Enforce access control for Fuel Master node
Problem:
Currently, there is no enforced access control to the Fuel UI. In other words, anyone can connect to the URL and perform any actions.
Needed solution:
Access control needs to be implemented so that individuals are challenged for credentials when they try to access the Fuel master node.
Feature Lead: assignee of this blueprint
Mandatory Design Reviewers: Mike Scherbakov, Stas Bogatkin, Evgeny Li, Vladimir Kuklin
Developers: Lukasz Oles, Kamil Sambor, Matt Mosesohn
QA: Andrey Sledzinskiy
Blueprint information
- Status:
- Complete
- Approver:
- David J. Easter
- Priority:
- Essential
- Drafter:
- David J. Easter
- Direction:
- Approved
- Assignee:
- Łukasz Oleś
- Definition:
- Approved
- Series goal:
- Accepted for 5.1.x
- Implementation:
- Implemented
- Milestone target:
- 5.1
- Started by
- Łukasz Oleś
- Completed by
- Vladimir Kuklin
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Blueprint: access-
Addressed by: https:/
Add Fuel user to fuelmenu
Gerrit topic: https:/
Addressed by: https:/
Add hidden service passwords module to fuelmenu
Addressed by: https:/
Add master node service passwords from yaml
Addressed by: https:/
Add keystone container
Addressed by: https:/
Add keystone container
Addressed by: https:/
Set default password for admin user
Addressed by: https:/
Add default password for admin user
Addressed by: https:/
Add authentication in fuel-cli
Gerrit topic: https:/
Addressed by: https:/
Add keystone access support to ostf wsgi
Addressed by: https:/
Authorization support
Addressed by: https:/
Added nailgun client role
Addressed by: https:/
Add keystone proxy to nginx
Addressed by: https:/
Generate keystone admin token
Addressed by: https:/
Keystone configuration changes:
Addressed by: https:/
Add keystone access to astute.yaml for builds
Addressed by: https:/
Add keystone support for OSTF
Addressed by: https:/
Add keystone authentication to ostf client
Addressed by: https:/
Nailgun depends on keystone-client
Addressed by: https:/
Token passthrough for nailgun client in ostf
Addressed by: https:/
Add auth support nailgun client
Addressed by: https:/
Generate keystone admin for save only in fuelmenu
Addressed by: https:/
Fuel-cli depends on keystone-client
Addressed by: https:/
Fake Keystone
Addressed by: https:/
Keystone Authorization for UI
Addressed by: https:/
Add unit tests for nailgun keystone middleware
Addressed by: https:/
Install keystone during system upgrade
Addressed by: https:/
Change password feature in UI
Addressed by: https:/
Added possibilities to change user password via fuel-cli
Addressed by: https:/
Turned on authentication
Addressed by: https:/
Exclude possibility of installing pecan 0.6 inside ostf container
Work Items
Dependency tree
* Blueprints in grey have been implemented.