benroeder opened a new pull request, #690: URL: https://github.com/apache/opendal-reqsign/pull/690
## Summary - Add `reqsign-openstack-keystone` crate implementing Keystone v3 password authentication - Wire into the `reqsign` umbrella crate behind the `openstack` feature flag - Add CI workflow with mock server integration tests This enables OpenDAL's Swift backend to use reqsign for credential management instead of inline Keystone auth code. Contributes to #685 (`reqsign-swift` checklist item). Context: Xuanwo requested this move during review of [apache/opendal#7216](https://github.com/apache/opendal/pull/7216). ## What's included **Credential types** (`credential.rs`): - `Credential` with token, expiry, and service catalog - `CatalogEntry` / `Endpoint` types with serde deserialization - `endpoint()` and `endpoint_in_region()` for catalog lookup - `SigningCredential` impl with 2-minute expiry grace period **Request signing** (`sign_request.rs`): - `RequestSigner` inserts `X-Auth-Token` header (marked sensitive) **Credential providers** (`provide_credential/`): - `KeystoneCredentialProvider` — POST to `{auth_url}/auth/tokens`, extracts token from `X-Subject-Token` header, parses expiry + service catalog - `EnvCredentialProvider` — reads `OPENSTACK_AUTH_URL`, `OPENSTACK_USERNAME`, `OPENSTACK_PASSWORD`, etc. - `DefaultCredentialProvider` — credential chain (env vars for now) **Testing** (27 tests total): - 16 unit tests covering credential validity, catalog lookup, region filtering, edge cases, serde, auth request building - 11 integration tests with Python mock Keystone server: scoped/unscoped tokens, bad credentials, connection refused, full `Signer` round-trip with token caching, region filtering - Also tested against a production OpenStack Keystone v3 deployment — confirmed token acquisition, timestamp parsing, and service catalog parsing with multiple services and regions ## Test plan - [x] `cargo fmt --all -- --check` - [x] `cargo clippy --workspace --all-targets --all-features -- -D warnings` - [x] `cargo test --workspace --no-fail-fast` (all 27 openstack-keystone tests + full workspace green) - [x] Mock server integration tests via CI workflow - [x] Verified against production Keystone v3 cluster -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
