[openstack-dev] Allow defining a different auth strategy for different service providers.
Chmouel Boudjnah
chmouel at chmouel.com
Wed Aug 1 10:11:03 UTC 2012
Hi everyone,
Some service provider implement a bit differently the keystone auth by using the
extension mechanism.
Historically for RAX we had this kind of hack :
https://github.com/openstack/python-novaclient/blob/master/novaclient/client.py#L297
which obviously is not right to have in the main client and monty has
sent a review to removed it :
https://review.openstack.org/#/c/10497/
I have started implement a plugin mechanism to allow different auth to
be passed and would like to be done in a common way since we will need
that for swiftclient as well.
I have started an implementation example here :
https://github.com/chmouel/python-novaclient/commit/3e4b4d367071ec251355fd5a15367c9028e7acca
And here is an example plugin for RAX 2.0 :
def authenticate(cls):
"""Authenticate against the Rackspace auth service."""
body = {"auth": {
"RAX-KSKEY:apiKeyCredentials": {
"username": cls.user,
"apiKey": cls.password,
"tenantName": cls.projectid}}}
cls._authenticate(cls.auth_url, body)
assuming you have this in a file in your PYTHON_PATH named :
openstack_client_auth_rackspace2_0.py
and connect with :
from novaclient.v1_1 import client
cnx = client.Client("user", "password", "notneeded",
"https://lon.identity.api.rackspacecloud.com/v2.0",
auth_strategy="rackspace2_0")
it would properly auth to RACK2.0 cloud[1].
This would allow for service providers provider providing only this
file for all the clients to use to authenticate.
What do you think?
Regards,
Chmouel.
[1] Obviously this should goes along with a env variable.
More information about the OpenStack-dev
mailing list