[openstack-dev] [tc][appcat] The future of the App Catalog

Fox, Kevin M Kevin.Fox at pnnl.gov
Wed Mar 15 18:55:29 UTC 2017

I think they are. If they are not, things will break if federation is used for sure. If you know that it is please let me know. I want to deploy federation at some point but was waiting for dashboard support. Now that the dashboard supports it, I may try it soon. Its a no-go still though if heat doesn't work with it.

From: Jay Pipes [jaypipes at gmail.com]
Sent: Wednesday, March 15, 2017 11:41 AM
To: openstack-dev at lists.openstack.org
Subject: Re: [openstack-dev] [tc][appcat] The future of the App Catalog

On 03/15/2017 01:21 PM, Fox, Kevin M wrote:
> Other OpenStack subsystems (such as Heat) handle this with Trusts. A service account is made in a different, usually SQL backed Keystone Domain and a trust is created associating the service account with the User.
> This mostly works but does give the trusted account a lot of power, as the roles by default in OpenStack are pretty coarse grained. That should be solvable though.

I didn't think Keystone trusts and Keystone federation were compatible
with each other, though? Did that change recently?


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe

More information about the OpenStack-dev mailing list