shadow users

Registered by Steve Martinelli on 2015-12-08

Locally managed users are handled slightly differently than users backed by LDAP, which are handled significantly differently than users backed by federation. Available APIs, relevant APIs, and token validation responses all vary. For example, users receive different types of IDs, passwords may or may not be stored in keystone, and in the case of federation, may not be able to receive direct role assignments. Future additional authentication methods pose a risk of complicating things further.

Instead of continuing down this path, we can refactor our user persistence to separate identities from their locally-managed credentials, if any. The result will be a unified experience for both end users and operators.

Blueprint information

Status:
Complete
Approver:
Steve Martinelli
Priority:
High
Drafter:
Steve Martinelli
Direction:
Approved
Assignee:
Ron De Rose
Definition:
Approved
Series goal:
Accepted for mitaka
Implementation:
Implemented
Milestone target:
milestone icon mitaka-3
Started by
Steve Martinelli on 2015-12-20
Completed by
Steve Martinelli on 2016-03-01

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/shadow-users,n,z

Addressed by: https://review.openstack.org/278570
    Shadow users - Separate user identities

Addressed by: https://review.openstack.org/279162
    Shadow users - Shadow federated users

Gerrit topic: https://review.openstack.org/#q,topic:bp/shadow-users-patch37,n,z

Addressed by: https://review.openstack.org/284943
    Shadow users - Allow concrete role assignments for federated users

Gerrit topic: https://review.openstack.org/#q,topic:bp/shadow-users-patch55,n,z

Gerrit topic: https://review.openstack.org/#q,topic:bp/shadow-users-patch55-patch60,n,z

Addressed by: https://review.openstack.org/286169
    Role assignment resolution for shadow users.

Gerrit topic: https://review.openstack.org/#q,topic:(detached,n,z

Addressed by: https://review.openstack.org/296639
    WIP - Drop EPHEMERAL user type

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.