[openstack-dev] [tc][appcat] The future of the App Catalog
Fox, Kevin M
Kevin.Fox at pnnl.gov
Wed Mar 15 18:55:29 UTC 2017
I think they are. If they are not, things will break if federation is used for sure. If you know that it is please let me know. I want to deploy federation at some point but was waiting for dashboard support. Now that the dashboard supports it, I may try it soon. Its a no-go still though if heat doesn't work with it.
Thanks,
Kevin
________________________________________
From: Jay Pipes [jaypipes at gmail.com]
Sent: Wednesday, March 15, 2017 11:41 AM
To: openstack-dev at lists.openstack.org
Subject: Re: [openstack-dev] [tc][appcat] The future of the App Catalog
On 03/15/2017 01:21 PM, Fox, Kevin M wrote:
> Other OpenStack subsystems (such as Heat) handle this with Trusts. A service account is made in a different, usually SQL backed Keystone Domain and a trust is created associating the service account with the User.
>
> This mostly works but does give the trusted account a lot of power, as the roles by default in OpenStack are pretty coarse grained. That should be solvable though.
I didn't think Keystone trusts and Keystone federation were compatible
with each other, though? Did that change recently?
Best,
-jay
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list