openstack team mailing list archive

["Miller, Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.miller@xxxxxx>]

Hello,

I am sorry but I am still a tad bit confused with this email thread.

As of the Grizzly-3 release:


1.       Do Grizzly-3 OpenStack services  like Nova accept and validate Keystone V3 tokens (both UUID and PKI) ?

2.       Do Grizzly-3 OpenStack services use the Keystone v2.0 APIs or do they use the Keystone v3 APIs?

3.       Do the OpenStack services rely upon the keystoneclient? I thought the keystoneclient was a command line interface?

For the Grizzly final release:


1.       Will the Grizzly OpenStack services  like Nova accept and validate Keystone V3 tokens (both UUID and PKI) ?

2.       Will Grizzly OpenStack services use the Keystone v3 APIs?

3.       Will Grizzly OpenStack services use/implement new v3 features like "domains" and "groups"?

4.       How will the v3 keystoneclient and the v3 openstackclient be used other than as command line interfaces?

Regards,

Mark Miller


From: openstack-bounces+mark.m.miller=hp.com@xxxxxxxxxxxxxxxxxxx [mailto:openstack-bounces+mark.m.miller=hp.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Dolph Mathews
Sent: Thursday, March 07, 2013 9:56 AM
To: Aguiar, Glaucimar (Brazil R&D-ECL); openstack
Subject: Re: [Openstack] Keystone v3 adoption

Yes, exactly. Until keystoneclient.middleware.auth_token is revised, v3 tokens will basically only be useful against keystone.


-Dolph

On Thu, Mar 7, 2013 at 11:52 AM, Aguiar, Glaucimar (Brazil R&D-ECL) <glaucimar.aguiar@xxxxxx<mailto:glaucimar.aguiar@xxxxxx>> wrote:
Hi Dolph,

Thank you very much for your answer. I really appreciate it.

Are you saying then, that I configure nova (for example) to use v3 middleware, I should be able to call nova with a v3 token and this token will get validated?

Glaucimar Aguiar


From: Dolph Mathews [mailto:dolph.mathews@xxxxxxxxx<mailto:dolph.mathews@xxxxxxxxx>]
Sent: quinta-feira, 7 de março de 2013 11:04
To: Aguiar, Glaucimar (Brazil R&D-ECL)
Cc: openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Openstack] Keystone v3 adoption

The v3 API is largely abstracted from other services (horizon being a major exception) using keystoneclient.middleware.auth_token, which is being revised here [1] and here [2].

Because the clients do not necessarily follow the same release schedule as the services, we've obviously been focused on the API and it's server-side implementation. I expect we'll do a v3-compliant release of keystoneclient around the time of grizzly's release. openstackclient (providing CLI exposure) is in the works as well [3].

[1]: https://review.openstack.org/#/c/23401/
[2]: https://review.openstack.org/#/c/21942/
[3]: https://review.openstack.org/#/q/project:openstack/python-openstackclient+status:open,n,z


-Dolph

On Thu, Mar 7, 2013 at 5:30 AM, Aguiar, Glaucimar (Brazil R&D-ECL) <glaucimar.aguiar@xxxxxx<mailto:glaucimar.aguiar@xxxxxx>> wrote:
Hello,

I would like to know the plans for nova, glance, etc to adopt keystone v3 API. Is there an expectation that this happens in Havana timeframe?

I am asking as the it seems the Domains feature is not useful until services are capable of validating a v3 token and move to keystone v3 API.

Thanks in advance,

Glaucimar Aguiar



_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp