Keystone doesn't depend on other services, but every other service in
OpenStack depends on Keystone.
So, I propose we treat all of the Admin aspects of the Keystone server
just like any other consumer of auth token middleware, but only for testing.
It means that we would be using a different middleware for /v3/auth than
we use for, say /v3/users and /v3/policy. /auth would use the mechanism
that Keystone uses today (Middleware inside of Keystone) but the rest of
Keystone would use keystonemiddleware.auth_token. Ok, so we would
probably need to work around fetching certificates, too.
The idea is that Keystone should be run just like any other service, and
perform all of the same checks on tokens and policy for anything that is
an administrative task; creating users etc. In doing so, we would
provide a framework for functional tests.
Doing this would require a bit of reworking of the past pipeline, but
that is stuff we've considered doing before.
Does this fit in with the vision of each project doing our own
functional testing?
_______________________________________________
OpenStack-dev mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
