Open Stack

> On Nov 27, 2013, at 2:25 PM, "Georgy Okrokvertskhov" <gokrokvertskhov at mirantis.com> wrote:
> 
> Hi,
> 
> I am working on the user-authentication BP implementation. I need to introduce a new configuration option for enable or disable keystone authentication for incoming request. I am looking for a right place for this option.
> 
> The current situation is that we have two places for configuration, one is oslo.config and second one is a pecan configuration. My initial intension was to add all parameters to solum.conf file like it is done for nova. Keystone middleware anyway use oslo.config for keystone connection parameters.
> At the same time there are projects (Ceilometer and Ironic) which have enable_acl parameter as a part of pecan config.  
> 
> From my perspective it is not reasonable to have authentication options in two different places. I would rather use solum.conf for all parameters and limit pecan config usage to pecan specific options.

I agree that we should not require administrators to edit a bunch of config files to get a working solum config. I think config options in solum.conf should override ones et elsewhere.

If auth is already set up for keystone in oslo.config, and no equivalent options are set in solum.conf, then we should use the oslo.config settings. I agree that the pecan config should only be used for pecan specific options.

> I am looking for your input on this. 
> 
> Thanks,
> Georgy
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev