hi all,

i've been researching, and coding, about how to upgrade sahara to use keystone sessions for authentication instead of our current method. i'm running into some issues that i believe might make the current proposed approach[1] unfeasible.

one issue i'm running into is the nature of how we change the context to the admin user at some points, and in general how we change information in the context as we pass it around. this creates some issues with the currently proposed spec.

i think we might be better served by taking an approach where the context will hold the an auth plugin object. which would be populated from the keystonemiddleware for user requests and could be changed to the admin when necessary.

in this manner we would create sessions as necessary for each client, and then associate the auth plugin object with the session as we create the clients. this would also allow us to drop the session cache from the context, and we would still be able to have specific sessions for clients that require unique options (for example certs).

i'm curious if anyone has thoughts on this matter?

i will also likely be rewriting the spec to encompass these changes if i can get them working locally.


[1]: https://review.openstack.org/#/c/197743/

OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

Reply via email to