openstack team mailing list archive

Thread
Date

Where does Keystone middleware for Swift belong?

To: "openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Maru Newby <mnewby@xxxxxxxxxxxx>
Date: Wed, 11 Apr 2012 14:07:16 -0700
Cc: z-launchpad@xxxxxxxx, Chmouel Boudjnah <chmouel@xxxxxxxxxxx>

The Keystone repo currently contains the following Swift-specific wsgi middleware modules:

https://github.com/openstack/keystone/blob/master/keystone/middleware/s3_token.py
https://github.com/openstack/keystone/blob/master/keystone/middleware/swift_auth.py

Neither module depends directly on Keystone.  s3_token calls Keystone through HTTP, and swift_auth retrieves Keystone identity data from the wsgi environment.  Both modules, however, depend directly on Swift, and this forces the Keystone test suite to have to install Swift to run successfully.

Separate from the dependency issue, both middleware modules need to ensure that Swift-specific authorization requirements are met.  It doesn't make sense for the Keystone project to be responsible for this, since the Swift team is the final arbiter of how Swift authorization should behave.

All signs point to the Swift repo being the best place for these modules to be maintained.  Does this seem reasonable, or is there a better alternative?  Please chime in, especially if you are Swift core.

Cheers,


Maru

Follow ups

Re: Where does Keystone middleware for Swift belong?
From: John Dickinson, 2012-04-12
Re: Where does Keystone middleware for Swift belong?
From: Joshua Harlow, 2012-04-11