[openstack-dev] Removing OS_AUTH_SYSTEM

Álvaro López García alvaro.lopez.garcia at cern.ch
Fri Jun 21 11:26:23 UTC 2013


Hi,

some comments inline.
On Fri 21 Jun 2013 (12:53), Chmouel Boudjnah wrote:
> Hello,
>
> We have discussed this some time ago to remove the OS_AUTH_SYSTEM from
> novaclient since this was implemented for RAX and these days RAX has
> moved to pyrax.
> 
> Since last time I have looked into this it seems that there was some
> updates to it :
> 
> https://github.com/openstack/python-novaclient/blob/master/novaclient/auth_plugin.py
> 
> This made me wondering if it was needed by other people and why?

I am the one responsible for that commit, so obviously we are
using it :-)

We are using it for X.509 auth, where we need to authenticate against
the HTTP server where keystone is running with the user certificate
instead of using the passwordCredentials dict. Basic or Digest auth are
other use cases for this system.

IMHO, as long as keystone allows for external authentication (as it does),
the auth plugin system on the client side should exist.

> This is some preliminary works to move novaclient to use
> keystoneclient instead of implementing its own[1] client to keystone.
> If the OS_AUTH_SYSTEM feature was really needed[2] we should then
> moving it to keystoneclient.

I think it is needed, and I think it should be moved to keystoneclient,
then let the other clients use keystoneclient for auth.

> Thoughts?
> 
> Chmouel.
> 
> [1] weirdo with bunch of obsoletes stuff I may need to add.

Completely agree.

> [2] and IMO this goes against a one true open cloud.

Why do you think [2] goes in that direction?

> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-- 
Álvaro López García                              aloga at ifca.unican.es
Instituto de Física de Cantabria         http://devel.ifca.es/~aloga/
Ed. Juan Jordá, Campus UC                      tel: (+34) 942 200 969
Avda. de los Castros s/n
39005 Santander (SPAIN)
_____________________________________________________________________
"If you haven't used grep, you've missed one of the simple pleasures of
 life." -- Brian Kernighan



More information about the OpenStack-dev mailing list