edda
commented
5 years ago I don't quite understand what it is that you want here. Can you please elaborate?
Open kayrus opened 5 years ago
edda
commented
5 years ago I don't quite understand what it is that you want here. Can you please elaborate?
kayrus
commented
5 years ago I'm asking for an UI, which will allow customers to manage their OAuth/Application credential accounts.
ruvr
commented
5 years ago I’m not convinced. Making advanced features more accessible to noob users usually leads to an exponential increase in support requests and us in the position of having to make sure it works also for the less skilled users. I'm not sure we currently have the resources and priority for that. Particularly these two feature aren’t really stable (as you can observe due to the lacking documentation upstream and the amount of bugs related to them). Hence I'd prefer to have a 'natural barrier' due to some complexity involved that filters out users that have no clue what they are doing anyway. This position changes once the features have matured and code quality / documentation upstream has increased.
kayrus
commented
5 years ago @ruvr thanks for your feedback. Your comment regarding resources and priority makes sense, but I don't insist on implementing the feature request immediately.
Particularly these two feature aren’t really stable
I haven't found serious bugs related to these auth methods. Basically an overall amount of keystone bugs looks like we should not use the identity service at all. Could you please post links to bugs, that look like a blocker for you?
This position changes once the features have matured and code quality / documentation upstream has increased.
How did you calculate the code maturity? What is your personal opinion on oauth or app-cred maturity level based on the https://wiki.opencog.org/w/Code_Maturity_Guide?
What kind of documentation do you expect? API? User-end?
For me, application credential user-end doc looks fine: https://docs.openstack.org/keystone/queens/user/
OAuth documentation - agree, but as I mentioned above, it looks more complicated comparing to app-cred and I'd omit it.
kayrus
commented
4 years ago /cc @rajivmucheli
kayrus
commented
4 years ago @edda @rajivmucheli ec2 credentials create form would be appreciated as well.
kayrus
commented
2 months ago @edda @hgw77 any plans to add application credential and ec credentials UI?
OAuth and Application Credential are the must have auth methods in the shared environment, where customers need to perform openstack API operations.
Technical user is a good alternative, however, in certain cases, it is an overkill.
I already saw a number of customers, who entered their global passwords in the shared environment. Adding the Oauth and Application Credential support will lower security risks.
I have doubts about the Oauth expediency, since it is not well supported by end user applications.
Application Credential support was added in Openstack CLI v3.15 on Mar 29, 2018 and it is required to perform many steps to install the latest openstack versions, especially in Windows or SLES environment. Customers already have problems installing the latest openstack CLI, therefore UI support would be appreciated.