[openstack-dev] Keystone auth_token middleware

Robert Collins robertc at robertcollins.net
Mon Sep 24 19:55:52 UTC 2012


On Mon, Sep 24, 2012 at 10:13 PM, Alan Pevec <apevec at gmail.com> wrote:
> On Mon, Sep 24, 2012 at 10:45 AM, Thierry Carrez <thierry at openstack.org> wrote:
>> Brian Waldon wrote:
>>> The auth_token middleware shouldn't live in the Keystone source tree. It is not intended to be used alongside any of the Keystone code as it gets pulled in to every service *but* Keystone. It is super frustrating to have to install all of Keystone just to get this one piece of code. As this middleware is just a client, I am proposing we move it into the existing keystone client library - python-keystoneclient. What are the immediate feelings here?
>>
>> Distributions can solve this by creating multiple binary packages from
>> the same source package,
>
> I did that in Fedora for Essex, but it broke post folsom-2 due to new
> intra-keystone dependencies in auth-token middleware:
> https://bugzilla.redhat.com/show_bug.cgi?id=844508
>
> There's also an issue with python subpackages sharing python namespace
> - who owns overlapping __init__.py ?
> Best would be if auth-token is moved out of keystone.middleware, there
> are stuff imported[1] not required by auth-token.

A general principle I have for Python packages is that 'optional'
things should be separate packages: there is some overhead, but its a
lot simpler when it comes to determining distribution dependency
rules, because you can rely on the Python dependency metadata.
Creating multiple binaries from one Python source package is only
needed when this principle is violated :).

-Rob



More information about the OpenStack-dev mailing list