Add framework for generating keystone trust
Magnum needs framework to generate keystone trust, which will be injected into bay nodes (which are nova instances). Bay node will use keystone trusts to authenticate itself to an OpenStack service (Swift, Barbican, Neutron, etc.). The reason of using keystone trust (not username/password) is that the scope of trust can be limited in some extent (e.g. scope to a specific service, assign a specific role, etc.).
There are potential three use cases of keystone trust:
1. TLS support [1]: A kubernetes bay might need to store/retrieve secrets from barbican.
2. Docker registry v2 support [2]: A bay need to store docker image into swift.
3. External load balancer [3]: A kubernetes bay needs to talk to neutron for external load balancing.
[1] https:/
[2] https:/
[3] https:/
Blueprint information
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
[WIP] Generate keystone trust
Addressed by: https:/
Add v3 domain in context
Addressed by: https:/
Remove auth_url and is_public_api from context
Work Items
Dependency tree
* Blueprints in grey have been implemented.