[openstack-dev] Moving auth_token middleware dependencies to openstack common
dolph.mathews at gmail.com
Tue Sep 11 17:05:08 UTC 2012
Would it be appropriate to formally move cms into openstack-common as well?
It seems clients should eventually consume some of that functionality as
well (e.g. verify_token)?
On Tue, Sep 11, 2012 at 11:20 AM, Adam Young <ayoung at redhat.com> wrote:
> I think that we can get away with the current set up for auth_token
> middleware (shipping it inside Keystone but deploying it as a stand alone
> file) if we move its dependencies to openstack common. Those dependencies
> cms Is all my work, and I am happy to change it to openstack commons
> pulled in as a dependency.
> keystone/common/utils.py has one function in it that is used by auth_token:
> Which is a very thin wrapper around hashlib:
> def hash_signed_token(signed_text)**:
> hash_ = hashlib.md5()
> return hash_.hexdigest()
> We can move this to the auth_token middleware, as the only other place it
> is used is in the unit test code in keystone tests/test_auth_token_**
> This will add a hashlib dependency on auth_token middleware, but it is
> required for Signed token authentication anyway.
> The risk here is that changes to fix issues in Keystone that originate
> with PKI/CMS handling will require changes to both Common and Keystone
> projects in sync, but if I get an agreement from the common folk that
> they will be responsive to Keystone changes, that should not be a real
> Is this acceptable?
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.**org <OpenStack-dev at lists.openstack.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev