Public bug reported: When using fernet tokens, I'm unable to get a token if the key_repository isn't writeable [0]. The main keystone process is only required to read keys from the key repository. The keystone-manage process must have write access to the key repository in order to bootstrap keys.
Keystone doesn't rely on write access in order to create tokens. The check for keystone shouldn't be dependent on it having write access, since it doesn't need it [1]. The write permissions should be kept when called from keystone-manage, but not when called from keystone. [0] http://cdn.pasteraw.com/nng0up76dgy5b3naw0hw4bdabdkin84 [1] https://github.com/openstack/keystone/blob/56d3d76304a88baa3ff90e94e6bbd6d8d28e7dcf/keystone/token/providers/fernet/utils.py#L34-L36 ** Affects: keystone Importance: Undecided Status: New ** Tags: fernet ** Tags added: fernet ** Summary changed: - Unable to get token when fernet key repository isn't writeable + Token operations fail when fernet key repository isn't writeable -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1523664 Title: Token operations fail when fernet key repository isn't writeable Status in OpenStack Identity (keystone): New Bug description: When using fernet tokens, I'm unable to get a token if the key_repository isn't writeable [0]. The main keystone process is only required to read keys from the key repository. The keystone-manage process must have write access to the key repository in order to bootstrap keys. Keystone doesn't rely on write access in order to create tokens. The check for keystone shouldn't be dependent on it having write access, since it doesn't need it [1]. The write permissions should be kept when called from keystone-manage, but not when called from keystone. [0] http://cdn.pasteraw.com/nng0up76dgy5b3naw0hw4bdabdkin84 [1] https://github.com/openstack/keystone/blob/56d3d76304a88baa3ff90e94e6bbd6d8d28e7dcf/keystone/token/providers/fernet/utils.py#L34-L36 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1523664/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
