yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #50730
[Bug 1576315] Re: Critically fail on startup if fernet_setup has not been run
Reviewed: https://review.openstack.org/311811
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=971ba5fa4522349d8c24a318fd6f0701ff0668f4
Submitter: Jenkins
Branch: master
commit 971ba5fa4522349d8c24a318fd6f0701ff0668f4
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date: Mon May 2 18:57:05 2016 +0000
Make keystone exit when fernet keys don't exist
An outcome of some of the token discussions in Austin was that when Fernet is
the configured token provider, Keystone should fail on start up if there are no
keys in the key repository or if the repository doesn't exist.
Closes-Bug: 1576315
Change-Id: I0351dddc49da5908f46e09e22467f6fb112593dd
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1576315
Title:
Critically fail on startup if fernet_setup has not been run
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
As a result of the Fernet work session at the Newton design summit in
Austin:
Prior to making Fernet the default token provider, keystone should
fail on startup if fernet_setup has not been run when fernet is also
the configured token provider. Today, keystone will instead return a
500 trying to create or validate tokens. Failing on startup will give
operators a bigger red flag about the work they need to do to use
Fernet.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1576315/+subscriptions
References