Create OpenStack Identity Service
Create an identity service for use with OpenStack. Initially using token-based authentication and necessary middleware to support integration with OpenStack core services; Nova, Glance, and Swift.
Anti-Requirement:
Do not build an identity system! Instead, use existing systems for heavy lifting. Local storage can be used for reference implementation or PoC
Architecturally, therefore, implement a generalized claims-based architecture:
Ex: base class that can: Request -> GetClaims -> ValidateClaims -> Returns claim-based authentication.
1.) Receive Claim
2.) Validate Claim
3.) Decorate request
4.) Forward request
Requirement from Nova:
Lightweight Delegation - As a User who is associated with a Tenant ID, I should have the ability to delegate Tenant IDs to other users
and access those Tenants via a call in the new Keystone Service.
Draft Acceptance Criteria:
1.) User is able to grant additional Tenants
2.) Each Tenant has a unique token
3.) The User is able to login with Username & Password/API key
...or... 4.) The User is able to login with Username & Password/API key AND Tenant ID (optional)
5.) A TenantID must always have at least one user.
6.) A user must be associated with a TenantID which may be a default tenant initially.
7.) The Admin User can pass a TenantID token and use a new call to list_all_tenants (Admin only)
8.) The non-Admin User can pass a TenantID token and use a new call to list_all_tenants available to THAT USER ONLY.
9.) The user can pass a TenantID token and use a new call to list_all_users (by TenantID)
Requirement from Swift:
Support existing Auth functionality (Rackspace Auth, DevAuth, SWAUTH)
Requirement from Glance:
Integrate with Glance
Keystone work:
1.) Install Glance
2.) Standardize the interfaces
3.) Prove ability to write to service
Glance work:
1.) Add middleware with tenant key
2.) Functional Tests over that communication to ensure they are attached properly (image:tenant)
3.) Modify Logging to include the middleware context.
Requirement:
Include documentation
Acceptance Criteria:
1.) Must Include "How to start Service"
2.) Must include Presentation
3.) Dev Guide must be updated to include all new features
4.) Create Admin Guide and Install Guide
5.) Update Guide(s) to follow "Open Stack" look and feel
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Ziad Sawalha
- Direction:
- Approved
- Assignee:
- Rackspace Integration
- Definition:
- Drafting
- Series goal:
- Accepted for diablo
- Implementation:
-
Implemented
- Milestone target:
-
diablo-2
- Started by
- Ziad Sawalha
- Completed by
- Ziad Sawalha
Related branches
Related bugs
Sprints
Whiteboard
1. Code will look the same for separate engines (model on Burrow "plugability")
2. That standardization should not touch the logic part of the code; place that in a separate layer.
3. No dependencies on new libraries if possible (remove bottlepy which is in alpha code)
4. Use WSGI router (similar to how used in Glance and Burrow)
- start up daemon
- install maps
- use wrapper on exceptions
5. Include daemonization and shell
Work Items
Dependency tree
* Blueprints in grey have been implemented.
