Add support for oauth (new in keystone)
solum wants to use mistral, we also want to drive heat stack create/updates from a task.
all three projects use trusts and this suffers from non-existant chained trust feature in keystone.
a better solution is oauth which has landed in keystone and does not suffer from this issue.
I have spoken to Steven Hardy in the Heat team and he will migrate heat to use oauth soon.
I think all these projects (solum, mistral and heat) should move to oauth tokens.
Blueprint information
- Status:
- Complete
- Approver:
- Adrian Otto
- Priority:
- Not
- Drafter:
- Angus Salkeld
- Direction:
- Approved
- Assignee:
- Julien Vey
- Definition:
- Superseded
- Series goal:
- Declined for juno
- Implementation:
- Unknown
- Milestone target:
- juno-1
- Started by
- Completed by
- Adrian Otto
Related branches
Related bugs
Sprints
Whiteboard
https:/
https:/
https:/
Implementation in Keystone client : https:/
Enable OAuth in Keystone : https:/
Gerrit topic: https:/
Addressed by: https:/
Configure Keystone to allow OAuth authentication
-------
paulmo: Angus, this is not nearly enough information to analyze the need and the direction we should go. Can you document the needs more specifically and what is missing exactly? Also, I recommend specifying OAuth 1.0a explicitly as OAuth 1.0 has a known vulnerability and OAuth 2.0 is pretty controversial.