We have the concept of a generic identity plugin. This will use the v3 API if available otherwise it will fall back to the V2 API. In practice this doesn't really work because there are extra parameters around domains that need to be provided in the v3 situation that aren't accepted in V2. Currenlty if you provide domain information and you can't use v3 then the plugins will error.
The only way that you can actually use the same authentication between V2 and V3 are when the user and project you are authenticating against are in the default domain because these are the only users and projects that v2 has access to.
To make this really generic we should add a way to specify a DEFAULT_DOMAIN to the generic plugins. This would mean that if v3 is available you would use this domain for both the user_domain and project_domain. If only v2 was available you would ignore this parameter because doing v2 authentication is already in the default domain.
This will essentially become something that can be set in a cloud provider's os-cloud-config yaml file (generally with DEFAULT_DOMAIN_ID=default) and it will hide some of the problems of transitioning to v3 authentication.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit 03a23be8cc91440
Author: Jamie Lennox <email address hidden>
Date: Thu Oct 15 10:05:16 2015 +1100
Specify default_domain to generic plugin
The generic plugin is supposed to work with both the v2 and v3 APIs.
This doesn't necessarily work because you either need to provide domain
information or not which implies specifying a v2 or v3 preference.
By adding default domain we can allow using v2 or v3 authentication
interchange
Closes-Bug: #1515041
Change-Id: I8d036a080a09b9