Finalize Auth integration
This is a placeholder spec for finalizing the integration between nova and the auth service. For this to be completed we need:
1) No more project/role/user info in nova
2) Replication of existing authz features in in either keystone or separate authz service
3) Migration plan for old data into keystone/authz
Blueprint information
- Status:
- Complete
- Approver:
- Vish Ishaya
- Priority:
- Essential
- Drafter:
- Vish Ishaya
- Direction:
- Needs approval
- Assignee:
- Vish Ishaya
- Definition:
- Approved
- Series goal:
- Accepted for diablo
- Implementation:
- Implemented
- Milestone target:
- 2011.3
- Started by
- Thierry Carrez
- Completed by
- Thierry Carrez
Related branches
Related bugs
Sprints
Whiteboard
First appeared in diablo-4
Proposing the following series of steps:
a) put all important data into request context
b) remove auth manager from as much of the code base as possible (lots of tests use it)
c) move the access / secret stuff in ec2 into a middleware (it may eventually move into keystone)
d) create a migration script from existing users and projects into keystone.
e) deprecate (and possibly remove completely) AuthManager
f) rename project_id to tenant_id throughout the system
---> I consider this blueprint done here, but there is some additional things that need to be done:
g) figure out auth-z in keystone
h) remove context checking for auth in db layer
a is done in the linked branch, b is in progress. Will propose once b is done and tests are passing.
Work Items
Dependency tree
* Blueprints in grey have been implemented.