Nova/AuthManagerSpec
- Launchpad Entry: NovaSpec:finalize-nova-auth
- Created: May 12, 2011
- Contributors: Brian Waldon, Brian Lamar
Summary
OpenStack needs an authentication service which will allow for centralization of authentication credentials. Currently we are investigating Keystone for such a system:
- Author(s): John Eo, Khaled Hussein, Ziad Swahala, and more...
- Version Control: https://github.com/khussein/keystone
User stories
As a deployer of Nova, I want to use Keystone to store authentication credentials.
As a deployer of Nova, I want to use the existing OpenStack authentication credentials.
As a deployer of Nova, I want it to be painless to transition an existing deployment from the existing database into Keystone.
Implementation
Phase 1
{{http://wiki.openstack.org/Nova/AuthManagerSpec?action=AttachFile&do=get&target=auth_phase1.png}}
Description of Phase 1 Items
Steps to Complete Phase 1
- Creation/completion of "OpenStack API Authentication Middlware" (potentially alternatively called "Token Authentication Middleware" in Keystone.
- Creation/completion of "EC2 API Authentication Middleware" in Keystone.
- Creation of "Authentication Migration Middleware" in OpenStack Nova.
- Ensure Keystone is using OpenStack-compatible libraries for it's WSGI/API interface.
Phase 2
Looking ahead to Phase 2, much of the current authentication code in OpenStack will be able to be removed and keystone library calls will replace the existing authentication code.