yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #62191
[Bug 1671887] [NEW] Revocation API is used in places where where it doesn't need to be
Public bug reported:
Since keystone now validates UUID and Fernet tokens the same way - by
rebuilding the token context at validation time, we no longer need to
persist certain types of revocation events.
For example, a revocation event is persisted when a role is deleted.
This is no longer needed because the invalidation happens by design of
the token provider.
Opening this bug so that we can track those cases and remove them.
** Affects: keystone
Importance: Low
Assignee: Richard (csravelar)
Status: In Progress
** Changed in: keystone
Status: New => Confirmed
** Changed in: keystone
Importance: Undecided => Low
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1671887
Title:
Revocation API is used in places where where it doesn't need to be
Status in OpenStack Identity (keystone):
In Progress
Bug description:
Since keystone now validates UUID and Fernet tokens the same way - by
rebuilding the token context at validation time, we no longer need to
persist certain types of revocation events.
For example, a revocation event is persisted when a role is deleted.
This is no longer needed because the invalidation happens by design of
the token provider.
Opening this bug so that we can track those cases and remove them.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1671887/+subscriptions