yahoo-eng-team team mailing list archive

[Lance Bragstad <lbragstad@xxxxxxxxx>]

Public bug reported:

Some information in tokens obtained with application credentials isn't
available unless caching is enabled. I was able to recreate this using
some of the tests in test_v3_trust.py and by setting
CONF.token.cache_on_issue to False, which resulted in a 500 because a
specific key in the token reference wasn't available [0].

Without digging into a bunch, I think this is because the token is
cached when it is created, meaning the process to rebuild the entire
authorization context at validation time is short-circuited.

[0] http://paste.openstack.org/show/677666/

** Affects: keystone
     Importance: Critical
         Status: Triaged

** Changed in: keystone
   Importance: Undecided => Critical

** Changed in: keystone
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1750415

Title:
  validation of app cred tokens is dependent on
  CONF.token.cache_on_issue

Status in OpenStack Identity (keystone):
  Triaged

Bug description:
  Some information in tokens obtained with application credentials isn't
  available unless caching is enabled. I was able to recreate this using
  some of the tests in test_v3_trust.py and by setting
  CONF.token.cache_on_issue to False, which resulted in a 500 because a
  specific key in the token reference wasn't available [0].

  Without digging into a bunch, I think this is because the token is
  cached when it is created, meaning the process to rebuild the entire
  authorization context at validation time is short-circuited.

  [0] http://paste.openstack.org/show/677666/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1750415/+subscriptions