Auth Context Objects

Registered by Jamie Lennox on 2015-02-09

We are currently in a weird spot amongst all the services where they each parse the headers provided by keystonemiddleware and construct customized context objects. These are what are serialized and passed between servers.

With the push towards authentication plugins we are passing down a 'ready to use' plugin that we want the services to consume when talking to each other. This plugin should also be passed around between objects - and given that it knows everything that came from auth_token middleare can essentially be a replacement for the standard features of these context objects.

To do that we will need:
 - A way to make the authentication plugins serializable and passed between services.
 - To add accessors for all the data related to the user's token and the service's token - rather than use the headers.
 - Integration with oslo.context that is capable of using our auth plugin as the basis for it's data.
 - Integration with oslo.policy because this object will contain everything policy needs to enforce it's rules without the custom glue code that is currently used.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Jamie Lennox
Direction:
Needs approval
Assignee:
Jamie Lennox
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:context,n,z

Addressed by: https://review.openstack.org/137268
    Turn our auth plugin into a token interface

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.