[Openstack] [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?

Dolph Mathews dolph.mathews at gmail.com
Wed May 23 15:42:07 UTC 2012


I haven't tested it myself, but I imagine you *could* deploy
legacy_token_auth (which rewrites from keystone stable/diablo or essex-3
with stable/essex or folsom; however, there are a couple of issues that
need to be resolved first.


https://github.com/openstack/keystone/blob/stable/diablo/keystone/frontends/legacy_token_auth.py

First issue: legacy_token_auth imports from legacy keystone.utils; however,
they are trivial functions and could be moved into legacy_token_auth with
an additional import for webob.Response.

Second issue: legacy_token_auth is dependent on the KEYSTONE_API_VERSION
WSGI env var set by the urlrewritefilter middleware deployed in front of
it. A simplified derivative of this middleware is included in folsom-m1
(keystone.middleware.core.NormalizingFilter) which doesn't look at the
Accept headers or API path prefix at all.

    Diablo's NormalizingFilter:
https://github.com/openstack/keystone/blob/stable/diablo/keystone/middleware/url.py

    Folsom's NormalizingFilter:
https://github.com/openstack/keystone/blob/master/keystone/middleware/core.py

Of course, there's also a bit of required config:


https://github.com/openstack/keystone/blob/stable/diablo/etc/keystone.conf

I expect the actual request-rewriting of legacy_auth_token should work just
fine against keystone trunk.

-Dolph


On Wed, May 23, 2012 at 10:28 AM, Nguyen, Liem Manh <liem_m_nguyen at hp.com>wrote:

>  In essex-3, there used to be a “legacy_token_auth” component that does
> just this.****
>
> ** **
>
> Liem****
>
> ** **
>
> *From:* openstack-bounces+liem_m_nguyen=hp.com at lists.launchpad.net[mailto:
> openstack-bounces+liem_m_nguyen=hp.com at lists.launchpad.net] *On Behalf Of
> *Chmouel Boudjnah
> *Sent:* Wednesday, May 23, 2012 6:54 AM
> *To:* Christian Broussard
> *Cc:* openstack at lists.launchpad.net
> *Subject:* Re: [Openstack] [OpenStack][Keystone]Does legacy_auth v1.0
> exist in Keystone Essex ?****
>
> ** **
>
> On Wed, May 23, 2012 at 3:53 PM, Christian Broussard <
> christian.broussard at gmail.com> wrote:****
>
> I'm interested in this topic as well.  Chmouel, are you indicated that
> without a 3rd party middleware implementation, there is no way to handle
> v1.0 auth with keystone/swift?****
>
>  ** **
>
> Not that I know. ****
>
> ** **
>
> Chmouel.****
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120523/3e3c127a/attachment.html>


More information about the Openstack mailing list