Open Stack

hi all,

i've been researching, and coding, about how to upgrade sahara to use 
keystone sessions for authentication instead of our current method. i'm 
running into some issues that i believe might make the current proposed 
approach[1] unfeasible.

one issue i'm running into is the nature of how we change the context to 
the admin user at some points, and in general how we change information 
in the context as we pass it around. this creates some issues with the 
currently proposed spec.

i think we might be better served by taking an approach where the 
context will hold the an auth plugin object. which would be populated 
from the keystonemiddleware for user requests and could be changed to 
the admin when necessary.

in this manner we would create sessions as necessary for each client, 
and then associate the auth plugin object with the session as we create 
the clients. this would also allow us to drop the session cache from the 
context, and we would still be able to have specific sessions for 
clients that require unique options (for example certs).

i'm curious if anyone has thoughts on this matter?

i will also likely be rewriting the spec to encompass these changes if i 
can get them working locally.

thanks,
mike

[1]: https://review.openstack.org/#/c/197743/