Allow optional domains in generic plugins
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystoneauth |
Fix Released
|
Medium
|
Jamie Lennox |
Bug Description
We have the concept of a generic identity plugin. This will use the v3 API if available otherwise it will fall back to the V2 API. In practice this doesn't really work because there are extra parameters around domains that need to be provided in the v3 situation that aren't accepted in V2. Currenlty if you provide domain information and you can't use v3 then the plugins will error.
The only way that you can actually use the same authentication between V2 and V3 are when the user and project you are authenticating against are in the default domain because these are the only users and projects that v2 has access to.
To make this really generic we should add a way to specify a DEFAULT_DOMAIN to the generic plugins. This would mean that if v3 is available you would use this domain for both the user_domain and project_domain. If only v2 was available you would ignore this parameter because doing v2 authentication is already in the default domain.
This will essentially become something that can be set in a cloud provider's os-cloud-config yaml file (generally with DEFAULT_
Changed in keystoneauth: | |
assignee: | nobody → Jamie Lennox (jamielennox) |
status: | New → In Progress |
Changed in keystoneauth: | |
importance: | Undecided → High |
importance: | High → Medium |
Changed in keystoneauth: | |
milestone: | none → 2.1.0 |
status: | Fix Committed → Fix Released |
Reviewed: https:/ /review. openstack. org/235014 /git.openstack. org/cgit/ openstack/ keystoneauth/ commit/ ?id=03a23be8cc9 1440625f48a62ce ce259bfc03d78b
Committed: https:/
Submitter: Jenkins
Branch: master
commit 03a23be8cc91440 625f48a62cece25 9bfc03d78b
Author: Jamie Lennox <email address hidden>
Date: Thu Oct 15 10:05:16 2015 +1100
Specify default_domain to generic plugin
The generic plugin is supposed to work with both the v2 and v3 APIs.
This doesn't necessarily work because you either need to provide domain
information or not which implies specifying a v2 or v3 preference.
By adding default domain we can allow using v2 or v3 authentication ably. This is something that openstackclient does already.
interchange
Closes-Bug: #1515041 310ffdd73d3501b 6df29a212b9
Change-Id: I8d036a080a09b9