openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #12162
Re: [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?
I haven't tested it myself, but I imagine you *could* deploy
legacy_token_auth (which rewrites from keystone stable/diablo or essex-3
with stable/essex or folsom; however, there are a couple of issues that
need to be resolved first.
https://github.com/openstack/keystone/blob/stable/diablo/keystone/frontends/legacy_token_auth.py
First issue: legacy_token_auth imports from legacy keystone.utils; however,
they are trivial functions and could be moved into legacy_token_auth with
an additional import for webob.Response.
Second issue: legacy_token_auth is dependent on the KEYSTONE_API_VERSION
WSGI env var set by the urlrewritefilter middleware deployed in front of
it. A simplified derivative of this middleware is included in folsom-m1
(keystone.middleware.core.NormalizingFilter) which doesn't look at the
Accept headers or API path prefix at all.
Diablo's NormalizingFilter:
https://github.com/openstack/keystone/blob/stable/diablo/keystone/middleware/url.py
Folsom's NormalizingFilter:
https://github.com/openstack/keystone/blob/master/keystone/middleware/core.py
Of course, there's also a bit of required config:
https://github.com/openstack/keystone/blob/stable/diablo/etc/keystone.conf
I expect the actual request-rewriting of legacy_auth_token should work just
fine against keystone trunk.
-Dolph
On Wed, May 23, 2012 at 10:28 AM, Nguyen, Liem Manh <liem_m_nguyen@xxxxxx>wrote:
> In essex-3, there used to be a “legacy_token_auth” component that does
> just this.****
>
> ** **
>
> Liem****
>
> ** **
>
> *From:* openstack-bounces+liem_m_nguyen=hp.com@xxxxxxxxxxxxxxxxxxx[mailto:
> openstack-bounces+liem_m_nguyen=hp.com@xxxxxxxxxxxxxxxxxxx] *On Behalf Of
> *Chmouel Boudjnah
> *Sent:* Wednesday, May 23, 2012 6:54 AM
> *To:* Christian Broussard
> *Cc:* openstack@xxxxxxxxxxxxxxxxxxx
> *Subject:* Re: [Openstack] [OpenStack][Keystone]Does legacy_auth v1.0
> exist in Keystone Essex ?****
>
> ** **
>
> On Wed, May 23, 2012 at 3:53 PM, Christian Broussard <
> christian.broussard@xxxxxxxxx> wrote:****
>
> I'm interested in this topic as well. Chmouel, are you indicated that
> without a 3rd party middleware implementation, there is no way to handle
> v1.0 auth with keystone/swift?****
>
> ** **
>
> Not that I know. ****
>
> ** **
>
> Chmouel.****
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
Follow ups
References