Difference between revisions of "Nova/AuthManagerSpec"
< Nova
| Line 24: | Line 24: | ||
{{http://wiki.openstack.org/Nova/AuthManagerSpec?action=[[AttachFile]]&do=get&target=auth_phase1.png}} | {{http://wiki.openstack.org/Nova/AuthManagerSpec?action=[[AttachFile]]&do=get&target=auth_phase1.png}} | ||
| + | |||
| + | ==== Description of Phase 1 Items ==== | ||
=== Steps to Complete Phase 1 === | === Steps to Complete Phase 1 === | ||
| Line 35: | Line 37: | ||
Looking ahead to Phase 2, much of the current authentication code in [[OpenStack]] will be able to be removed and keystone library calls will replace the existing authentication code. | Looking ahead to Phase 2, much of the current authentication code in [[OpenStack]] will be able to be removed and keystone library calls will replace the existing authentication code. | ||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 19:22, 13 May 2011
- Launchpad Entry: NovaSpec:finalize-nova-auth
- Created: May 12, 2011
- Contributors: Brian Waldon, Brian Lamar
Summary
OpenStack needs an authentication service which will allow for centralization of authentication credentials. Currently we are investigating Keystone for such a system:
- Author(s): John Eo, Khaled Hussein, Ziad Swahala, and more...
- Version Control: https://github.com/khussein/keystone
User stories
As a deployer of Nova, I want to use Keystone to store authentication credentials.
As a deployer of Nova, I want to use the existing OpenStack authentication credentials.
As a deployer of Nova, I want it to be painless to transition an existing deployment from the existing database into Keystone.
Implementation
Phase 1
{{http://wiki.openstack.org/Nova/AuthManagerSpec?action=AttachFile&do=get&target=auth_phase1.png}}
Description of Phase 1 Items
Steps to Complete Phase 1
- Creation/completion of "OpenStack API Authentication Middlware" (potentially alternatively called "Token Authentication Middleware" in Keystone.
- Creation/completion of "EC2 API Authentication Middleware" in Keystone.
- Creation of "Authentication Migration Middleware" in OpenStack Nova.
- Ensure Keystone is using OpenStack-compatible libraries for it's WSGI/API interface.
Phase 2
Looking ahead to Phase 2, much of the current authentication code in OpenStack will be able to be removed and keystone library calls will replace the existing authentication code.
