Use Keystone Trusts to avoid storing user credentials
Registered by
Rohan
Use keystone trusts to talk to various services (Heat) from tuskar. Stop storing user credential in conf file. Create and use Keystone trusts and store these user credentials like trust_id, trustee_id, roles, trustor_id etc in DB.
- Need db model for user credentials
- Need migration for this db model.
- Need modified keystone client that will use these user credentials from db to create trust tokens whenever tuskar talks to Heat
- Need to create and delete trusts while Creating and deleting Overclouds in tuskar api.
Blueprint information
- Status:
- Not started
- Approver:
- Ladislav Smola
- Priority:
- High
- Drafter:
- Rohan
- Direction:
- Approved
- Assignee:
- Rohan
- Definition:
- Approved
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Bug #1299013: Talking to heat via keystone, not via hardcoded credentials in tuskar.conf | Invalid |
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Adds user_creds table for storing keystone trusts
(?)