← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1311142] Re: Cache records for get_*_by_name are not invalidated on entity rename

 

New behavior required to get fix in. abandoning as inappropriate for
havana backport.

** Changed in: keystone/havana
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1311142

Title:
  Cache records for get_*_by_name are not invalidated on entity rename

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone havana series:
  Won't Fix
Status in Keystone icehouse series:
  Fix Committed

Bug description:
  I have noticed in keystone code, that update_domain and update_project
  methods in assignment_api Manager invalidate cache for get_*_by_name()
  using new name, not the old one.

  For example in update_domain() if you are changing domain name from
  'OldName' to 'NewName', get_domain_by_name.invalidate() is called with
  'NewName' as argument. See:

  https://github.com/openstack/keystone/blob/1e948043fe2456bd91b398317c71c665d69e9935/keystone/assignment/core.py#L320

  As a result the old name can be used in some requests until cache
  record is expired. For example if you rename a domain, old name can
  still be used for the authentication (note, caching should be enabled
  in keystone configuration):

  1. Define domain by its name during login:
  curl -X POST -H 'Content-type: application/json' -d '{"auth":{"identity":{"methods":["password"], "password":{"user":{"name":"Alice","domain":{"name": "OldName"}, "password":"A12345678"}}}}}' -v http://192.168.56.101:5000/v3/auth/tokens

  2. Change domain name:
  curl -X PATCH -H 'Content-type: application/json' -H 'X-Auth-Token: indigitus' -d '{"domain":{"name":"NewName"}}' http://192.168.56.101:5000/v3/domains/7e0629d4e31b4c5591a4a10d0b8931df

  3. Login using old domain name (copy command from step 1).

  As a result Alice will be logged in, even though domain name specified
  is not available anymore.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1311142/+subscriptions


References