openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #09956
Re: Where does Keystone middleware for Swift belong?
On Thu, Apr 12, 2012 at 5:03 AM, John Dickinson <me@xxxxxx> wrote:
> 4) We have previously removed auth systems from swift's core code in order to simplify the codebase and allow separate dev cycles. All that is included now is the most basic auth system required for dev work, stand-alone tests, and POC deployments.
If swift doesn't want to be opinionated about a auth server I think
this is a good reason to have it outside Swift and probably like you
suggest in the contrib area if that something we can make happen.
I like the idea of having the middleware in the *client as effectively
those middleware are clients but that may not what a end-user expect.
It may be another discussion but it would be nice to abstract the auth
code in Swift as currently this is not so easy to implement all Swift
features in Auth middleware.
The best way currently to do so is to follow the commits in
tempauth/swauth and each middleware maintainers implement the features
on his own.
Maru has been thinking about it and started to do an implementation in
the swift_auth middleware in this review :
https://review.openstack.org/#patch,sidebyside,5661,4,keystone/middleware/swift_auth.py
I can't remember what was the outcome of the initial work done by Greg
on authz in Swift but is Maru review can be something we can look
forward to have in Swift so all the other middleware would only have
to do the strict minimal of authentication/validation ?
Cheers,
Chmouel.
References