yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #20782
[Bug 1328067] Re: Token with "placeholder" ID issued
This would cause a breakage in the backwards compatibility of the
Keystone API. The V2 token requires an id, however, under PKI tokens the
id in the token body is part of the signing/hashing that is used to
generate the token id. This means that we cannot have an accurate ID in
the v2 token body.
When using PKI tokens do not use the id encoded in the token body.
** Changed in: keystone
Status: In Progress => Won't Fix
** Changed in: keystone
Milestone: juno-rc1 => None
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1328067
Title:
Token with "placeholder" ID issued
Status in OpenStack Identity (Keystone):
Won't Fix
Status in OpenStack Identity (Keystone) Middleware:
New
Status in Python client library for Keystone:
Fix Committed
Bug description:
We're seeing test failures, where it seems that an invalid token is
issued, with the ID of "placeholder"
http://logs.openstack.org/69/97569/2/check/check-tempest-dsvm-
full/565d328/logs/screen-h-eng.txt.gz
See context_auth_token_info which is being passed using the auth_token
keystone.token_info request environment variable (ref
https://review.openstack.org/#/c/97568/ which is the previous patch in
the chain from the log referenced above).
It seems like auth_token is getting a token, but there's some sort of
race in the backend which prevents an actual token being stored?
Trying to use "placeholder" as a token ID doesn't work, so it seems
like this default assigned in the controller is passed back to
auth_token, which treats it as a valid token, even though it's not.
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L121
I'm not sure how to debug this further, as I can't reproduce this
problem locally.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1328067/+subscriptions
References