OpenStack Heat

Use Keystone Trusts to avoid storing user credentials

Registered by Steven Hardy on 2013-03-07

Now keystone trusts have been merged, we need to figure out how to use trust tokens in order to avoid storing user credentials in our DB

Blueprint information

Status:: Complete

Approver:: None

Priority:: High

Drafter:: None

Direction:: Approved

Assignee:: Steven Hardy

Definition:: Approved

Series goal:: Accepted for havana

Implementation:: Implemented

Milestone target:: 2013.2

Started by: Steven Hardy on 2013-05-01

Completed by: Steven Hardy on 2013-09-04

Related branches

Related bugs

Sprints

havana-summit-heat

Whiteboard

https://wiki.openstack.org/wiki/Keystone/Trusts

keystone trusts implementation:
https://review.openstack.org/#/c/20289/

Trusts extension API spec:
https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-trust-ext.md

Blocked on the following keystoneclient and keystone reviews:
https://review.openstack.org/#/c/39899/ - MERGED
https://review.openstack.org/#/c/42456/ - MERGED

Gerrit topic: https://review.openstack.org/#q,topic:bp/heat-trusts,n,z

Addressed by: https://review.openstack.org/43380
Migrate stored credentials to keystone trusts

Addressed by: https://review.openstack.org/44770
Add trust_id and trustor_user_id Context and DB

Gerrit topic: https://review.openstack.org/#q,topic:bp/heat-trusts3,n,z

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information

Everyone can see this information.

Subscribers

Christopher Armstrong

Edmund Troche

JunJie Nan

Priti Desai

Rackspace Autoscale