[openstack-dev] [Keystone] Refactoring Authenticate

Adam Young ayoung at redhat.com
Fri Aug 17 21:47:44 UTC 2012


I've started to attack the mess that is the authenticate code in service.py

https://github.com/admiyo/keystone/commit/fdd7ea535c6a6eb99c8652155e6556cf76e87723


The thing that is clear to me is that most of this code does not belong 
inside service.py, but rather in some shared location. keystone/token 
comes to mind.  There is a note from termie that it maybe belongs in 
middleware as well.

There are two things I'm trying to work out.  One is that the code needs 
to be shared across other calls, most specifically the extensions that , 
as of right now, don't work with PKI tokens (perhaps they don't need 
to?).   The other is the fact that the logic here is really not specific 
to the web, but should instead be considered business logic, agnostic to 
how it is called.

Any objection  to moving this code into keystone/token, and separating 
out web specific functionality from business logic?




More information about the OpenStack-dev mailing list