I've made an attempt at mapping out exactly how Neutron Advanced Services will communicate with Barbican to retrieve Certificate/Key info for TLS purposes. These diagrams have gone through several revisions, but are still an early draft of the interactions: http://imgur.com/a/4u6Oz
Note that these diagrams use Neutron-LBaaS as the example use-case, but the flow would be essentially the same for any service (FWaaS, VPNaaS, etc). The code that handles this will be in neutron/common/ so that it can be used by any extension. There is a WIP CR here (though right now it doesn't look anything like the final version, including very badly named and organized functions): https://review.openstack.org/#/c/123492/ Hopefully this is not a new concept, as I believe we agreed during the Atlanta summit that using Barbican to store TLS cert/key data was the appropriate path forward for Neutron (and other OpenStack projects). I assume there may be other teams investigating very similar integration schemes as well, so if anyone has comments or suggestions, I'd love to hear them. Thanks, --Adam Harwell https://keybase.io/rm_you
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev