[openstack-dev] [KEYSTONE] subclassing auth_token middleware
Kevin L. Mitchell
kevin.mitchell at rackspace.com
Wed Nov 14 18:47:14 UTC 2012
On Wed, 2012-11-14 at 17:33 +0000, Yee, Guang wrote:
> Yes WSGI pipeline. How else are you intend to use auth_token middleware?
>
> Looking at the changes
>
> https://review.openstack.org/#/c/16002/1/keystoneclient/middleware/auth_token.py
>
> You are basically setting the extensions data in the headers right?
> You should be able to sanitize the X_<USER|TENANT|TOKEN>_EXTENSION
> headers in header_sanitizer and set them in your own extension context
> builder. What am I missing?
I have gotten somewhat confused. 16002 is my review and was the
approach I was shooting for, but heckj pushed back on that and brought
it to the list to see if there were suggestions on other possible
implementations; I had thought his suggested implementation was to
subclass the auth_token middleware and try to solve my problem that way.
If we like 16002, I'm quite happy with that approach; I can do
everything I need to do by just implementing one more piece of
middleware. If that's not a desirable approach, I can suggest that we
stuff the entire token validation response into the wsgi environment
(not a header), which would also meet my needs. If we want to use a
subclassing approach, we need some further modification to the existing
auth_token middleware to make that work, but that basically amounts to
some refactoring, and I should again be able to make that work. I just
need to know which approach we are going to end up taking in the end :)
--
Kevin L. Mitchell <kevin.mitchell at rackspace.com>
More information about the OpenStack-dev
mailing list