move the auth_token middleware to the keystoneclient repository
Per discussion here: http://
and here: http://
auth_token needs to be a package separate from keystone, and keystoneclient looks to be a good repository to place it into.
Blueprint information
- Status:
- Complete
- Approver:
- Joseph Heck
- Priority:
- High
- Drafter:
- Joseph Heck
- Direction:
- Approved
- Assignee:
- Henry Nash
- Definition:
- Approved
- Series goal:
- Accepted for grizzly
- Implementation:
- Implemented
- Milestone target:
- 2013.1
- Started by
- Henry Nash
- Completed by
- Joseph Heck
Related branches
Related bugs
Bug #1036847: auth_token middleware has too much state | Invalid |
Bug #1039567: auth_token middleware should be stand alone | Fix Released |
Sprints
Whiteboard
So here's the High Level plan for fixing this:
1) Move auth_token from keystone to keystone client, so that other projects only need to have access to the client modules, not the server itself
2) Change the various paste files to find this in the new location.
3) Do the above in a sequence that doesn't break anything
Detail of the changes:
Unfortunately, auth_token has grown some roots in the keystone server that we need to cut, namely:
- It references some keystone.
- It also references cms, utils (and indirectly logging) from keystone.common. Now for utils, the only thing that is referenced is hash_signed_token - and nobody else in the server uses this. So I propose we move this function to keystoneclient.
Note from OpenStack Meeting (11/13) - request to please import auth_token in keystone from keystoneclient for backwards compatibility
Gerrit topic: https:/
Addressed by: https:/
Import keystoneclient auth_token back to keystone for backward compatibility
Work Items
Work items:
a) Update keystone client with the addition of newly required openstack.common items : DONE
b) Duplicate hash_signed_token to keystone.
c) Duplicate auth_token and cms to keystoneclient.
d) bcwaldon requested that we import auth_token from keystoneclient into where it exists today in keystone to maintain backwards compatibility through the next release : DONE
e) Change devstack and the paste files in the other projects to point keystoneclient rather than keystone for the authorization code : TODO
f) Retire the keystone version of auth_token that imports from the client at some future release : POSTPONED