Add support for authentication using keystone v3 API

Registered by Alistair Coles on 2014-05-06

Authentication using Keystone v3 API requires some changes to swift keystoneauth middleware and python-swiftclient.

Python-swiftclient will need to handle additional options to specify domain membership of users and tenants/project.

Keystoneauth needs to handle cross container ACLs differently given that usernames are not globally unique with keystone v3.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Alistair Coles
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
Accepted for juno
Implementation:
Implemented
Milestone target:
milestone icon 2.2.0
Started by
John Dickinson on 2014-10-14
Completed by
John Dickinson on 2014-10-14

Related branches

Sprints

Whiteboard

Wiki page with notes on handling container ACLs with v3 domains https://wiki.openstack.org/wiki/Swift/ContainerACLWithKeystoneV3

Add keystone v3 auth support to python-swiftclient:
https://review.openstack.org/#/c/91788

Gerrit topic: https://review.openstack.org/#q,topic:bp/keystone-v3-support,n,z

Addressed by: https://review.openstack.org/86430
    Restrict keystone cross-tenant ACLs to IDs

Addressed by: https://review.openstack.org/121481
    Update documentation for using keystone auth

Addressed by: https://review.openstack.org/121423
    Fix internal link to keystoneauth in documentation

Gerrit topic: https://review.openstack.org/#q,topic:bug/1369583,n,z

Addressed by: https://review.openstack.org/122541
    Merge master to feature/ec

Gerrit topic: https://review.openstack.org/#q,topic:bug/1367826,n,z

Addressed by: https://review.openstack.org/124503
    Merge master to feature/ec

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.