Public bug reported: Some information in tokens obtained with application credentials isn't available unless caching is enabled. I was able to recreate this using some of the tests in test_v3_trust.py and by setting CONF.token.cache_on_issue to False, which resulted in a 500 because a specific key in the token reference wasn't available [0].
Without digging into a bunch, I think this is because the token is cached when it is created, meaning the process to rebuild the entire authorization context at validation time is short-circuited. [0] http://paste.openstack.org/show/677666/ ** Affects: keystone Importance: Critical Status: Triaged ** Changed in: keystone Importance: Undecided => Critical ** Changed in: keystone Status: New => Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1750415 Title: validation of app cred tokens is dependent on CONF.token.cache_on_issue Status in OpenStack Identity (keystone): Triaged Bug description: Some information in tokens obtained with application credentials isn't available unless caching is enabled. I was able to recreate this using some of the tests in test_v3_trust.py and by setting CONF.token.cache_on_issue to False, which resulted in a 500 because a specific key in the token reference wasn't available [0]. Without digging into a bunch, I think this is because the token is cached when it is created, meaning the process to rebuild the entire authorization context at validation time is short-circuited. [0] http://paste.openstack.org/show/677666/ To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1750415/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
