Solum

Add support for oauth (new in keystone)

Registered by Angus Salkeld

solum wants to use mistral, we also want to drive heat stack create/updates from a task.
all three projects use trusts and this suffers from non-existant chained trust feature in keystone.
a better solution is oauth which has landed in keystone and does not suffer from this issue.
I have spoken to Steven Hardy in the Heat team and he will migrate heat to use oauth soon.
I think all these projects (solum, mistral and heat) should move to oauth tokens.

Blueprint information

Status:
Complete
Approver:
Adrian Otto
Priority:
Not
Drafter:
Angus Salkeld
Direction:
Approved
Assignee:
Julien Vey
Definition:
Superseded
Series goal:
Declined for juno
Implementation:
Unknown
Milestone target:
milestone icon juno-1
Completed by
Adrian Otto

Related branches

Sprints

Whiteboard

https://review.openstack.org/#/c/81981/
https://review.openstack.org/#/c/80193

https://blueprints.launchpad.net/mistral/+spec/mistral-oauth

Implementation in Keystone client : https://blueprints.launchpad.net/python-keystoneclient/+spec/add-oauth-support

Enable OAuth in Keystone : https://github.com/openstack/keystone/blob/bab63bff9dc4fb94912f1e9b8a7bba8445f34fd5/doc/source/extensions/oauth1.rst

Gerrit topic: https://review.openstack.org/#q,topic:bp/solum-oauth,n,z

Addressed by: https://review.openstack.org/95798
    Configure Keystone to allow OAuth authentication

-------
paulmo: Angus, this is not nearly enough information to analyze the need and the direction we should go. Can you document the needs more specifically and what is missing exactly? Also, I recommend specifying OAuth 1.0a explicitly as OAuth 1.0 has a known vulnerability and OAuth 2.0 is pretty controversial.

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.