[openstack-dev] Moving auth_token middleware dependencies to openstack common
Adam Young
ayoung at redhat.com
Tue Sep 11 16:20:33 UTC 2012
I think that we can get away with the current set up for auth_token
middleware (shipping it inside Keystone but deploying it as a stand
alone file) if we move its dependencies to openstack common. Those
dependencies are:
keystone/common/cms.py
keystone/common/utils.py
cms Is all my work, and I am happy to change it to openstack commons
pulled in as a dependency.
keystone/common/utils.py has one function in it that is used by auth_token:
utils.hash_signed_token(signed_text)
Which is a very thin wrapper around hashlib:
def hash_signed_token(signed_text):
hash_ = hashlib.md5()
hash_.update(signed_text)
return hash_.hexdigest()
We can move this to the auth_token middleware, as the only other place
it is used is in the unit test code in keystone
tests/test_auth_token_middleware.py
This will add a hashlib dependency on auth_token middleware, but it is
required for Signed token authentication anyway.
The risk here is that changes to fix issues in Keystone that originate
with PKI/CMS handling will require changes to both Common and Keystone
projects in sync, but if I get an agreement from the common folk that
they will be responsive to Keystone changes, that should not be a real
problem.
Is this acceptable?
More information about the OpenStack-dev
mailing list