token_ref fetched in AuthContextMiddleware should be reused

Bug #1433211 reported by Boris Bobrov
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Deepti Ramakrishna

Bug Description

AuthContextMiddleware validates token and converts it to auth_context. The info fetched can be reused in several places, for example in https://github.com/openstack/keystone/blob/master/keystone/common/controller.py#L677 . A good list to start searching places for refactoring can be obtained using ``grep "context\['token_id'\]" -r keystone``.

Tags: performance
Revision history for this message
Dolph Mathews (dolph) wrote :

I would *love* to see this refactor happen.

tags: added: performance
Changed in keystone:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Lance Bragstad (lbragstad) wrote :
Changed in keystone:
assignee: nobody → Deepti Ramakrishna (dramakri)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/190863

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/190863
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=288a05a4de4b61d32816081f4c2a0f6e2f773cf2
Submitter: Jenkins
Branch: master

commit 288a05a4de4b61d32816081f4c2a0f6e2f773cf2
Author: Deepti Ramakrishna <email address hidden>
Date: Thu Jun 11 13:32:52 2015 -0700

    Reuse token_ref fetched in AuthContextMiddleware.

    All keystone middleware components should reuse the auth context prepared
    by AuthContextMiddleware. Note that AuthContextMiddleware is listed in
    etc/keystone-paste.ini as one of the earliest middleware components in the
    keystone pipeline. This means that almost all other middleware components
    can depend on the auth context being available for use.

    Also added a test to check that a trust cannot be retrived in case of a
    missing auth context. Such a request should throw Forbidden exception.

    Change-Id: I1c08976cf4d175fa2cfe2e39fe55811f04f13243
    Closes-Bug: #1433211

Changed in keystone:
status: In Progress → Fix Committed
Changed in keystone:
milestone: none → liberty-2
status: Fix Committed → Fix Released
Revision history for this message
Dolph Mathews (dolph) wrote :

Bumped this from Wishlist to Medium since this is very much a performance-oriented refactor.

Changed in keystone:
importance: Wishlist → Medium
Thierry Carrez (ttx)
Changed in keystone:
milestone: liberty-2 → 8.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.