yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #41897
[Bug 1240163] Re: Can't store a PKI token with a large catalog
same reasoning for keystoneclient issue, won't fix.
** Changed in: python-keystoneclient
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1240163
Title:
Can't store a PKI token with a large catalog
Status in OpenStack Identity (keystone):
Won't Fix
Status in python-keystoneclient:
Won't Fix
Bug description:
It seems that when you have a sufficiently large catalog, hashing of
the v3 token ID fails, so the token cannot be stored to the DB:
Basically when the catalog gets sufficiently large, the assumption
here about impractically large tokens proves bad:
https://github.com/openstack/keystone/blob/master/keystone/common/cms.py#L108
So token[:3] != PKI_ANS1_PREFIX, which means we don't hash the ID and
just return the unhashed token ID, in my case I'm seeingtoken[:3] ==
MIJ, not MII which is assumed to be prefix the token.
https://github.com/openstack/keystone/blob/master/keystone/common/cms.py#L174
This results in an error like this, and a failure to store the token,
even though it was created OK.
2013-10-15 18:24:45.671 29796 WARNING keystone.common.wsgi [-] String
length exceeded.The length of string '<unhashed token ID>' exceeded
the limit of column id(CHAR(64)).
From:
https://github.com/openstack/keystone/blob/master/keystone/common/sql/core.py#L87
I hit this issue because I had some duplicate endpoints in my
environment, but it seems to be a more general problem, which could
happen anytime you have a sufficiently large number of catalog
entries.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1240163/+subscriptions
