Jump to: navigation, search

Swift/ideas/swiftclient-keystone-session

< Swift‎ | ideas

Swiftclient Keystone Session Support

Proper use of keystone sessions is something we've been talking about at the summits/hackathons for a while :(

Some work has been done in the past on a very lightweight method to allow the python-swiftclient to make use of Keystone sessions whilst maintaining the existing API. However, more recent updates to Keystone and the deprecation of version specific sessions means that our usage of Keystone/Keystone Sessions does not match the current expectations of the Keystone developers.

The current idea is that when using Keystone for auth, python-swiftclient should be using sessions only as well as allowing an existing session object to be passed in when using the API. The current python-swiftclient code uses access tokens directly by fetching them from the session in order to avoid changing the existing method signatures.

In order to use sessions as the Keystone project expects we need to do the following:

  • All the client API functions need to be refactored to stop adding auth headers and handling tokens manually if a session is present
  • All the client requests should be handled via the auth session if present

So it requires a lot of work and will possibly break the API :S

Another point of discussion from a previous (now abandoned) patch brought up the idea that perhaps we shouldn't be specifying the keystone version at all, but instead making use of keystoneauth's version discovery, but again this comes with it's own subtle changes to behaviour to all the swiftclient layers including the CLI (e.g. discovering auth endpoint rather than using exactly what's specified, or even ignoring the requested auth version entirely).

Current Patch and Related Discussion

Patch "Use keystone session when possible" [1] has been added by jaosorior as a starting point and indication of what changes would be required within python-swiftclient to properly support generic Keystone sessions and Keystone version detection.

Past Related Patches

  • Use generic keystone client instead of versioned one [2] (Abandoned)
  • WIP: Use keystone session when possible [3]
  • Adding session to switfclient [4] (Abandoned)
  • Add v1password keystoneauth plugin [5] (Merged)
  • Adding keystoneauth sessions support [6] (Merged)