OpenStack Heat

OAuth credentials resource

Registered by Thomas Herve

To be able to delegate access to instances or other services in Heat would be interesting. One first step would be a OS::Keystone::OAuthCredentials resources, that instances could use to request a token when needed.

We need to create:
 * Create a consumer using Heat service user credentials. It could be global, per stack or per resource.
 * Create a request token for the consumer per resource.
 * Authorize the request token using the user credentials.
 * Create the access token.

The key and the secret of the access token are then required to retrieve a regular keystone token by other resources. They need to be exposed as attributes. Roles can be taken as inputs, with the user role as default.

it depends on https://blueprints.launchpad.net/python-keystoneclient/+spec/add-oauth-support for keystone-client support.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Medium
Drafter:
Thomas Herve
Direction:
Needs approval
Assignee:
Thomas Herve
Definition:
Obsolete
Series goal:
None
Implementation:
Not started
Milestone target:
milestone icon next
Completed by
Angus Salkeld

Related branches

Sprints

Whiteboard

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.