<div dir="ltr">That makes sense. Shouldn't we wait for something to require it before adding it though?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Jul 19, 2014 at 11:41 PM, joehuang <span dir="ltr"><<a href="mailto:joehuang@huawei.com" target="_blank">joehuang@huawei.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div>

<div style="direction:ltr;font-family:Tahoma;color:#000000;font-size:10pt">

<p>Hello, Kevin</p>

<p> </p>

<p>The leakage risk may be one of the design purpose. But  Nova/Cinder has already stored the token into the context, because Nova needs to access Neutron.Cinder.Glance, And Cinder interact with Glance....</p>

<p> </p>

<p>For Neutron, I think why the token has not been passed to the context, is because that Neutron only reactively provide service (exactly PORT ) to Nova currently, so Neutron has not call other services' API by using the token.

</p>

<p> </p>

<p>If the underlying agent or plugin wants to use the token, then the requirement will be asked by somebody.</p>

<p> </p>

<p>BR</p>

<p> </p>

<p>Joe</p>

<p> </p>

<div style="FONT-FAMILY:Times New Roman;COLOR:#000000;FONT-SIZE:16px">

<hr>

<div style="DIRECTION:ltr"><font color="#000000" face="Tahoma"><b>发件人:</b> Kevin Benton [<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>]<br>

<b>发送时间:</b> 2014年7月19日 4:23<div class=""><br>

<b>收件人:</b> OpenStack Development Mailing List (not for usage questions)<br>

</div><b>主题:</b> Re: [openstack-dev] [Neutron] Auth token in context<br>

</font><br>

</div><div><div class="h5">

<div></div>

<div>

<div dir="ltr">I suspect it was just excluded since it is authenticating information and there wasn't a good use case to pass it around everywhere in the context where it might be leaked into logs or other network requests unexpectedly.</div>

<div class="gmail_extra"><br>

<br>

<div class="gmail_quote">On Fri, Jul 18, 2014 at 1:10 PM, Phillip Toohill <span dir="ltr">

<<a href="mailto:phillip.toohill@rackspace.com" target="_blank">phillip.toohill@rackspace.com</a>></span> wrote:<br>

<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">

<div style="FONT-FAMILY:Calibri,sans-serif;WORD-WRAP:break-word;COLOR:rgb(0,0,0);FONT-SIZE:14px">

<div>It was for more of a potential use to query another service. Don't think well go this route though, but was curious why it was one of the only values not populated even though there's a field for it. </div>

<div><br>

</div>

<span>

<div style="BORDER-BOTTOM:medium none;TEXT-ALIGN:left;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;FONT-FAMILY:Calibri;COLOR:black;FONT-SIZE:11pt;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt">

<span style="FONT-WEIGHT:bold">From: </span>Kevin Benton <<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>><br>

<span style="FONT-WEIGHT:bold">Reply-To: </span>"OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br>

<span style="FONT-WEIGHT:bold">Date: </span>Friday, July 18, 2014 2:16 PM<br>

<span style="FONT-WEIGHT:bold">To: </span>"OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br>

<span style="FONT-WEIGHT:bold">Subject: </span>Re: [openstack-dev] [Neutron] Auth token in context<br>

</div>

<div>

<div>

<div><br>

</div>

<div>

<div>

<div dir="ltr">What are you trying to use the token to do?</div>

<div class="gmail_extra"><br>

<br>

<div class="gmail_quote">On Fri, Jul 18, 2014 at 9:16 AM, Phillip Toohill <span dir="ltr">

<<a href="mailto:phillip.toohill@rackspace.com" target="_blank">phillip.toohill@rackspace.com</a>></span> wrote:<br>

<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">

Excellent! Thank you for the response, I figured it was possible, just<br>

concerned me to why everything else made it to context except for the<br>

token.<br>

<br>

So to be clear, you agree that it should at least be passed to context and<br>

because its not could be deemed a bug?<br>

<br>

Thank you<br>

<div>

<div><br>

On 7/18/14 2:03 AM, "joehuang" <<a href="mailto:joehuang@huawei.com" target="_blank">joehuang@huawei.com</a>> wrote:<br>

<br>

>Hello, Phillip.<br>

><br>

>Currently, Neutron did not pass the token to the context. But Nova/Cinder<br>

>did that. It's easy to do that, just 'copy' from Nova/Cinder.<br>

><br>

>1.  How Nova/Cinder did that<br>

>class NovaKeystoneContext(wsgi.Middleware)<br>

>///or CinderKeystoneContext for cinder<br>

><br>

>              auth_token = req.headers.get('X_AUTH_TOKEN',<br>

>                                     req.headers.get('X_STORAGE_TOKEN'))<br>

>              ctx = context.RequestContext(user_id,<br>

>                                     project_id,<br>

>                                     user_name=user_name,<br>

>                                     project_name=project_name,<br>

>                                     roles=roles,<br>

>                                     auth_token=auth_token,<br>

>                                     remote_address=remote_address,<br>

>                                     service_catalog=service_catalog)<br>

><br>

>2.  Neutron not passed token. Also not good for the third part network<br>

>infrastructure to integrate the authentication with KeyStone.<br>

>class NeutronKeystoneContext(wsgi.Middleware)<br>

>.................<br>

>##### token not get from the header and not passed to context. Just<br>

>change here like what Nova/Cinder did.<br>

>        context.Context(user_id, tenant_id, roles=roles,<br>

>                              user_name=user_name,<br>

>tenant_name=tenant_name,<br>

>                              request_id=req_id)<br>

>        req.environ['neutron.context'] = ctx<br>

><br>

>I think I'd better to report a bug for your case.<br>

><br>

>Best Regards<br>

>Chaoyi Huang ( Joe Huang )<br>

>-----邮件原件-----<br>

>发件人: Phillip Toohill [mailto:<a href="mailto:phillip.toohill@RACKSPACE.COM" target="_blank">phillip.toohill@RACKSPACE.COM</a>]<br>

>发送时间: 2014年7月18日 14:07<br>

>收件人: OpenStack Development Mailing List (not for usage questions)<br>

>主题: [openstack-dev] [Neutron] Auth token in context<br>

><br>

>Hello all,<br>

><br>

>I am wondering how to get the auth token from a user request passed down<br>

>to the context so it can potentially be used by the plugin or driver?<br>

><br>

>Thank you<br>

><br>

><br>

>_______________________________________________<br>

>OpenStack-dev mailing list<br>

><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>

><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>

>_______________________________________________<br>

>OpenStack-dev mailing list<br>

><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>

><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>

<br>

_______________________________________________<br>

OpenStack-dev mailing list<br>

<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>

</div>

</div>

</blockquote>

</div>

<br>

<br clear="all">

<div><br>

</div>

-- <br>

<div>Kevin Benton</div>

</div>

</div>

</div>

</div>

</div>

</span></div>

<br>

_______________________________________________<br>

OpenStack-dev mailing list<br>

<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>

<br>

</blockquote>

</div>

<br>

<br clear="all">

<div><br>

</div>

-- <br>

<div>Kevin Benton</div>

</div>

</div>

</div></div></div>

</div>

</div>

<br>_______________________________________________<br>

OpenStack-dev mailing list<br>

<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>

<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Kevin Benton</div>

</div>