auth_token middleware should not require OS-SIMPLE-CERT extension for v3

Bug #1384898 reported by Brant Knudson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
keystonemiddleware
Fix Released
Medium
wanghong

Bug Description

The auth_token middleware will use the /v3/OS-SIMPLE-CERT/ if it's configured to use v3 or if it discovers that v3 is available. OS-SIMPLE-CERT is an extension may not be enabled, so the auth_token middleware shouldn't require it and it must be able to work without it.

http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/auth_token.py?id=9355d279216da8981ee6c31013b3dc16e5355257#n1576

Revision history for this message
Dolph Mathews (dolph) wrote :

auth_token should (technically) be able to fallback to purely online validation if any aspect of offline validation fails.

Changed in keystonemiddleware:
status: New → Confirmed
Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

I 100% agree with dolph.

Changed in keystonemiddleware:
importance: Undecided → Medium
wanghong (w-wanghong)
Changed in keystonemiddleware:
assignee: nobody → wanghong (w-wanghong)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystonemiddleware (master)

Fix proposed to branch: master
Review: https://review.openstack.org/131036

Changed in keystonemiddleware:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (master)

Reviewed: https://review.openstack.org/131036
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=136f85c01ad4da01f9e073619f22eed5ca2378cc
Submitter: Jenkins
Branch: master

commit 136f85c01ad4da01f9e073619f22eed5ca2378cc
Author: wanghong <email address hidden>
Date: Mon Oct 27 15:12:05 2014 +0800

    fallback to online validation if offline validation fails

    Authmiddleware should fallback to purely online validation when
    fetching certificate config failed or fetching revocation list failed.

    Change-Id: I532e667cc26bbeb9bbd03605b9fb7ea7ebf14afa
    Closes-Bug: #1384898

Changed in keystonemiddleware:
status: In Progress → Fix Committed
Changed in keystonemiddleware:
milestone: none → 1.4.0
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.