[Yahoo-eng-team] [Bug 1311142] Re: Cache records for get_*_by_name are not invalidated on entity rename

Thu, 07 Aug 2014 12:43:25 -0700 

** Changed in: keystone/icehouse
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1311142

Title:
  Cache records for get_*_by_name are not invalidated on entity rename

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone havana series:
  Won't Fix
Status in Keystone icehouse series:
  Fix Released

Bug description:
  I have noticed in keystone code, that update_domain and update_project
  methods in assignment_api Manager invalidate cache for get_*_by_name()
  using new name, not the old one.

  For example in update_domain() if you are changing domain name from
  'OldName' to 'NewName', get_domain_by_name.invalidate() is called with
  'NewName' as argument. See:

  
https://github.com/openstack/keystone/blob/1e948043fe2456bd91b398317c71c665d69e9935/keystone/assignment/core.py#L320

  As a result the old name can be used in some requests until cache
  record is expired. For example if you rename a domain, old name can
  still be used for the authentication (note, caching should be enabled
  in keystone configuration):

  1. Define domain by its name during login:
  curl -X POST -H 'Content-type: application/json' -d 
'{"auth":{"identity":{"methods":["password"], 
"password":{"user":{"name":"Alice","domain":{"name": "OldName"}, 
"password":"A12345678"}}}}}' -v http://192.168.56.101:5000/v3/auth/tokens

  2. Change domain name:
  curl -X PATCH -H 'Content-type: application/json' -H 'X-Auth-Token: 
indigitus' -d '{"domain":{"name":"NewName"}}' 
http://192.168.56.101:5000/v3/domains/7e0629d4e31b4c5591a4a10d0b8931df

  3. Login using old domain name (copy command from step 1).

  As a result Alice will be logged in, even though domain name specified
  is not available anymore.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1311142/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to