[openstack-dev] V3 Authentication for swift store

Coles, Alistair alistair.coles at hp.com
Thu Jun 18 08:39:52 UTC 2015

> -----Original Message-----
> From: Jamie Lennox [mailto:jamielennox at redhat.com]
> Sent: 18 June 2015 07:02
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: [openstack-dev] [glance] V3 Authentication for swift store
> Hey everyone,
> TL;DR: glance_store requires a way to do v3 authentication to the swift
> backend.
> <snip>
> However in future we are trying to open up authentication so it's not limited to
> only user/password authentication. Immediate goals for service to service
> communications are to enable SSL client certificates and kerberos
> authentication. This would be handled by keystoneclient sessions but they are
> not supported by swift and it would require a significant rewrite of swiftclient to
> do, and the swift team has indicated they do not which to invest more time into
> their client.

If we consider specifically the swiftclient Connection class, I wonder how significant a rewrite would be to support session objects? I'm not too familiar with sessions - is a session an object with an interface to fetch a token and service endpoint url? If so maybe Connection could accept a session in lieu of auth options and call the session rather than its get_auth methods.

If we can move towards sessions in swiftclient then that would be good IMHO, since we have also have requirement to support fetching a service token [1], which I guess would (now or in future) also be handled by the session?

[1] https://review.openstack.org/182640


> <snip>

More information about the OpenStack-dev mailing list