[openstack-dev] [OpenStack-dev][heat][keystone][security sig][all] SSL option for keystone session

Rico Lin rico.lin.guanyu at gmail.com
Mon Aug 6 04:46:55 UTC 2018


Hi all
I would like to trigger a discussion on providing directly SSL content for
KeyStone session. Since all team using SSL, I believe this maybe concerns
to other projects as well.

As we consider to implement customize SSL option for Heat remote stack [3]
(and multicloud support [1]), I'm trying to figure out what is the best
solution for this. Current SSL option in KeyStone session didn't allow us
to provide directly CERT/Key string, instead only allow us to provide
CERT/Key file path. Which is actually a limitation of python with the
version less than 3.7 ([2]). As we not gonna easily get ride of previous
python versions, we try to figure out what is the best solution we can
approach here.

Some way, we can think about, like using pipeline, or create a file,
encrypted it and send the file path out to KeyStone session.

Would like to hear more from all for any advice or suggestion on how can we
approach this.

[1] https://etherpad.openstack.org/p/ptg-rocky-multi-cloud
[2] https://www.python.org/dev/peps/pep-0543/
[3] https://review.openstack.org/#/c/480923/
 --
May The Force of OpenStack Be With You,

*Rico Lin*irc: ricolin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180806/6de4eb25/attachment.html>


More information about the OpenStack-dev mailing list