[openstack-dev] Moving auth_token middleware dependencies to openstack common

Adam Young ayoung at redhat.com
Tue Sep 11 16:20:33 UTC 2012

I think that we can get away with the current set up for auth_token 
middleware  (shipping it inside Keystone but deploying it as a stand 
alone file) if we move its dependencies to openstack common.  Those 
dependencies are:


cms Is all my work, and I am happy to change it to openstack commons 
pulled in as a dependency.

keystone/common/utils.py has one function in it that is used by auth_token:


Which is a very thin wrapper around hashlib:

def hash_signed_token(signed_text):
     hash_ = hashlib.md5()
     return hash_.hexdigest()

We can move this to the auth_token middleware, as the only other place 
it is used is in the unit test code in keystone 

This will add a hashlib dependency on auth_token middleware,  but it is 
required for Signed token authentication anyway.

The risk here is that changes to fix issues in Keystone that originate 
with PKI/CMS handling will require changes to both Common and Keystone 
projects in sync,  but if I get an agreement from the common folk  that 
they will be responsive to Keystone changes, that should not be a real 

Is this acceptable?

More information about the OpenStack-dev mailing list