Jump to: navigation, search

Nova/AuthManagerSpec

< Nova
Revision as of 18:49, 12 May 2011 by Brian (talk)
  • Launchpad Entry: NovaSpec:finalize-nova-auth
  • Created: May 12, 2011
  • Contributors: Brian Waldon, Brian Lamar

Summary

Currently, the AuthManager simply utilizes the database to store all authn/authz information. We want Nova users to be able to choose an authentication & authorization system that works best for them. Right now, we are only planning on adding support for Keystone.

User stories

As a deployer of Nova, I want to use Keystone as my authn/authz backend.

As a deployer of Nova, I want to use the existing authn/authz backend.

As a deployer of Nova, I want it to be painless to transition an existing deployment from the existing database into Keystone.

Implementation

Code Changes

We will refactor AuthManager in Nova to support pluggable drivers, similar to our virtualization drivers. We will have to move the existing code into a "local db" driver, while implementing a second Keystone driver. This approach will help minimize code changes across the project.

Migration

We plan to design a set of scripts that will assist in data migrations between local and Keystone drivers.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Nova/AuthManagerSpec&oldid=4332"