[openstack-dev] [sahara] keystone session upgrade
msm at redhat.com
Thu Jul 16 20:31:10 UTC 2015
i've been researching, and coding, about how to upgrade sahara to use
keystone sessions for authentication instead of our current method. i'm
running into some issues that i believe might make the current proposed
one issue i'm running into is the nature of how we change the context to
the admin user at some points, and in general how we change information
in the context as we pass it around. this creates some issues with the
currently proposed spec.
i think we might be better served by taking an approach where the
context will hold the an auth plugin object. which would be populated
from the keystonemiddleware for user requests and could be changed to
the admin when necessary.
in this manner we would create sessions as necessary for each client,
and then associate the auth plugin object with the session as we create
the clients. this would also allow us to drop the session cache from the
context, and we would still be able to have specific sessions for
clients that require unique options (for example certs).
i'm curious if anyone has thoughts on this matter?
i will also likely be rewriting the spec to encompass these changes if i
can get them working locally.
More information about the OpenStack-dev