django-openstack-auth

keystone token revokes cause issues

Bug #1637460 reported by Eric Peterson on 2016-10-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	django-openstack-auth	Fix Released	High	Eric Peterson	django-openstack-auth 3.0.0

Bug Description

The various times horizon can revoke / delete tokens can cause issues with long running tasks - such as backups, live migrations, etc.

It is best to just not revoke the tokens.

Tags:

OpenStack Infra (hudson-openstack) on 2016-10-28

Changed in django-openstack-auth:
assignee:	nobody → Eric Peterson (ericpeterson-l)
status:	New → In Progress

Revision history for this message

David Lyle (david-lyle) wrote on 2016-10-28:

Conversations with Keystone made it clear that our use of token revoke is not what the intent for the token revocation API.

tags:	added: backport-to-newton
Changed in django-openstack-auth:
importance:	Undecided → High
milestone:	none → 3.0.0

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-28: Fix merged to django_openstack_auth (master)

Reviewed: https://review.openstack.org/391183
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=5810f9c6d92f8e1febbb25f5486778dbf416991c
Submitter: Jenkins
Branch: master

commit 5810f9c6d92f8e1febbb25f5486778dbf416991c
Author: eric <email address hidden>
Date: Thu Oct 27 06:57:13 2016 -0600

Removing token revoke / delete calls

    Keysonte is changing the nature of tokens, timeouts, and long
    running tasks. In addition, horizon can also cause issues where
    a user starts a long running tasks, logs out, and then the token
    fails authenticaion. Just removing this problematic logic.

https://blueprints.launchpad.net/keystone/+spec/session-extendable-tokens

Closes-Bug: #1637460
Change-Id: I5eda08e95d8df72ba601181f02a72de37c5393fd

Changed in django-openstack-auth:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-28: Fix proposed to django_openstack_auth (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/391435

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-01: Fix included in openstack/django_openstack_auth 3.0.0

This issue was fixed in the openstack/django_openstack_auth 3.0.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-02: Fix merged to django_openstack_auth (stable/newton)

Reviewed: https://review.openstack.org/391435
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=08e96550a31b98b7ee3278b3b6a73e93e79ac343
Submitter: Jenkins
Branch: stable/newton

commit 08e96550a31b98b7ee3278b3b6a73e93e79ac343
Author: eric <email address hidden>
Date: Thu Oct 27 06:57:13 2016 -0600

Removing token revoke / delete calls

https://blueprints.launchpad.net/keystone/+spec/session-extendable-tokens

    Closes-Bug: #1637460
    Change-Id: I5eda08e95d8df72ba601181f02a72de37c5393fd
    (cherry picked from commit 5810f9c6d92f8e1febbb25f5486778dbf416991c)