yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1568674] [NEW] Revocation events catching too many tokens

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Adam Young <1568674@xxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Apr 2016 04:04:27 -0000
Reply-to: Bug 1568674 <1568674@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

We've seen an effect where setting the dfefault token handler to Fenet,
and depending on Revocation events breaks several tests.  These tests
are supposed to track that a tokne comes back as invalid.  However, what
actually happens is the admin users token is invalid, returning a 401
instead of a 404.

Putting a 1 second delay between, for example,  the delete role
assignment event and the token validation causese the validation to
properly return the 404.

It looks like the revocation tree is somehow matching the admin token in
its check.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1568674

Title:
  Revocation events catching too many tokens

Status in OpenStack Identity (keystone):
  New

Bug description:
  We've seen an effect where setting the dfefault token handler to
  Fenet, and depending on Revocation events breaks several tests.  These
  tests are supposed to track that a tokne comes back as invalid.
  However, what actually happens is the admin users token is invalid,
  returning a 401 instead of a 404.

  Putting a 1 second delay between, for example,  the delete role
  assignment event and the token validation causese the validation to
  properly return the 404.

  It looks like the revocation tree is somehow matching the admin token
  in its check.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1568674/+subscriptions