| Thread Previous • Date Previous • Date Next • Thread Next |
** Also affects: keystone/liberty
Importance: Undecided
Status: New
** Changed in: keystone/liberty
Status: New => In Progress
** Changed in: keystone/liberty
Assignee: (unassigned) => Lance Bragstad (lbragstad)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1523664
Title:
Token operations fail when fernet key repository isn't writeable
Status in OpenStack Identity (keystone):
Fix Released
Status in OpenStack Identity (keystone) liberty series:
In Progress
Bug description:
When using fernet tokens, I'm unable to get a token if the
key_repository isn't writeable [0]. The main keystone process is only
required to read keys from the key repository. The keystone-manage
process must have write access to the key repository in order to
bootstrap keys.
Keystone doesn't rely on write access in order to create tokens. The
check for keystone shouldn't be dependent on it having write access,
since it doesn't need it [1].
The write permissions should be kept when called from keystone-manage,
but not when called from keystone.
mfisch and clayton from Time Warner Cable brought this to my attention
and I was able to recreate.
[0] http://cdn.pasteraw.com/nng0up76dgy5b3naw0hw4bdabdkin84
[1] https://github.com/openstack/keystone/blob/56d3d76304a88baa3ff90e94e6bbd6d8d28e7dcf/keystone/token/providers/fernet/utils.py#L34-L36
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1523664/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
