OpenStack Identity (keystone)

token_ref fetched in AuthContextMiddleware should be reused

Bug #1433211 reported by Boris Bobrov on 2015-03-17

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Deepti Ramakrishna	OpenStack Identity (keystone) 8.0.0 "liberty"

Bug Description

AuthContextMiddleware validates token and converts it to auth_context. The info fetched can be reused in several places, for example in https://github.com/openstack/keystone/blob/master/keystone/common/controller.py#L677 . A good list to start searching places for refactoring can be obtained using ``grep "context\['token_id'\]" -r keystone``.

Tags:

Revision history for this message

Dolph Mathews (dolph) wrote on 2015-03-18:

I would *love* to see this refactor happen.

tags:	added: performance
Changed in keystone:
status:	New → Triaged
importance:	Undecided → Wishlist

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2015-03-20:

Paste of above grep:

http://cdn.pasteraw.com/k6g86l7ib4ohu0mrgax2fwlr0cpbm86

Deepti Ramakrishna (dramakri) on 2015-05-07

Changed in keystone:
assignee:	nobody → Deepti Ramakrishna (dramakri)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-11: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/190863

Changed in keystone:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-29: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/190863
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=288a05a4de4b61d32816081f4c2a0f6e2f773cf2
Submitter: Jenkins
Branch: master

commit 288a05a4de4b61d32816081f4c2a0f6e2f773cf2
Author: Deepti Ramakrishna <email address hidden>
Date: Thu Jun 11 13:32:52 2015 -0700

Reuse token_ref fetched in AuthContextMiddleware.

    All keystone middleware components should reuse the auth context prepared
    by AuthContextMiddleware. Note that AuthContextMiddleware is listed in
    etc/keystone-paste.ini as one of the earliest middleware components in the
    keystone pipeline. This means that almost all other middleware components
    can depend on the auth context being available for use.

Also added a test to check that a trust cannot be retrived in case of a
missing auth context. Such a request should throw Forbidden exception.

Change-Id: I1c08976cf4d175fa2cfe2e39fe55811f04f13243
Closes-Bug: #1433211

Changed in keystone:
status:	In Progress → Fix Committed

Doug Hellmann (doug-hellmann) on 2015-07-29

Changed in keystone:
milestone:	none → liberty-2
status:	Fix Committed → Fix Released

Revision history for this message

Dolph Mathews (dolph) wrote on 2015-09-22:

Bumped this from Wishlist to Medium since this is very much a performance-oriented refactor.

Changed in keystone:
importance:	Wishlist → Medium

Thierry Carrez (ttx) on 2015-10-15

Changed in keystone:
milestone:	liberty-2 → 8.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.