[openstack-dev] [Keystone][Horizon] User self registration and management
Adrian Turjak
adriant at catalyst.net.nz
Wed Jan 14 05:06:29 UTC 2015
Hello openstack-dev,
I'm wondering if there is any interest or need for an open-source user
registration and management service for people using OpenStack.
We're currently at a point where we need a way for users to sign up
themselves, choose their own password, and request new users to be added
to their project. There doesn't seem to be anything out there, and most
vendors seem to have built their own systems to handle this or even
their own dashboard systems that do.
Horizon is built around the client tools, and your own personal token,
so it can't handle creating new users. Plus Keystone doesn't really have
any good way of handling temporary (unapproved) users and projects.
The suggested approach seems to be to build a service to sit along
Keystone, have it's own admin creds so it can create new users, and also
store temp user data locally until the user is approved.
Unless we can find a suitable solution for us quickly, we're likely to
be developing such a service. It would ideally have a pluggable approval
workflow, allowing new user requests, new project requests, creation of
clients in external client database/ERP systems. Plus it would have a
password reset-token system for having new users supply their password
once they are approved, which would also allow existing users to request
password resets.
Part of our requirements are easy to integrate into Horizon, fitting
neatly into the OpenStack ecosystem along other services, and being easy
to update/alter once we have hierarchical multi-tenancy and if it makes
some things easier.
I've written up a proposal to help us define our requirements, and a
copy of that is attached, and on etherpad:
https://etherpad.openstack.org/p/User_Management_Service
Plus I've attached a couple of diagrams, which are sadly not UML, but
should give you some idea of two of the primary use cases.
Is this useful to anyone? Is this entirely the wrong approach? If it is
a useful service is there any interest in collaboration?
Thanks for any feedback.
Cheers,
-Adrian Turjak
-------------- next part --------------
A non-text attachment was scrubbed...
Name: add_user.png
Type: image/png
Size: 99436 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150114/c5afb649/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: new_project.png
Type: image/png
Size: 117499 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150114/c5afb649/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: User_Management_Service.odt
Type: application/vnd.oasis.opendocument.text
Size: 67243 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150114/c5afb649/attachment-0001.odt>
More information about the OpenStack-dev
mailing list
