OpenStack Identity (keystone)

RFE: Extend user API to support federated attributes

Bug #1816076 reported by Lance Bragstad on 2019-02-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Wishlist	Kristi Nikolla

Bug Description

(Original specification and description was proposed as a blueprint by Ron De Rose)

Federated users are no longer ephemeral and are like any other keystone user. Thus, let's extend the user API to support federated attributes.

Tags:

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2019-02-15:

Specification review: https://review.openstack.org/#/c/397410/
Specification doc: http://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/support-federated-attr.html

Changed in keystone:
status:	New → Triaged
importance:	Undecided → Wishlist
status:	Triaged → In Progress
tags:	added: federation

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2019-02-15:

Patches that work towards this initiative:

Require domain_id when registering Identity Providers: https://review.openstack.org/399684
WIP - Set the domain for federated users: https://review.openstack.org/408332
WIP - Add domain_id to the user table: https://review.openstack.org/409874
Make user to nonlocal_user a 1:1 relationship: https://review.openstack.org/409946
WIP add query for unique_id in list_users: https://review.openstack.org/414720
Refactor shadow users tests: https://review.openstack.org/423705
Set the domain for federated users: https://review.openstack.org/423708
https://review.openstack.org/439290
Extend User API to support federated attributes: https://review.openstack.org/426449
Add federated support for get user: https://review.openstack.org/448730
Add federated support for creating a user: https://review.openstack.org/448755

Lance Bragstad (lbragstad) on 2019-02-15

tags:

added: rfe

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-17: Related fix proposed to keystone-specs (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/653492

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-17: Related fix merged to keystone-specs (master)

Reviewed: https://review.opendev.org/653492
Committed: https://git.openstack.org/cgit/openstack/keystone-specs/commit/?id=9ecdbc980231ef6d80ff785c41912f64a3eab2cd
Submitter: Zuul
Branch: master

commit 9ecdbc980231ef6d80ff785c41912f64a3eab2cd
Author: Kristi Nikolla <email address hidden>
Date: Wed Apr 17 13:02:47 2019 -0400

Repropose federated attributes in the user API for Train

    Most of the work for this has already been done, and with the move
    towards predictable IDs, there is a real need for a mechanism
    to prepopulate the users as part of the synchronization process.

https://review.openstack.org/#/c/612099/

Related-Bug: 1816076

Change-Id: I9906a9d76479364134ef21a0cf578ff6d5cf07b9

OpenStack Infra (hudson-openstack) on 2019-08-06

Changed in keystone:
assignee:	nobody → Kristi Nikolla (knikolla)

OpenStack Infra (hudson-openstack) on 2019-08-14

Changed in keystone:
assignee:	Kristi Nikolla (knikolla) → Colleen Murphy (krinkle)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-12-13: Related fix proposed to keystone-specs (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/698950

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-01-28: Related fix merged to keystone-specs (master)

Reviewed: https://review.opendev.org/698950
Committed: https://git.openstack.org/cgit/openstack/keystone-specs/commit/?id=569101e9ab51ccb406a93f0d101c7b4c402e4f18
Submitter: Zuul
Branch: master

commit 569101e9ab51ccb406a93f0d101c7b4c402e4f18
Author: Kristi Nikolla <email address hidden>
Date: Fri Dec 13 11:19:16 2019 -0500

Repropose federated attributes in the user API for Ussuri

Change-Id: I6872b67a254c12056c4484b53a5647618c37916d
Related-Bug: 1816076

OpenStack Infra (hudson-openstack) on 2020-03-11

Changed in keystone:
assignee:	Colleen Murphy (krinkle) → Kristi Nikolla (knikolla)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-07: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/718153

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-10: Fix merged to keystone (master)

Reviewed: https://review.opendev.org/718153
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=d23965aaf1920bd8f3231ef73ab6baa408f34b5d
Submitter: Zuul
Branch: master

commit d23965aaf1920bd8f3231ef73ab6baa408f34b5d
Author: Kristi Nikolla <email address hidden>
Date: Tue Apr 7 11:33:04 2020 -0400

Update api-ref for federated objects in user

Also includes a release note.

Change-Id: I72a5d461488b50f20b59d1288016514a2b8f71e5
Closes-Bug: 1816076

Changed in keystone:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-10:

Reviewed: https://review.opendev.org/448730
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=652f02c8b50e20be3df562099869be3a391335c4
Submitter: Zuul
Branch: master

commit 652f02c8b50e20be3df562099869be3a391335c4
Author: Richard Avelar <email address hidden>
Date: Wed Mar 22 17:57:56 2017 +0000

Add federated support for get user

    This patch adds functionality to get_user that allows it to pull all
    associated federated objects and tack it on to be displayed to the
    user.

Partial-Bug: 1816076
Change-Id: I8d69ef68153d6650652e1081e5e7b9e5e31a3ed1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-10:

#10

Reviewed: https://review.opendev.org/448755
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=1627c28282c832f4fb837e2c445ed74d0ad3c68b
Submitter: Zuul
Branch: master

commit 1627c28282c832f4fb837e2c445ed74d0ad3c68b
Author: Richard Avelar <email address hidden>
Date: Wed Mar 22 18:51:57 2017 +0000

Add federated support for creating a user

    This patch adds functionality to allow an operator to pass in a
    federated attribute when creating a user. When a user is created
    the federated objects in the federated attribute will be created
    and associated along with the user.

Co-Authored-By: Kristi Nikolla <email address hidden>

Partial-Bug: 1816076
Change-Id: I6db03af81099a7509635881f05adf5a7257466a7

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-10:

#11

Reviewed: https://review.opendev.org/448765
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=e723a1c16ebe04c927216a64f1025118f0094df1
Submitter: Zuul
Branch: master

commit e723a1c16ebe04c927216a64f1025118f0094df1
Author: Richard Avelar <email address hidden>
Date: Wed Mar 22 19:49:55 2017 +0000

Add federated support for updating a user

    This patch adds functionality to allow an operator to pass in a
    federated attribute when updating a user. When a user is updated
    the federated objects in the federated attribute will be updated
    and associated along with the user.

Co-Authored-By: Kristi Nikolla <email address hidden>

Partial-Bug: 1816076
Change-Id: I8ee43b437b551858c198320204b768cdba311506

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.