Jump to: navigation, search

Ec2-access-secret

Revision as of 23:29, 17 February 2013 by Ryan Lane (talk | contribs) (Text replace - "__NOTOC__" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Using the EC2 API

This is the full version of https://blueprints.launchpad.net/keystone/+spec/generate-ec2-access-secret

Keystone has an extension that allows the creation and use of access/secret pairs for a user/tenant pair. In diablo the creation could only occur on the CLI via keystone-manage commands: 


keystone-manage credentials add $user EC2 $access $secret $tenant


This requires the operators (with ssh access to keystone) to create the access/secret for each user/tenant pair. For essex we need to allow users to access and create their access/secret pairs.

The proposal is adding an extension to keystone to:

  • create a secret/access pair that is scoped to the current token scoping (tenant/user)
  • list access/secret for a given user (limited to the token scope - if unscoped token all pairs, if scoped to a tenant only pairs
  • delete a secret/access pair

Additionally admin users should be able to list and delete access/secrets for a specific user/tenant.

This is to support https://blueprints.launchpad.net/horizon/+spec/ec2-credentials-download

Retrieved from "https://wiki.openstack.org/w/index.php?title=Ec2-access-secret&oldid=16847"