Difference between revisions of "Nova/AuthManagerSpec"
Line 20: | Line 20: | ||
=== Code Changes === | === Code Changes === | ||
− | We will | + | We will refactor [[AuthManager]] in Nova to support pluggable drivers, similar to our virtualization drivers. We will have to move the existing code into a "local db" driver, while implementing a second Keystone driver. This approach will help minimize code changes across the project. |
=== Migration === | === Migration === |
Revision as of 18:49, 12 May 2011
- Launchpad Entry: NovaSpec:finalize-nova-auth
- Created: May 12, 2011
- Contributors: Brian Waldon, Brian Lamar
Summary
Currently, the AuthManager simply utilizes the database to store all authn/authz information. We want Nova users to be able to choose an authentication & authorization system that works best for them. Right now, we are only planning on adding support for Keystone.
User stories
As a deployer of Nova, I want to use Keystone as my authn/authz backend.
As a deployer of Nova, I want to use the existing authn/authz backend.
As a deployer of Nova, I want it to be painless to transition an existing deployment from the existing database into Keystone.
Implementation
Code Changes
We will refactor AuthManager in Nova to support pluggable drivers, similar to our virtualization drivers. We will have to move the existing code into a "local db" driver, while implementing a second Keystone driver. This approach will help minimize code changes across the project.
Migration
We plan to design a set of scripts that will assist in data migrations between local and Keystone drivers.