DISCLAIMER: The following comments are neither finger pointing the
author of this work nor the keystone team.

RANT: We should really stop assuming everyone is using a global `CONF`
object. Moreover, we should really stop using it, especially in

That said, here's a gentle note for all of us:

If I understood the flow of changes correctly, keystoneclient recently
introduced a auth_section[0] option, which needs to be registered in
order for it to work properly. In keystoneclient, it's been correctly
added a function[1] to register this option in a conf object.

keystonemiddleware was then updated to support the above and a call to
the register function[1] was then added to the `auth_token` module[2].

The above, unfortunately, broke Zaqar's auth because Zaqar is not
using the global `CONF` object which means it has to register
keystonemiddleware's options itself. Since the option was registered
in the global conf instead of the conf object passed to
`AuthProtocol`, the new `auth_section` option is not bein registered
as keystoneclient excepts.

So, as a gentle reminder to everyone, please, lets not assume all
projects are using the global `CONF` object and make sure all libraries
provide a good way to register the required options. I think either
secretly registering options or exposing a function to let consumers
do so is fine.

I hate complaining without helping to solve the problem so, here's[3] a
workaround to provide a, hopefully, better way to do this. Note that
this shouldn't be the definitive fix and that we also implemented a
workaround in zaqar as well.



Flavio Percoco

Attachment: pgpZwjK8HSrg1.pgp
Description: PGP signature

OpenStack-dev mailing list

Reply via email to