Add support for oauth (new in keystone)
solum wants to use mistral, we also want to drive heat stack create/updates from a task.
all three projects use trusts and this suffers from non-existant chained trust feature in keystone.
a better solution is oauth which has landed in keystone and does not suffer from this issue.
I have spoken to Steven Hardy in the Heat team and he will migrate heat to use oauth soon.
I think all these projects (solum, mistral and heat) should move to oauth tokens.
Blueprint information
- Status:
- Complete
- Approver:
- Renat Akhmerov
- Priority:
- High
- Drafter:
- Angus Salkeld
- Direction:
- Approved
- Assignee:
- Nikolay Makhotkin
- Definition:
- Superseded
- Series goal:
- None
- Implementation:
- Deferred
- Milestone target:
- 0.1
- Started by
- Completed by
- Angus Salkeld
Related branches
Related bugs
Sprints
Whiteboard
https:/
https:/
https:/
-----
paulmo: Angus, what exactly does Mistral need to support? I'm confused as Mistral is a workflow engine. The "plugins" would need to authenticate and not Mistral itself right? Can we expand this to describe the specific needs?
Gerrit topic: https:/
Addressed by: https:/
Step 1 add OAuth to Mistral
I think we should drop this bp now, keystone/heat people favor trusts instead.
Solum can work around the chained trusts issues in the short term.