[Yahoo-eng-team] [Bug 1491926] Re: Remove padding from Fernet tokens
Kilo is EOL ** Changed in: keystone/kilo Status: In Progress => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1491926 Title: Remove padding from Fernet tokens Status in OpenStack Identity (keystone): Fix Released Status in OpenStack Identity (keystone) kilo series: Won't Fix Bug description: In bug 1433372, we determined that we should percent encode Fernet tokens, because the padding characters (=) aren't considered URL safe by some RFCs. We also fail some tempest tests because clients sometimes decode or encode responses [0]. We should just remove the padding, that way clients don't have to worry about it. When we go to validate a token, we can determine what the padding is based on the length of the token: missing_padding = 4 - len(token) % 4 if missing_padding: token += b'=' * missing_padding A patch can be proposed to master, stable/liberty, and stable/kilo to ensure that Fernet tokens can be validated regardless of padding. This is important to consider when upgrading from Kilo to Liberty or Kilo to Mitaka. [0] http://cdn.pasteraw.com/es3j52dpfgem4nom62e7vktk7g5u2j1 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1491926/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1491926] Re: Remove padding from Fernet tokens
** Changed in: keystone Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1491926 Title: Remove padding from Fernet tokens Status in Keystone: Fix Released Status in Keystone kilo series: In Progress Bug description: In bug 1433372, we determined that we should percent encode Fernet tokens, because the padding characters (=) aren't considered URL safe by some RFCs. We also fail some tempest tests because clients sometimes decode or encode responses [0]. We should just remove the padding, that way clients don't have to worry about it. When we go to validate a token, we can determine what the padding is based on the length of the token: missing_padding = 4 - len(token) % 4 if missing_padding: token += b'=' * missing_padding A patch can be proposed to master, stable/liberty, and stable/kilo to ensure that Fernet tokens can be validated regardless of padding. This is important to consider when upgrading from Kilo to Liberty or Kilo to Mitaka. [0] http://cdn.pasteraw.com/es3j52dpfgem4nom62e7vktk7g5u2j1 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1491926/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1491926] Re: Remove padding from Fernet tokens
** Also affects: keystone/kilo Importance: Undecided Status: New ** Tags removed: kilo-backport-potential ** Changed in: keystone/kilo Importance: Undecided => Medium -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1491926 Title: Remove padding from Fernet tokens Status in Keystone: Fix Committed Status in Keystone kilo series: New Bug description: In bug 1433372, we determined that we should percent encode Fernet tokens, because the padding characters (=) aren't considered URL safe by some RFCs. We also fail some tempest tests because clients sometimes decode or encode responses [0]. We should just remove the padding, that way clients don't have to worry about it. When we go to validate a token, we can determine what the padding is based on the length of the token: missing_padding = 4 - len(token) % 4 if missing_padding: token += b'=' * missing_padding [0] http://cdn.pasteraw.com/es3j52dpfgem4nom62e7vktk7g5u2j1 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1491926/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
