yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1491817] Re: Revoking large token fails with "Request-URI Too Long (HTTP 414)"

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1491817@xxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Sep 2015 16:41:53 -0000
Reply-to: Bug 1491817 <1491817@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

According to Morgan, we're 40 days from dropping support for eventlet
completely, so adding a new configuration option wouldn't provide much
benefit.

In addition, the length of PKI tokens is a widely known issue that has
gone largely unaddressed (besides the introduction of PKIZ as a
compressed alternative). Switching to either UUID or Fernet is the
recommended workaround.

** Tags added: pki

** Tags added: eventlet

** Changed in: keystone
       Status: In Progress => Invalid

** Changed in: keystone
       Status: Invalid => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1491817

Title:
  Revoking large token fails with "Request-URI Too Long (HTTP 414)"

Status in Keystone:
  Won't Fix

Bug description:
  When running keystone in a eventlet based configuration in a setup
  with a lot of (long) endpoints defined I ran into tempest failures.

  It turns out that when it tries to revoke some keystone tokens in e.g.
  the api/identity/admin/v2/test_roles_negative.py tests the resulting
  request URI for the v2 API (DELETE /v2.0/tokens/<pki-token>) was too
  long for eventlet's defaults and there is currently no way to change
  that limit in keystone.conf.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1491817/+subscriptions

References

[Bug 1491817] [NEW] Revoking large token fails with "Request-URI Too Long (HTTP 414)"
From: Ralf Haferkamp, 2015-09-03