Bug 1042204 - [RFE][heat]: OAuth credentials resource
Summary: [RFE][heat]: OAuth credentials resource
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: RFEs
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact:
URL: https://blueprints.launchpad.net/heat...
Whiteboard: upstream_milestone_next upstream_stat...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-12 21:21 UTC by RHOS Integration
Modified: 2015-03-19 17:16 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-19 17:16:46 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-12 21:21:53 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/heat/+spec/oauth-credentials-resource.

Description:

To be able to delegate access to instances or other services in Heat would be interesting. One first step  would be a OS::Keystone::OAuthCredentials resources, that instances could use to request a token when needed.

We need to create:
 * Create a consumer using Heat service user credentials. It could be global, per stack or per resource.
 * Create a request token for the consumer per resource.
 * Authorize the request token using the user credentials.
 * Create the access token.

The key and the secret of the access token are then required to retrieve a regular keystone token by other resources. They need to be exposed as attributes. Roles can be taken as inputs, with the user role as default.

it depends on https://blueprints.launchpad.net/python-keystoneclient/+spec/add-oauth-support for keystone-client support.

Specification URL (additional information):

None
Note You need to log in before you can comment on or make changes to this bug.