openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #21671
Re: Keystone v3 adoption
Hello,
I am sorry but I am still a tad bit confused with this email thread.
As of the Grizzly-3 release:
1. Do Grizzly-3 OpenStack services like Nova accept and validate Keystone V3 tokens (both UUID and PKI) ?
2. Do Grizzly-3 OpenStack services use the Keystone v2.0 APIs or do they use the Keystone v3 APIs?
3. Do the OpenStack services rely upon the keystoneclient? I thought the keystoneclient was a command line interface?
For the Grizzly final release:
1. Will the Grizzly OpenStack services like Nova accept and validate Keystone V3 tokens (both UUID and PKI) ?
2. Will Grizzly OpenStack services use the Keystone v3 APIs?
3. Will Grizzly OpenStack services use/implement new v3 features like "domains" and "groups"?
4. How will the v3 keystoneclient and the v3 openstackclient be used other than as command line interfaces?
Regards,
Mark Miller
From: openstack-bounces+mark.m.miller=hp.com@xxxxxxxxxxxxxxxxxxx [mailto:openstack-bounces+mark.m.miller=hp.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Dolph Mathews
Sent: Thursday, March 07, 2013 9:56 AM
To: Aguiar, Glaucimar (Brazil R&D-ECL); openstack
Subject: Re: [Openstack] Keystone v3 adoption
Yes, exactly. Until keystoneclient.middleware.auth_token is revised, v3 tokens will basically only be useful against keystone.
-Dolph
On Thu, Mar 7, 2013 at 11:52 AM, Aguiar, Glaucimar (Brazil R&D-ECL) <glaucimar.aguiar@xxxxxx<mailto:glaucimar.aguiar@xxxxxx>> wrote:
Hi Dolph,
Thank you very much for your answer. I really appreciate it.
Are you saying then, that I configure nova (for example) to use v3 middleware, I should be able to call nova with a v3 token and this token will get validated?
Glaucimar Aguiar
From: Dolph Mathews [mailto:dolph.mathews@xxxxxxxxx<mailto:dolph.mathews@xxxxxxxxx>]
Sent: quinta-feira, 7 de março de 2013 11:04
To: Aguiar, Glaucimar (Brazil R&D-ECL)
Cc: openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Openstack] Keystone v3 adoption
The v3 API is largely abstracted from other services (horizon being a major exception) using keystoneclient.middleware.auth_token, which is being revised here [1] and here [2].
Because the clients do not necessarily follow the same release schedule as the services, we've obviously been focused on the API and it's server-side implementation. I expect we'll do a v3-compliant release of keystoneclient around the time of grizzly's release. openstackclient (providing CLI exposure) is in the works as well [3].
[1]: https://review.openstack.org/#/c/23401/
[2]: https://review.openstack.org/#/c/21942/
[3]: https://review.openstack.org/#/q/project:openstack/python-openstackclient+status:open,n,z
-Dolph
On Thu, Mar 7, 2013 at 5:30 AM, Aguiar, Glaucimar (Brazil R&D-ECL) <glaucimar.aguiar@xxxxxx<mailto:glaucimar.aguiar@xxxxxx>> wrote:
Hello,
I would like to know the plans for nova, glance, etc to adopt keystone v3 API. Is there an expectation that this happens in Havana timeframe?
I am asking as the it seems the Domains feature is not useful until services are capable of validating a v3 token and move to keystone v3 API.
Thanks in advance,
Glaucimar Aguiar
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Follow ups
References