Enforce access control for Fuel Master node

Registered by David J. Easter

    Currently, there is no enforced access control to the Fuel UI. In other words, anyone can connect to the URL and perform any actions.

Needed solution:
    Access control needs to be implemented so that individuals are challenged for credentials when they try to access the Fuel master node.

Feature Lead: assignee of this blueprint
Mandatory Design Reviewers: Mike Scherbakov, Stas Bogatkin, Evgeny Li, Vladimir Kuklin
Developers: Lukasz Oles, Kamil Sambor, Matt Mosesohn
QA: Andrey Sledzinskiy

Blueprint information

David J. Easter
David J. Easter
Łukasz Oleś
Series goal:
Accepted for 5.1.x
Milestone target:
milestone icon 5.1
Started by
Łukasz Oleś
Completed by
Vladimir Kuklin

Related branches


Gerrit topic: https://review.openstack.org/#q,topic:bp/access-control-master-node,n,z

Addressed by: https://review.openstack.org/96429
    Blueprint: access-control-master-node

Addressed by: https://review.openstack.org/98814
    Add Fuel user to fuelmenu

Gerrit topic: https://review.openstack.org/#q,topic:bp/secure-fuel-master-services,n,z

Addressed by: https://review.openstack.org/101240
    Add hidden service passwords module to fuelmenu

Addressed by: https://review.openstack.org/101257
    Add master node service passwords from yaml

Addressed by: https://review.openstack.org/102043
    Add keystone container

Addressed by: https://review.openstack.org/102045
    Add keystone container

Addressed by: https://review.openstack.org/102357
    Set default password for admin user

Addressed by: https://review.openstack.org/102501
    Add default password for admin user

Addressed by: https://review.openstack.org/102795
    Add authentication in fuel-cli

Gerrit topic: https://review.openstack.org/#q,topic:ostf_refactoring,n,z

Addressed by: https://review.openstack.org/103055
    Add keystone access support to ostf wsgi

Addressed by: https://review.openstack.org/103192
    Authorization support

Addressed by: https://review.openstack.org/103554
    Added nailgun client role

Addressed by: https://review.openstack.org/103673
    Add keystone proxy to nginx

Addressed by: https://review.openstack.org/103814
    Generate keystone admin token

Addressed by: https://review.openstack.org/103826
    Keystone configuration changes:

Addressed by: https://review.openstack.org/103838
    Add keystone access to astute.yaml for builds

Addressed by: https://review.openstack.org/103897
    Add keystone support for OSTF

Addressed by: https://review.openstack.org/104080
    Add keystone authentication to ostf client

Addressed by: https://review.openstack.org/104104
    Nailgun depends on keystone-client

Addressed by: https://review.openstack.org/104119
    Token passthrough for nailgun client in ostf

Addressed by: https://review.openstack.org/104131
    Add auth support nailgun client

Addressed by: https://review.openstack.org/104151
    Generate keystone admin for save only in fuelmenu

Addressed by: https://review.openstack.org/104168
    Fuel-cli depends on keystone-client

Addressed by: https://review.openstack.org/104903
    Fake Keystone

Addressed by: https://review.openstack.org/97555
    Keystone Authorization for UI

Addressed by: https://review.openstack.org/105113
    Add unit tests for nailgun keystone middleware

Addressed by: https://review.openstack.org/105213
    Install keystone during system upgrade

Addressed by: https://review.openstack.org/105683
    Change password feature in UI

Addressed by: https://review.openstack.org/105767
    Added possibilities to change user password via fuel-cli

Addressed by: https://review.openstack.org/106715
    Turned on authentication

Addressed by: https://review.openstack.org/107342
    Exclude possibility of installing pecan 0.6 inside ostf container


Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.