This is an API change which requires a spec. Closing as Opinion, because
we aren't tracking feature requests here.
** Tags removed: low-hanging-fruit
** Changed in: nova
Status: Confirmed => Opinion
** Changed in: nova
Assignee: Eli Qiao (taget-9) => (unassigned)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1450454
Title:
Allow admin to upload SSH keypair on behalf of an user
Status in OpenStack Compute (nova):
Opinion
Bug description:
I am setting up OpenStack instance configuration in Ansible manifest,
so in case of a failure, I can rebuild the instance. We have a lot of
users and we have central storage of their ssh keys.
I can upload the SSH keys at early hours of OpenStack instance by:
nova --os-username USER1 --os-password USER1_PASSWORD --os-tenant-name FOO
keypair-add --pub-key user1.pub user1
However this require that we track the password we initially set and I could
not do that once user changes his password (and I do not know the password).
I can then do:
nova --os-username ADMIN --os-password ADMIN_PASSWORD --os-tenant-name FOO
keypair-add --pub-key user1.pub user1
but then user1 does not see this keypair and is unable to manage his own key.
It would be nice if admin user can upload and delete ssh key on behalf
of user. I.e. admin uploads ssh key for user and that user can
see/delete that ssh key.
This way when user alter his ssh key on central repository, we can
sync it to OpenStack. It will tighten security because we would not
need to track users initial passwords separetely. And lower need of
human assistance when reprovision whole OpenStack infrastructure.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1450454/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
