<html><body>
<p><font size="2" face="sans-serif">Yes, Here: </font><a href="https://review.openstack.org/#/c/111756/"><font size="2" face="sans-serif">https://review.openstack.org/#/c/111756/</font></a><br>
<br>
<img width="16" height="16" src="cid:1__=0ABBF7B9DFCE71638f9e8a93df938@us.ibm.com" border="0" alt="Inactive hide details for Kevin Benton ---08/04/2014 01:01:56 PM---That makes sense. Is there a patch up for review to make thi"><font size="2" color="#424282" face="sans-serif">Kevin Benton ---08/04/2014 01:01:56 PM---That makes sense. Is there a patch up for review to make this available in the context?</font><br>
<br>
<font size="1" color="#5F5F5F" face="sans-serif">From: </font><font size="1" face="sans-serif">Kevin Benton <blak111@gmail.com></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">To: </font><font size="1" face="sans-serif">"OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Cc: </font><font size="1" face="sans-serif">isaku.yamahata@gmail.com</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Date: </font><font size="1" face="sans-serif">08/04/2014 01:01 PM</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Subject: </font><font size="1" face="sans-serif">Re: [openstack-dev] 答???: [Neutron] Auth token in context</font><br>
<hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br>
<br>
<br>
<font size="3" face="serif">That makes sense. Is there a patch up for review to make this available in the context?</font><br>
<font size="3" face="serif"><br>
</font><br>
<font size="3" face="serif">On Mon, Aug 4, 2014 at 8:21 AM, Isaku Yamahata <</font><a href="mailto:isaku.yamahata@gmail.com" target="_blank"><font size="3" color="#0000FF" face="serif"><u>isaku.yamahata@gmail.com</u></font></a><font size="3" face="serif">> wrote:</font>
<ul style="padding-left: 9pt"><font size="3" face="serif">ServiceVM wants auth token.<br>
When creating l3 router which runs inside VM, it launches VM.<br>
So neutron interacts with other projects like serivcevm server or nova.<br>
<br>
thnaks,<br>
<br>
<br>
On Sun, Jul 20, 2014 at 12:14:54AM -0700,<br>
Kevin Benton <</font><a href="mailto:blak111@gmail.com"><font size="3" color="#0000FF" face="serif"><u>blak111@gmail.com</u></font></a><font size="3" face="serif">> wrote:<br>
<br>
> That makes sense. Shouldn't we wait for something to require it before<br>
> adding it though?<br>
><br>
><br>
> On Sat, Jul 19, 2014 at 11:41 PM, joehuang <</font><a href="mailto:joehuang@huawei.com"><font size="3" color="#0000FF" face="serif"><u>joehuang@huawei.com</u></font></a><font size="3" face="serif">> wrote:<br>
><br>
> > Hello, Kevin<br>
> ><br>
> ><br>
> ><br>
> > The leakage risk may be one of the design purpose. But Nova/Cinder has<br>
> > already stored the token into the context, because Nova needs to access<br>
> > Neutron.Cinder.Glance, And Cinder interact with Glance....<br>
> ><br>
> ><br>
> ><br>
> > For Neutron, I think why the token has not been passed to the context, is<br>
> > because that Neutron only reactively provide service (exactly PORT ) to<br>
> > Nova currently, so Neutron has not call other services' API by using the<br>
> > token.<br>
> ><br>
> ><br>
> ><br>
> > If the underlying agent or plugin wants to use the token, then the<br>
> > requirement will be asked by somebody.<br>
> ><br>
> ><br>
> ><br>
> > BR<br>
> ><br>
> ><br>
> ><br>
> > Joe<br>
> ><br>
> ><br>
> > ------------------------------<br>
> > *???件人:* Kevin Benton [</font><a href="mailto:blak111@gmail.com"><font size="3" color="#0000FF" face="serif"><u>blak111@gmail.com</u></font></a><font size="3" face="serif">]<br>
> > *???送??????:* 2014年7月19日 4:23<br>
> ><br>
> > *收件人:* OpenStack Development Mailing List (not for usage questions)<br>
> > *主???:* Re: [openstack-dev] [Neutron] Auth token in context<br>
> ><br>
> > I suspect it was just excluded since it is authenticating information<br>
> > and there wasn't a good use case to pass it around everywhere in the<br>
> > context where it might be leaked into logs or other network requests<br>
> > unexpectedly.<br>
> ><br>
> ><br>
> > On Fri, Jul 18, 2014 at 1:10 PM, Phillip Toohill <<br>
> > </font><a href="mailto:phillip.toohill@rackspace.com"><font size="3" color="#0000FF" face="serif"><u>phillip.toohill@rackspace.com</u></font></a><font size="3" face="serif">> wrote:<br>
> ><br>
> >> It was for more of a potential use to query another service. Don't<br>
> >> think well go this route though, but was curious why it was one of the only<br>
> >> values not populated even though there's a field for it.<br>
> >><br>
> >> From: Kevin Benton <</font><a href="mailto:blak111@gmail.com"><font size="3" color="#0000FF" face="serif"><u>blak111@gmail.com</u></font></a><font size="3" face="serif">><br>
> >> Reply-To: "OpenStack Development Mailing List (not for usage questions)"<br>
> >> <</font><a href="mailto:openstack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>openstack-dev@lists.openstack.org</u></font></a><font size="3" face="serif">><br>
> >> Date: Friday, July 18, 2014 2:16 PM<br>
> >> To: "OpenStack Development Mailing List (not for usage questions)" <<br>
> >> </font><a href="mailto:openstack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>openstack-dev@lists.openstack.org</u></font></a><font size="3" face="serif">><br>
> >> Subject: Re: [openstack-dev] [Neutron] Auth token in context<br>
> >><br>
> >> What are you trying to use the token to do?<br>
> >><br>
> >><br>
> >> On Fri, Jul 18, 2014 at 9:16 AM, Phillip Toohill <<br>
> >> </font><a href="mailto:phillip.toohill@rackspace.com"><font size="3" color="#0000FF" face="serif"><u>phillip.toohill@rackspace.com</u></font></a><font size="3" face="serif">> wrote:<br>
> >><br>
> >>> Excellent! Thank you for the response, I figured it was possible, just<br>
> >>> concerned me to why everything else made it to context except for the<br>
> >>> token.<br>
> >>><br>
> >>> So to be clear, you agree that it should at least be passed to context<br>
> >>> and<br>
> >>> because its not could be deemed a bug?<br>
> >>><br>
> >>> Thank you<br>
> >>><br>
> >>> On 7/18/14 2:03 AM, "joehuang" <</font><a href="mailto:joehuang@huawei.com"><font size="3" color="#0000FF" face="serif"><u>joehuang@huawei.com</u></font></a><font size="3" face="serif">> wrote:<br>
> >>><br>
> >>> >Hello, Phillip.<br>
> >>> ><br>
> >>> >Currently, Neutron did not pass the token to the context. But<br>
> >>> Nova/Cinder<br>
> >>> >did that. It's easy to do that, just 'copy' from Nova/Cinder.<br>
> >>> ><br>
> >>> >1. How Nova/Cinder did that<br>
> >>> >class NovaKeystoneContext(wsgi.Middleware)<br>
> >>> >///or CinderKeystoneContext for cinder<br>
> >>> ><br>
> >>> > auth_token = req.headers.get('X_AUTH_TOKEN',<br>
> >>> > req.headers.get('X_STORAGE_TOKEN'))<br>
> >>> > ctx = context.RequestContext(user_id,<br>
> >>> > project_id,<br>
> >>> > user_name=user_name,<br>
> >>> > project_name=project_name,<br>
> >>> > roles=roles,<br>
> >>> > auth_token=auth_token,<br>
> >>> > remote_address=remote_address,<br>
> >>> > service_catalog=service_catalog)<br>
> >>> ><br>
> >>> >2. Neutron not passed token. Also not good for the third part network<br>
> >>> >infrastructure to integrate the authentication with KeyStone.<br>
> >>> >class NeutronKeystoneContext(wsgi.Middleware)<br>
> >>> >.................<br>
> >>> >##### token not get from the header and not passed to context. Just<br>
> >>> >change here like what Nova/Cinder did.<br>
> >>> > context.Context(user_id, tenant_id, roles=roles,<br>
> >>> > user_name=user_name,<br>
> >>> >tenant_name=tenant_name,<br>
> >>> > request_id=req_id)<br>
> >>> > req.environ['neutron.context'] = ctx<br>
> >>> ><br>
> >>> >I think I'd better to report a bug for your case.<br>
> >>> ><br>
> >>> >Best Regards<br>
> >>> >Chaoyi Huang ( Joe Huang )<br>
> >>> >-----???件原件-----<br>
> >>> >???件人: Phillip Toohill [mailto:</font><a href="mailto:phillip.toohill@RACKSPACE.COM"><font size="3" color="#0000FF" face="serif"><u>phillip.toohill@RACKSPACE.COM</u></font></a><font size="3" face="serif">]<br>
> >>> >???送??????: 2014年7月18日 14:07<br>
> >>> >收件人: OpenStack Development Mailing List (not for usage questions)<br>
> >>> >主???: [openstack-dev] [Neutron] Auth token in context<br>
> >>> ><br>
> >>> >Hello all,<br>
> >>> ><br>
> >>> >I am wondering how to get the auth token from a user request passed down<br>
> >>> >to the context so it can potentially be used by the plugin or driver?<br>
> >>> ><br>
> >>> >Thank you<br>
> >>> ><br>
> >>> ><br>
> >>> >_______________________________________________<br>
> >>> >OpenStack-dev mailing list<br>
> >>> ></font><a href="mailto:OpenStack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" face="serif"><br>
> >>> ></font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a><font size="3" face="serif"><br>
> >>> >_______________________________________________<br>
> >>> >OpenStack-dev mailing list<br>
> >>> ></font><a href="mailto:OpenStack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" face="serif"><br>
> >>> ></font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a><font size="3" face="serif"><br>
> >>><br>
> >>> _______________________________________________<br>
> >>> OpenStack-dev mailing list<br>
> >>> </font><a href="mailto:OpenStack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" face="serif"><br>
> >>> </font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a><font size="3" face="serif"><br>
> >>><br>
> >><br>
> >><br>
> >><br>
> >> --<br>
> >> Kevin Benton<br>
> >><br>
> >> _______________________________________________<br>
> >> OpenStack-dev mailing list<br>
> >> </font><a href="mailto:OpenStack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" face="serif"><br>
> >> </font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a><font size="3" face="serif"><br>
> >><br>
> >><br>
> ><br>
> ><br>
> > --<br>
> > Kevin Benton<br>
> ><br>
> > _______________________________________________<br>
> > OpenStack-dev mailing list<br>
> > </font><a href="mailto:OpenStack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" face="serif"><br>
> > </font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a><font size="3" face="serif"><br>
> ><br>
> ><br>
></font><font size="3" color="#888888" face="serif"><br>
><br>
> --<br>
> Kevin Benton<br>
<br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> </font><a href="mailto:OpenStack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" color="#888888" face="serif"><br>
> </font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a><font size="3" color="#888888" face="serif"><br>
<br>
<br>
--<br>
Isaku Yamahata <</font><a href="mailto:isaku.yamahata@gmail.com"><font size="3" color="#0000FF" face="serif"><u>isaku.yamahata@gmail.com</u></font></a><font size="3" color="#888888" face="serif">><br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list</font><font size="3" color="#0000FF" face="serif"><u><br>
</u></font><a href="mailto:OpenStack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" color="#0000FF" face="serif"><u><br>
</u></font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a></ul>
<font size="3" face="serif"><br>
</font><br>
<br>
<font size="3" face="serif">-- </font><br>
<font size="3" face="serif">Kevin Benton</font><tt><font size="2">_______________________________________________<br>
OpenStack-dev mailing list<br>
OpenStack-dev@lists.openstack.org<br>
</font></tt><tt><font size="2"><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></font></tt><tt><font size="2"><br>
</font></tt><br>
</body></html>