Jump to: navigation, search

Swift/ideas/swiftclient-keystone-session

< Swift‎ | ideas
Revision as of 20:50, 3 May 2017 by Jjw-sohonet (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Swiftclient Keystone Session Support

Proper use of keystone sessions is something we've been talking about at the summits/hackathons for a while :(

Some work has been done in the past on a very lightweight method to allow the python-swiftclient to make use of Keystone sessions whilst maintaining the existing API. However, more recent updates to Keystone and the deprecation of version specific sessions means that our usage of Keystone (specific Keystone version sessions and extracting tokens for use directly) does not match the current expectations of the Keystone developers.

When using Keystone for auth, python-swiftclient should be using Keystone sessions to make its requests as well as allowing an existing session object to be passed to API calls (or a SwiftService instance). The current python-swiftclient code uses access tokens directly by fetching them from a session in order to avoid changing the existing method signatures.

In order to use sessions as the Keystone project expects we need to do the following:

  • All the client API functions need to be refactored to stop handling reauthentication, adding auth headers and handling tokens manually
  • All the client requests should be made through the Keystone session

So it requires a lot of work and will possibly break the API :S

Another point of discussion from a previous (now abandoned) patch brought up the idea that perhaps we shouldn't be specifying the keystone version at all, but instead making use of keystoneauth's version discovery, but again this comes with it's own subtle changes to behaviour to all the swiftclient layers including the CLI (e.g. discovering auth endpoint rather than using exactly what's specified, or even ignoring the requested auth version entirely).

Current Patch and Related Discussion

Patch "Use keystone session when possible" [1] has been added by jaosorior as a starting point and indication of what changes would be required within python-swiftclient to properly support generic Keystone sessions and Keystone version detection.

Past Related Patches

  • Use generic keystone client instead of versioned one [2] (Abandoned)
  • WIP: Use keystone session when possible [3]
  • Adding session to switfclient [4] (Abandoned)
  • Add v1password keystoneauth plugin [5] (Merged)
  • Adding keystoneauth sessions support [6] (Merged)
Retrieved from "https://wiki.openstack.org/w/index.php?title=Swift/ideas/swiftclient-keystone-session&oldid=153808"