yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1494398] Re: AuthN fails if the tenant is recreated in the process

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date: Fri, 11 Sep 2015 16:14:06 -0000
Reply-to: Bug 1494398 <1494398@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

All AuthN is tied to the ID even if name is used. This is working as
intended. If you delete a tenant and recreate it, it is infact a
different tenant.


** Changed in: keystone
       Status: New => Triaged

** Changed in: keystone
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1494398

Title:
  AuthN fails if the tenant is recreated in the process

Status in Keystone:
  Invalid

Bug description:
  Scenario:

  2 requests are executed in parallel:
  1) authentication against "the tenant" by tenant name
  2) delete "the tenant" + create "the tenant"

  According to API contract authentication should pass, but internally all magic is done using tenant_id acquired at the very beginning of the request (1).
  So while formally tenant named "the tenant" exists, authentication fails as it's no mode accessible by it's old id.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1494398/+subscriptions

References

[Bug 1494398] [NEW] AuthN fails if the tenant is recreated in the process
From: Alexander Makarov, 2015-09-10