Doug and Team, I tweaked the patch to incorporate the review comments. I've included an abstract class for keyring, specific to openstack "openstackkeyring". The class is used to store encrypted password in keyring, without prompting for keyring password. The password is encrypted using AES algorithm. It is similar to keyring.backend.CryptedFileKeyring, except it'll not prompt for keyring password.
As David and Matt suggested, with the new patch, the keyring is used only if OS_USE_KEYRING environment variable is set. If OS_USE_KEYRING is not set, the default behavior to prompt for password is preserved. The openstackkeyring library will be added in openstack.common, to use it for other projects. Once the current patch goes in, we'll extend same keyring to store tokens as well. In case you got questions, please let me know. On Mon, Jul 30, 2012 at 2:30 PM, Doug Hellmann <doug.hellm...@dreamhost.com> wrote: > > > On Mon, Jul 30, 2012 at 4:51 PM, Bhuvaneswaran A <bhu...@apache.org> wrote: >> >> On Mon, Jul 30, 2012 at 7:46 AM, David Kranz <david.kr...@qrclab.com> >> wrote: >> > I share Doug's concerns but would state some more strongly. IMO, it is >> > simply unacceptable to modify user-visible behavior based on whether >> > some >> > package that happens to be used in an implementation is installed or >> > not. >> > This package is installed on Ubuntu by default and may be used by other >> > applications that have nothing to do with OpenStack at all. >> >> Yes, as python-keyring is installed in almost all systems, the >> behaviour is unchanged. >> >> > If we really want to go down this road there should be an environment >> > variable that can be set to turn off this behavior for applications that >> > do >> > not want it. >> >> David, good point. I'll revise the patch to not use keyring, if >> environment variable USE_KEYRING=0. If environment variable is not set >> or if it is USE_KEYRING=1, then keyring is used to store password. > > > How about OS_USE_KEYRING so it is clearer that the variable is related to > openstack? > >> >> >> Doug, agree? >> >> -- >> Regards, >> Bhuvaneswaran A >> www.livecipher.com >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > -- Regards, Bhuvaneswaran A www.livecipher.com _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
