Extend user API to support federated attributes

Registered by Ron De Rose on 2016-11-16

Federated users are no longer ephemeral and are like any other keystone user. Thus, lets extend the user API to support federated attributes.

Blueprint information

Status:
Complete
Approver:
Steve Martinelli
Priority:
Medium
Drafter:
Ron De Rose
Direction:
Approved
Assignee:
Ron De Rose
Definition:
Superseded
Series goal:
None
Implementation:
Slow progress
Milestone target:
None
Started by
Steve Martinelli on 2016-12-13
Completed by
Lance Bragstad on 2019-02-15

Related branches

Sprints

Whiteboard

(stevemar - 12/30/2016): Bumping to next release. Good progress was made here, but we probably won't have time to fully implement the new APIs. Great job on the re-work surrounding the initiative. Feel free to continue to work on this as we transition to Pike.

Gerrit topic: https://review.openstack.org/#q,topic:support-federated-attr,n,z

Addressed by: https://review.openstack.org/397410
    Extend user API to support federated attributes

Gerrit topic: https://review.openstack.org/#q,topic:bug/1642687,n,z

Addressed by: https://review.openstack.org/399684
    Require domain_id when registering Identity Providers

Addressed by: https://review.openstack.org/408332
    WIP - Set the domain for federated users

Gerrit topic: https://review.openstack.org/#q,topic:add-domain-to-user-table,n,z

Addressed by: https://review.openstack.org/409874
    WIP - Add domain_id to the user table

Gerrit topic: https://review.openstack.org/#q,topic:bug/1649412,n,z

Addressed by: https://review.openstack.org/409946
    Make user to nonlocal_user a 1:1 relationship

Gerrit topic: https://review.openstack.org/#q,topic:bp/support-federated-attr,n,z

Addressed by: https://review.openstack.org/414720
    WIP add query for unique_id in list_users

Addressed by: https://review.openstack.org/423705
    Refactor shadow users tests

Addressed by: https://review.openstack.org/423708
    Set the domain for federated users

Addressed by: https://review.openstack.org/439290
    WIP

Addressed by: https://review.openstack.org/426449
    Extend User API to support federated attributes

Addressed by: https://review.openstack.org/448730
    Add federated support for get user

Addressed by: https://review.openstack.org/448755
    Add federated support for creating a user

(lbragstad) 19-02-15: I'm marking this as superseded based on the plan socialized on the mailing list [0]. All relevant content from this blueprint has been ported to an RFE bug report [1].

[0] http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002672.html
[1] https://bugs.launchpad.net/keystone/+bug/1816076

Gerrit topic: https://review.opendev.org/#/q/topic:bp/support-federated-attr

Addressed by: https://review.opendev.org/448730
    Add federated support for get user

Addressed by: https://review.opendev.org/448755
    Add federated support for creating a user

Addressed by: https://review.opendev.org/448765
    Add federated support for updating a user

Gerrit topic: https://review.opendev.org/#/q/topic:bp/support-federated-attr-patch18

Addressed by: https://review.opendev.org/678586
    Expiring Group Membership Driver - Add, List Groups

Addressed by: https://review.opendev.org/713976
    Add expiring user group memberships on mapped authentication

Addressed by: https://review.opendev.org/718153
    Update api-ref for federated objects in user

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.