Nova/AuthManagerSpec
- Launchpad Entry: NovaSpec: finalize-nova-auth
- Created: May 12, 2011
- Contributors: Brian Waldon, Brian Lamar
Summary
Currently, the AuthManager simply utilizes the database to store all authn/authz information. We want Nova users to be able to choose an authentication & authorization system that works best for them. Right now, we are only planning on adding support for Keystone.
User stories
As a deployer of Nova, I want to use Keystone as my authn/authz backend.
As a deployer of Nova, I want to use the existing authn/authz backend.
As a deployer of Nova, I want it to be painless to transition an existing deployment from the existing database into Keystone.
Implementation
Code Changes
This approach will help minimize code changes across the project. We need to refactor AuthManager in Nova to support pluggable drivers, similar to our virtualization drivers.
Migration
We plan to design a set of scripts that will assist in data migrations between local and Keystone drivers.