Make Plugins more customizable
The keystoneclient plugin system is working really well, however i have come across some plugins that cannot be implemented with the specified plugin interface.
Primarily in auth_token middleware i want to write a plugin that controls the use of 'X-Subject-Token' and the message id on behalf of the service. There is no way for me to set any headers from the plugin other than X-Auth-Token.
Additionally I want to be able to authenticate always with a client certificate. If the client certificate is present there really is no need for the X-Auth-Token header, however the plugin must be able to access the connection parameters of the message. At the moment neither of these things is possible as a message without an X-Auth-Token is considered unauthenticated and the plugin cannot specify connection parameters.
Keeping with the existing plugin layout i propose to add 2 new functions to a plugin:
- get_headers will replace get_token and will return a dictionary of things to add to the headers of a message. This will have to be done in a way that is still compatible with plugins that only implement get_token, however it will override get_token as the 'X-Auth-Token' header is just one element of the dictionary.
- get_connection_
No-Spec approval: http://
Blueprint information
- Status:
- Started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Jamie Lennox
- Direction:
- Approved
- Assignee:
- Jamie Lennox
- Definition:
- Approved
- Series goal:
- Accepted for liberty
- Implementation:
-
Needs Code Review
- Milestone target:
- None
- Started by
- Jamie Lennox
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add get_headers interface to authentication plugins
Addressed by: https:/
Add get_communicati
Addressed by: https:/
Fix auth required message translation
Gerrit topic: https:/
Addressed by: https:/
Merge remote-tracking branch 'gerrit/master' into merge
