> -----Original Message----- > From: Jamie Lennox [mailto:jamielen...@redhat.com] > Sent: 18 June 2015 07:02 > To: OpenStack Development Mailing List (not for usage questions) > Subject: [openstack-dev] [glance] V3 Authentication for swift store > > Hey everyone, > > TL;DR: glance_store requires a way to do v3 authentication to the swift > backend. > > <snip> > > However in future we are trying to open up authentication so it's not limited > to > only user/password authentication. Immediate goals for service to service > communications are to enable SSL client certificates and kerberos > authentication. This would be handled by keystoneclient sessions but they are > not supported by swift and it would require a significant rewrite of > swiftclient to > do, and the swift team has indicated they do not which to invest more time > into > their client.
If we consider specifically the swiftclient Connection class, I wonder how significant a rewrite would be to support session objects? I'm not too familiar with sessions - is a session an object with an interface to fetch a token and service endpoint url? If so maybe Connection could accept a session in lieu of auth options and call the session rather than its get_auth methods. If we can move towards sessions in swiftclient then that would be good IMHO, since we have also have requirement to support fetching a service token [1], which I guess would (now or in future) also be handled by the session? [1] https://review.openstack.org/182640 Alistair > > <snip> > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
