openstack team mailing list archive

Thread
Date

Re: [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?

To: "Nguyen, Liem Manh" <liem_m_nguyen@xxxxxx>
From: Dolph Mathews <dolph.mathews@xxxxxxxxx>
Date: Wed, 23 May 2012 10:42:07 -0500
Cc: Chmouel Boudjnah <chmouel@xxxxxxxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <F223F4DFAC36504680C1E357C358D4E52F8B1AA0@G1W3651.americas.hpqcorp.net>
Sender: antiver@xxxxxxxxx

I haven't tested it myself, but I imagine you *could* deploy
legacy_token_auth (which rewrites from keystone stable/diablo or essex-3
with stable/essex or folsom; however, there are a couple of issues that
need to be resolved first.

https://github.com/openstack/keystone/blob/stable/diablo/keystone/frontends/legacy_token_auth.py

First issue: legacy_token_auth imports from legacy keystone.utils; however,
they are trivial functions and could be moved into legacy_token_auth with
an additional import for webob.Response.

Second issue: legacy_token_auth is dependent on the KEYSTONE_API_VERSION
WSGI env var set by the urlrewritefilter middleware deployed in front of
it. A simplified derivative of this middleware is included in folsom-m1
(keystone.middleware.core.NormalizingFilter) which doesn't look at the
Accept headers or API path prefix at all.

    Diablo's NormalizingFilter:
https://github.com/openstack/keystone/blob/stable/diablo/keystone/middleware/url.py

    Folsom's NormalizingFilter:
https://github.com/openstack/keystone/blob/master/keystone/middleware/core.py

Of course, there's also a bit of required config:

https://github.com/openstack/keystone/blob/stable/diablo/etc/keystone.conf

I expect the actual request-rewriting of legacy_auth_token should work just
fine against keystone trunk.

-Dolph

On Wed, May 23, 2012 at 10:28 AM, Nguyen, Liem Manh <liem_m_nguyen@xxxxxx>wrote:

>  In essex-3, there used to be a “legacy_token_auth” component that does
> just this.****
>
> ** **
>
> Liem****
>
> ** **
>
> *From:* openstack-bounces+liem_m_nguyen=hp.com@xxxxxxxxxxxxxxxxxxx[mailto:
> openstack-bounces+liem_m_nguyen=hp.com@xxxxxxxxxxxxxxxxxxx] *On Behalf Of
> *Chmouel Boudjnah
> *Sent:* Wednesday, May 23, 2012 6:54 AM
> *To:* Christian Broussard
> *Cc:* openstack@xxxxxxxxxxxxxxxxxxx
> *Subject:* Re: [Openstack] [OpenStack][Keystone]Does legacy_auth v1.0
> exist in Keystone Essex ?****
>
> ** **
>
> On Wed, May 23, 2012 at 3:53 PM, Christian Broussard <
> christian.broussard@xxxxxxxxx> wrote:****
>
> I'm interested in this topic as well.  Chmouel, are you indicated that
> without a 3rd party middleware implementation, there is no way to handle
> v1.0 auth with keystone/swift?****
>
>  ** **
>
> Not that I know. ****
>
> ** **
>
> Chmouel.****
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

Re: [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?
From: Rafael Durán Castañeda, 2012-05-23

References

[OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?
From: Kuo Hugo, 2012-05-23
Re: [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?
From: Chmouel Boudjnah, 2012-05-23
Re: [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?
From: Christian Broussard, 2012-05-23
Re: [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?
From: Chmouel Boudjnah, 2012-05-23
Re: [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?
From: Nguyen, Liem Manh, 2012-05-23