Home > openstack, Uncategorized > Pass custom info as part of OpenStack Keystone token

Pass custom info as part of OpenStack Keystone token

It happened to happen that with OpenStack Keystone token I need to pass additional information besides standard token info. For the sake of clarity lets assume that at the time of creating and passing a fresh token from keystone besides standard token info,  I need to pass an additional (key,value) pair (‘—Test—‘ , ‘Testing’). For my case, I was storing a custom policy with keystone for each user. So when a user, request for a token, the token contains the policy.

 

In order to accomplish this, I did following change in the process of creating a v2_authorization_token in following file

#assuming my keystone service is installed in /opt/stack

/opt/stack/keystone/keystone/token/providers/common.py 

The issue_v2_token() method after adding custom token info looks likeScreenshot 2015-12-07 17.34.17

Here “token_data” contains all the data that are passed as the token. Note the method _get_token_id(token_data)   this method encrypts the token data and pass the token data as token_id of the token. Note that, our custom line should be above the method of _get_token_id(token_data) (which is in line 491).

Now, how do we check we have actually passed additional token info ?  In my case, I need this additional token data in OpenStack Swift service. Lets dive into how we make this sure from OpenStack Swift.

 

Screenshot 2015-12-07 17.49.46

Swift Proxy-server pipeline (location: /etc/swift/proxy-server.conf)

In OpenStack Swift service pipeline (figure above), authtoken is the middlewire where we can check the token_data returned from the keystone. In my system authtoken middlewire is located in

 /usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py

 

Screenshot 2015-12-07 17.57.30 

I added the following line (line no: 583 in the above figure) to see if data returned by the keystone token contains the  injected information.

 

self._LOG.debug(user_token)

 

I further want this additional token data to be available Swift-proxy server and Swift Object server. In order to do that I need to make sure authtoken middlewire pass this in the correct format.

 

In fact, in the same file of the authtoken middlewire,   _build_user_headers() method builds custom header that would be available in all the Swift services. So, I add following additional line 

 

rval[‘X—-TEST—–‘] = token_info[‘–TEST–‘]

 

Screenshot 2015-12-07 18.10.29

Now, I can get this extra header in all the services (Object server, account server, container server etc) of OpenStack Swift.

 

Advertisements
Categories: openstack, Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: