Enable Heat to use Keystone v3 domains
SInce Icehouse Heat supports (and since Juno suggests as default deployment configuration) using Keystone v3 and its features like domains and trusts for internal auth. It greatly improves Heat usability by not requiring admin rights to create resources that create an internal Heat-specific Keystone users, and not polluting the Keystone user-space with such internal users. Also full user credentials (including password) no longer must be stored in Heat's DB, which improves security.
Blueprint information
- Status:
- Complete
- Approver:
- ruhe
- Priority:
- High
- Drafter:
- Pavlo Shchelokovskyy
- Direction:
- Approved
- Assignee:
- Igor Yozhikov
- Definition:
- Approved
- Series goal:
- Accepted for 6.1.x
- Implementation:
- Implemented
- Milestone target:
- 6.1
- Started by
- Igor Yozhikov
- Completed by
- Sergey Kraynev
Related branches
Sprints
Whiteboard
That is how Heat in DevStack is configured to use Keystone domains and trusts using python-
[1] https:/
RELATED BUG = https:/
heat-common package update = https:/
fuel-library = https:/
Work Items
Work items:
Create Heat-specific domains and users in Keystone at deply time using python-
Use values obtained at previous step to configure heat.conf on all controllers: TODO
Dependency tree
* Blueprints in grey have been implemented.