Cue

User specified default user for broker

Registered by Min Pae

The user should be able to specify the initial username/password desired for the broker cluster being instantiated. Currently the user is unable to specify a username/password for the initial user, it is instead fixed to rabbitmq/<cluster uuid>.

Blueprint information

Status:
Started
Approver:
None
Priority:
Undefined
Drafter:
Min Pae
Direction:
Approved
Assignee:
Davide Agnello
Definition:
New
Series goal:
Accepted for trunk
Implementation:
Needs Code Review
Milestone target:
None
Started by
Davide Agnello

Related branches

Sprints

Whiteboard

A user of Cue will want to be able to specify a username and password during provisioning such that a well known default password would not be provisioned to the broker cluster being created.

In order to support this for RabbitMQ and looking forward to Kafka, Qpid and any other brokers that are planned for support, the API needs to be extended to provide an input field for login credentials. The field needs to be flexible enough to support all of the brokers Cue intends to support.

RabbitMQ and Qpid both implement authentication via SASL, with builtin support for PLAIN authentication and extensible to others. Kafka, as of version 0.8 (current release) does not support authentication, it is planned for 0.9.

To provide username/password support the Cluster object being passed in to POST /v1/clusters needs to be extended to support the following field

auth_credential: {
    type: 'PLAIN'
    token: {
        username: 'username'
        password: 'password'
    }
}

The type will indicate to the broker provisioner how to handle/interpret the token being provided, and the token will be a dictionary containing the requisite fields for the token type. Initial supported type will be PLAIN, which requires a username and password. It should be noted that this auth method is insecure unless SSL is used to protect the communication between the broker server and the broker client.

Gerrit topic: https://review.openstack.org/#q,topic:bp/custom-default-user,n,z

Addressed by: https://review.openstack.org/204713
    Adding field for auth_credentials to API doc

Addressed by: https://review.openstack.org/215824
    Adding authentication support to API

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.