OpenStack Keystone Charm

application_credential method is not enabled in keystone.conf

Bug #1827058 reported by Dmitrii Shcherbakov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Keystone Charm
Fix Released
Undecided
Dmitrii Shcherbakov
OpenStack Keystone Charm 19.04

Bug Description

Application credentials are supported since Queens in Keystone.

https://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/application-credentials.html

As of Rocky there is also dashboard support (enabled by default without additional configuration, checked in a lab):

https://blueprints.launchpad.net/horizon/+spec/application-credentials

Showing a dashboard pane for a disabled auth method does not seem right.

Use-cases:

1) CLI auth method for users that use SAML for UI;
2) a way not to use username and password in resource files (SQL backend, ldap backend);
3) credentials for a subset of user roles;
4) credential expiry and rotation.

https://github.com/openstack/keystone/blob/stable/queens/keystone/auth/plugins/application_credential.py
METHOD_NAME = 'application_credential'

See original description
Tags: cpe-onsite
Dmitrii Shcherbakov (dmitriis)
description: updated
Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :

https://review.opendev.org/#/c/656519

Changed in charm-keystone:
status: New → In Progress
assignee: nobody → Dmitrii Shcherbakov (dmitriis)
Dmitrii Shcherbakov (dmitriis)
description: updated
Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :
Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :
Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :

Subscribed ~field-medium.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-keystone (master)

Reviewed: https://review.opendev.org/656519
Committed: https://git.openstack.org/cgit/openstack/charm-keystone/commit/?id=e580d1acf3486b00b7fc54ded37a0548cb441c1d
Submitter: Zuul
Branch: master

commit e580d1acf3486b00b7fc54ded37a0548cb441c1d
Author: Dmitrii Shcherbakov <email address hidden>
Date: Tue Apr 30 16:50:44 2019 +0300

    Enable application_credential auth plugin

    Enables a client to use application credentials for authentication.

    Change-Id: If6ff4bcabec2f976b79d87d57f4a763e8828c302
    Closes-Bug: #1827058

Changed in charm-keystone:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-keystone (stable/19.04)

Fix proposed to branch: stable/19.04
Review: https://review.opendev.org/656872

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-keystone (stable/19.04)

Reviewed: https://review.opendev.org/656872
Committed: https://git.openstack.org/cgit/openstack/charm-keystone/commit/?id=8ebe36d0ba38a98749aaa1ef3c6b240b60c2fd7b
Submitter: Zuul
Branch: stable/19.04

commit 8ebe36d0ba38a98749aaa1ef3c6b240b60c2fd7b
Author: Dmitrii Shcherbakov <email address hidden>
Date: Tue Apr 30 16:50:44 2019 +0300

    Enable application_credential auth plugin

    Enables a client to use application credentials for authentication.

    Change-Id: If6ff4bcabec2f976b79d87d57f4a763e8828c302
    Closes-Bug: #1827058
    (cherry picked from commit e580d1acf3486b00b7fc54ded37a0548cb441c1d)

Dmitrii Shcherbakov (dmitriis)
Changed in charm-keystone:
status: Fix Committed → Fix Released
milestone: none → 19.04
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.