keystonemiddleware

auth_token middleware cannot load plugins from paste

Bug #1428900 reported by Jamie Lennox on 2015-03-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	keystonemiddleware	Fix Released	Medium	Jamie Lennox	keystonemiddleware 1.5.0
	python-keystoneclient	Fix Released	Medium	Jamie Lennox	python-keystoneclient 1.5.0

Bug Description

When auth_token middleware adopted using keystoneclient auth plugin loading it specifically chose to only allow specifying auth plugins via the config file as this was the standard loading mechansims available.

It turns out that more services than expected configure auth_token via paste or manually and for swift particularly we need to support loading plugins from the override options.

Jamie Lennox (jamielennox) on 2015-03-06

Changed in keystonemiddleware:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-06: Fix proposed to keystonemiddleware (master)

Fix proposed to branch: master
Review: https://review.openstack.org/161962

Changed in keystonemiddleware:
assignee:	nobody → Jamie Lennox (jamielennox)
status:	New → In Progress

Revision history for this message

Jamie Lennox (jamielennox) wrote on 2015-03-09:

Filing against keystoneclient. There is not enough information exposed from the plugin loading to allow us to load a plugin using our own config loading mechanism.

What we need there is some way to load an option from an arbitrarily provided getter function.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-09: Fix proposed to python-keystoneclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/162529

Changed in python-keystoneclient:
assignee:	nobody → Jamie Lennox (jamielennox)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-11: Fix merged to keystonemiddleware (master)

Reviewed: https://review.openstack.org/161962
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=06bdfc886fed7e30684a612a3c6ff8616eb2be34
Submitter: Jenkins
Branch: master

commit 06bdfc886fed7e30684a612a3c6ff8616eb2be34
Author: Jamie Lennox <email address hidden>
Date: Fri Mar 6 11:28:21 2015 +1100

Allow loading auth plugins via overrides

    Swift configures auth_token purely by paste options, not oslo.config.
    This means that we cannot rely on purely using the keystoneclient
    load_from_config_options for auth plugins.

    Copy the logic from keystoneclient regarding auth plugin loading from
    config files and make it specific to the _conf_get that auth_token
    middleware uses so that the auth plugin options obey options from paste
    as other options do.

    This will be replaced with a keystoneclient helper as soon as possible,
    however we want to fix the swift issue before that happens and we will
    still be compatible going forward.

Change-Id: I54ac4c566cb798196ea18e24d4ce868450f269f3
Closes-Bug: #1428900

Changed in keystonemiddleware:
status:	In Progress → Fix Committed

Morgan Fainberg (mdrnstm) on 2015-03-11

Changed in keystonemiddleware:
milestone:	none → 1.5.0

Morgan Fainberg (mdrnstm) on 2015-03-11

Changed in keystonemiddleware:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-04-08: Fix merged to python-keystoneclient (master)

Reviewed: https://review.openstack.org/162529
Committed: https://git.openstack.org/cgit/openstack/python-keystoneclient/commit/?id=e39eec0ff84185f476a1c4cd3014decd149ddf58
Submitter: Jenkins
Branch: master

commit e39eec0ff84185f476a1c4cd3014decd149ddf58
Author: Jamie Lennox <email address hidden>
Date: Mon Mar 9 15:53:18 2015 +1100

Provide a generic auth plugin loader

    For keystonemiddleware, shade and other projects that do more
    complicated option loading than simply CLI or CONF file provide a means
    to load an auth plugin where options are discovered by a provided
    function.

    This plugin is designed to work with the options as provided by
    get_options rather than either the argparse or CONF registration
    functions.

Use these as the default loading mechanism for the existing argparse and
CONF functions as it standardizes the mechanism between the two sources.

Change-Id: I15634ac30581c7aea14e709f12fb202570190f46
Closes-Bug: #1428900

Changed in python-keystoneclient:
status:	In Progress → Fix Committed

Morgan Fainberg (mdrnstm) on 2015-05-21

Changed in python-keystoneclient:
milestone:	none → 1.4.0

Morgan Fainberg (mdrnstm) on 2015-05-21

Changed in python-keystoneclient:
importance:	Undecided → Medium

Morgan Fainberg (mdrnstm) on 2015-05-28

Changed in python-keystoneclient:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.