19 February 2024

Major upgrade to the identity (Keystone) service.

Application Credentials

The upgrade adds Application Credentials to the identity service. The new feature allows customers to create secrets to allow applications to authentication against Catalyst Cloud with a subset of roles and an optional expiry time.

For more details see Application Credentials

Identity v2 API Deprecation

The identity v2 API has been removed beginning from the date of this release. Only the v3 API is available after this date.

Customers using an openrc file should download the latest version from the dashboard.

Client applications currently configured to use the v2 API will need to be reconfigured to authenticate with Catalyst Cloud as follows:

  1. Remove /v2.0 from any authentication URLs.

    • For example https://api.cloud.catalyst.net.nz:5000/v2.0 should be changed to https://api.cloud.catalyst.net.nz:5000/.

  2. When providing a user name or project name when authenticating then the user domain and project domain must also be provided:

    • User domain name: Default.

    • User domain ID: default.

    Note that when using the user ID and project ID for authenticating then the domain is not required.

  3. Confirm that client applications are authenticating against the Identity V3 API.

    If it is possible to inspect HTTP requests made from the application then the application should be seen to be requesting an auth token from the v3 endpoint, e.g. https://api.cloud.catalyst.net.nz:5000/v3/auth/tokens.

More information on using the identity v3 API can be found in the Keystone documentation.

Customers requiring assistance in migrating to the v3 API, or who are wishing to confirm their account is no longer using the v2 API should raise a support ticket via the dashboard.