Use Keystone Trusts to authenticate instead of hardcoding values in configuration files

Registered by Pranav Salunke on 2014-04-19

Use keystone trusts to talk to various services (Nova) from trove. Stop storing user credential in conf file. Create and use Keystone trusts and store these user credentials like trust_id, trustee_id, roles, trustor_id etc in DB.

- Need db model for user credentials
- Need migration for this db model.
- Need modified keystone client that will use these user credentials from db to create trust tokens whenever trove talks to Nova
- Need to create and delete trusts while trove-agents are in action.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Pranav Salunke
Direction:
Needs approval
Assignee:
Pranav Salunke
Definition:
Discussion
Series goal:
Accepted for future
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

There were concerns around whether keystone trusts is fully functional yet, and what was the direction other OpenStack projects are taking regarding this. We had a vote at the weekly BP meeting on 6/2/2014, and the unanimous result was to wait and watch, for now.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.