Use Keystone Trusts to avoid storing user credentials

Registered by Steven Hardy on 2013-03-07

Now keystone trusts have been merged, we need to figure out how to use trust tokens in order to avoid storing user credentials in our DB

Blueprint information

Status:
Complete
Approver:
None
Priority:
High
Drafter:
None
Direction:
Approved
Assignee:
Steven Hardy
Definition:
Approved
Series goal:
Accepted for havana
Implementation:
Implemented
Milestone target:
milestone icon 2013.2
Started by
Steven Hardy on 2013-05-01
Completed by
Steven Hardy on 2013-09-04

Related branches

Whiteboard

https://wiki.openstack.org/wiki/Keystone/Trusts

keystone trusts implementation:
https://review.openstack.org/#/c/20289/

Trusts extension API spec:
https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-trust-ext.md

Blocked on the following keystoneclient and keystone reviews:
https://review.openstack.org/#/c/39899/ - MERGED
https://review.openstack.org/#/c/42456/ - MERGED

Gerrit topic: https://review.openstack.org/#q,topic:bp/heat-trusts,n,z

Addressed by: https://review.openstack.org/43380
    Migrate stored credentials to keystone trusts

Addressed by: https://review.openstack.org/44770
    Add trust_id and trustor_user_id Context and DB

Gerrit topic: https://review.openstack.org/#q,topic:bp/heat-trusts3,n,z

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.