Finalize Auth integration

Registered by Vish Ishaya

This is a placeholder spec for finalizing the integration between nova and the auth service. For this to be completed we need:
1) No more project/role/user info in nova
2) Replication of existing authz features in in either keystone or separate authz service
3) Migration plan for old data into keystone/authz

Blueprint information

Status:
Complete
Approver:
Vish Ishaya
Priority:
Essential
Drafter:
Vish Ishaya
Direction:
Needs approval
Assignee:
Vish Ishaya
Definition:
Approved
Series goal:
Accepted for diablo
Implementation:
Implemented
Milestone target:
milestone icon 2011.3
Started by
Thierry Carrez
Completed by
Thierry Carrez

Whiteboard

First appeared in diablo-4

Proposing the following series of steps:

a) put all important data into request context
b) remove auth manager from as much of the code base as possible (lots of tests use it)
c) move the access / secret stuff in ec2 into a middleware (it may eventually move into keystone)
d) create a migration script from existing users and projects into keystone.
e) deprecate (and possibly remove completely) AuthManager
f) rename project_id to tenant_id throughout the system
---> I consider this blueprint done here, but there is some additional things that need to be done:
g) figure out auth-z in keystone
h) remove context checking for auth in db layer

a is done in the linked branch, b is in progress. Will propose once b is done and tests are passing.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.