hardcoding values in configuration files
Use keystone trusts to talk to various services (Nova) from trove. Stop storing user credential in conf file. Create and use Keystone trusts and store these user credentials like trust_id, trustee_id, roles, trustor_id etc in DB.
- Need db model for user credentials
- Need migration for this db model.
- Need modified keystone client that will use these user credentials from db to create trust tokens whenever trove talks to Nova
- Need to create and delete trusts while trove-agents are in action.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Pranav Salunke
- Direction:
- Needs approval
- Assignee:
- Pranav Salunke
- Definition:
- Discussion
- Series goal:
- Accepted for future
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
There were concerns around whether keystone trusts is fully functional yet, and what was the direction other OpenStack projects are taking regarding this. We had a vote at the weekly BP meeting on 6/2/2014, and the unanimous result was to wait and watch, for now.
