gistfile1.txt

Since I won't be able to attend today's meeting:

The work for Signed tokens is well under way.  I've submitted patches for PKI tokens,  but they will never get through Jenkins.  As such,  I just submitted

https://review.openstack.org/#/c/8932/


Which can be used to generate the keys and certs required.

Once this is in,  we will need a change to CI in order to call this code prior to running the integration tests.

The PKI signed tokens will need to be updated with some of the changes from that ticket.  I am going to split the main patch into two parts.  The first wil  just be the token generation,  without the changes to the auth_token middleware.  The second will be the changes to the auth_token middleware.  This should A)  make it easier to review, and B)  make people somewhat more comfortable the the changes are backwards compatible.

So here are the order of the changes that need to go in:


1.  Change to keystone-manage to Generate keys/certs
2.  Change to CI to call changes from 1
3.  Use PKI to generate token
4.  Change auth_token to use PKI

I'll hold of on resubmitting PKI https://review.openstack.org/#/c/7754/  until the CI change goes through, as it will never pass Jenkins.  It will also require a few minor changes in the config,  based on changes that went into https://review.openstack.org/#/c/8932/  namely,  the changes to config.py will be removed.

I will also attempt to put some unit tests in that are PKI specific.  However,  the PKI code gets completely exercised by the existing set of unit tests.