Loading...

XML

Word

Printable

Type: Epic
Resolution: Done
Priority: Major
Fix Version/s: rhos-17.1.4
Affects Version/s: rhos-17.1.0
Component/s: openstack-keystone
Labels:
None

Epic Name:
[RFE] extend keystone-manage to support replicated fernet tokens
Story Points:
3
Blocked:
False
Ready:
False
Parent Link:
OSPRH-4833Keystone Improvement
Commitment:
Targeted
Dev Approval:
Committed
Docs Approval:
No Docs Impact
Epic Status:
To Do
Feature Link:
OSPRH-4833 - Keystone Improvement
PM Approval:
Committed
QE Approval:
Committed
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done
Intelligence Requested:
Market:

Original story points:
3

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

The ask is to extend keystone-manage to allow generation of users and projects passing fixed UUIDs. With same UUIDs in different keystones, you can replicate (rsync) fernet tokens between sites and use the same tokens in multiple sites.

Something like this:

# keystone-manage project_setup -project-name projectA
--project-id f9632636-ea8a-4698-a36c-66011541fdf1
--metadata ‘{“foo”: “bar”}’
# keystone-manage user_setup --user-name userA --user-password-plain hoge
--user-id 8eab1f40-ae9c-43b7-b921-0422717a8893
--default-project-name projectA
--metadata ‘{“foo”: “bar”}’

This way there is no API impact, no DB impact and no main code impact.
Easy to backport.
`keystone-manage bootstrap` uses similar way to generate admin user/project.

Assignee:: Dave Wilde

Reporter:: JP Jung

Team:: rhos-dfg-security

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2023/05/03 1:19 PM

Updated:: 2024/11/12 7:00 PM

Resolved:: 2024/11/12 7:00 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty