Keystone V3 support


Customers are wondering if we are going to support Keystone V3 as it becomes more prevalent.


Galo Navarro
April 14, 2015, 7:17 AM

Not sure if this affects any of cluster components for now, adding API.

Ryu Ishimoto
June 30, 2015, 6:20 AM

The purpose of this ticket should be to achieve compatibility with keystone v3 and will not be adding new features into our auth system unless we have no choice or easier that way.

This means that the API needs Keystone client for v3 that:

1. Logs in the user to get the token
2. Validates the token

There is a new concept called 'domain' which groups projects and users. This needs to be hashed out a bit more.

Dag Stenstad
January 5, 2016, 11:47 PM

I think I reported this in 2013.

If someone can actually get around to fixing that, that would be nice. Keystone v2 was proposed for deprecated in Openstack Havana (2013.2) the marked as deprecated as of Icehouse (2014.1).

Galo Navarro
January 7, 2016, 1:59 PM

Hi , we have some work done for Keystone v3 in MidoNet v5, I'm not fully sure what's left but it shouldn't be much. Backporting to earlier versions would be doable with a bit of extra work

cc can you confirm what made it in?

can we push this into a sprint soon?

Alex Bikfalvi
January 7, 2016, 2:05 PM

We had a couple of patches submitted back in September, but which are still in review, but may require some cleanup now. The support for the v3 was in progress then, but it wasn't submitted. It shouldn't take long to complete.





Michael Ford


Fix versions