Reviewed: https://review.openstack.org/253273 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=8eb29c37d1a5163d4f485c559399a4b82969e21e Submitter: Zuul Branch: master
commit 8eb29c37d1a5163d4f485c559399a4b82969e21e Author: Jorge Munoz <[email protected]> Date: Fri Nov 24 22:59:32 2017 +0000 Validate disabled domains and projects online Keystone's performance degrades as the `revocation_event` table grows in size. This patch reduces the total number of events written to the table by not persisting events when a domain or project is disabled. The main reason for persisting a revocation event when a project or domain is disabled is to make sure tokens associated to those targets are considered invalid. Instead of relying on revocation events, we can check if the project or domain is enabled when we validate the token. We take the same approach when we validate a user's role assignments instead of relying on an ever-growing database table. Co-Authored-By: Lance Bragstad <[email protected]> Closes-Bug: 1524030 Change-Id: I76330567e0df2d9f2af88ef9b6b98b8c379e7406 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1524030 Title: Reduce revocation events for performance improvement Status in OpenStack Identity (keystone): Fix Released Bug description: Keystone performance reduces as revocation events are written to the backend. In an effort to reduce the number of revocation events written to the revocation_event table, keystone has to explicitly check if a domain or project associated to the token are enabled. Patch: https://review.openstack.org/#/c/253273/ Follow up patches: 1. Remove revocation events for deleted domains or projects 2. Remove revocation events for deleted grants 3. Bug 1511775 4. Delete unused columns (revocation_table - project and domains) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1524030/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
