yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1227980] Re: Pluggable auth provider: Can't write a custom plugin due to hardcoded check

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 02 Oct 2013 11:30:28 -0000
Reply-to: Bug 1227980 <1227980@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1227980

Title:
  Pluggable auth provider:  Can't write a custom plugin due to hardcoded
  check

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  Provider plugin provides an interface so that some one customize or
  rewrite UUID and PKI providers.  But unfortunately  there is a hard
  coded check which prevents  pluggablity

  provider.py -- get_provider

   if ((CONF.signing.token_format == 'PKI' and
                      CONF.token.provider != PKI_PROVIDER or
                      (CONF.signing.token_format == 'UUID' and
                          CONF.token.provider != UUID_PROVIDER))):
                  raise exception.UnexpectedError(
                      _('keystone.conf [signing] token_format (deprecated) '
                        'conflicts with keystone.conf [token] provider'))
              return CONF.token.provider

  PKI_PROVIDER and UUID_PROVIDERS are global variable which hold default
  provider.  Do we need this check?

  Ofcourse, I can change the value of the global variable, but that
  doesn't fit the pluggable design.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1227980/+subscriptions