OpenStack Identity (keystone)

Extend user API to support federated attributes

Registered by Ron De Rose

Federated users are no longer ephemeral and are like any other keystone user. Thus, lets extend the user API to support federated attributes.

Blueprint information

Status:
Complete
Approver:
Steve Martinelli
Priority:
Medium
Drafter:
Ron De Rose
Direction:
Approved
Assignee:
Ron De Rose
Definition:
Superseded
Series goal:
None
Implementation:
Slow progress
Milestone target:
None
Started by
Steve Martinelli
Completed by
Lance Bragstad

Related branches

Sprints

Whiteboard

(stevemar - 12/30/2016): Bumping to next release. Good progress was made here, but we probably won't have time to fully implement the new APIs. Great job on the re-work surrounding the initiative. Feel free to continue to work on this as we transition to Pike.

Gerrit topic: https://review.openstack.org/#q,topic:support-federated-attr,n,z

Addressed by: https://review.openstack.org/397410
    Extend user API to support federated attributes

Gerrit topic: https://review.openstack.org/#q,topic:bug/1642687,n,z

Addressed by: https://review.openstack.org/399684
    Require domain_id when registering Identity Providers

Addressed by: https://review.openstack.org/408332
    WIP - Set the domain for federated users

Gerrit topic: https://review.openstack.org/#q,topic:add-domain-to-user-table,n,z

Addressed by: https://review.openstack.org/409874
    WIP - Add domain_id to the user table

Gerrit topic: https://review.openstack.org/#q,topic:bug/1649412,n,z

Addressed by: https://review.openstack.org/409946
    Make user to nonlocal_user a 1:1 relationship

Gerrit topic: https://review.openstack.org/#q,topic:bp/support-federated-attr,n,z

Addressed by: https://review.openstack.org/414720
    WIP add query for unique_id in list_users

Addressed by: https://review.openstack.org/423705
    Refactor shadow users tests

Addressed by: https://review.openstack.org/423708
    Set the domain for federated users

Addressed by: https://review.openstack.org/439290
    WIP

Addressed by: https://review.openstack.org/426449
    Extend User API to support federated attributes

Addressed by: https://review.openstack.org/448730
    Add federated support for get user

Addressed by: https://review.openstack.org/448755
    Add federated support for creating a user

(lbragstad) 19-02-15: I'm marking this as superseded based on the plan socialized on the mailing list [0]. All relevant content from this blueprint has been ported to an RFE bug report [1].

[0] http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002672.html
[1] https://bugs.launchpad.net/keystone/+bug/1816076

Gerrit topic: https://review.opendev.org/#/q/topic:bp/support-federated-attr

Addressed by: https://review.opendev.org/448730
    Add federated support for get user

Addressed by: https://review.opendev.org/448755
    Add federated support for creating a user

Addressed by: https://review.opendev.org/448765
    Add federated support for updating a user

Gerrit topic: https://review.opendev.org/#/q/topic:bp/support-federated-attr-patch18

Addressed by: https://review.opendev.org/678586
    Expiring Group Membership Driver - Add, List Groups

Addressed by: https://review.opendev.org/713976
    Add expiring user group memberships on mapped authentication

Addressed by: https://review.opendev.org/718153
    Update api-ref for federated objects in user

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.