OpenStack Identity (keystone)

Revoking large token fails with "Request-URI Too Long (HTTP 414)"

Bug #1491817 reported by Ralf Haferkamp
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Won't Fix
Undecided
Ralf Haferkamp

Bug Description

When running keystone in a eventlet based configuration in a setup with a lot of (long) endpoints defined I ran into tempest failures.

It turns out that when it tries to revoke some keystone tokens in e.g. the api/identity/admin/v2/test_roles_negative.py tests the resulting request URI for the v2 API (DELETE /v2.0/tokens/<pki-token>) was too long for eventlet's defaults and there is currently no way to change that limit in keystone.conf.

Tags: pki eventlet
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/220116

Changed in keystone:
assignee: nobody → Ralf Haferkamp (rhafer)
status: New → In Progress
Revision history for this message
Dolph Mathews (dolph) wrote :

According to Morgan, we're 40 days from dropping support for eventlet completely, so adding a new configuration option wouldn't provide much benefit.

In addition, the length of PKI tokens is a widely known issue that has gone largely unaddressed (besides the introduction of PKIZ as a compressed alternative). Switching to either UUID or Fernet is the recommended workaround.

tags: added: pki
tags: added: eventlet
Changed in keystone:
status: In Progress → Invalid
status: Invalid → Won't Fix
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (master)

Change abandoned by Ralf Haferkamp (<email address hidden>) on branch: master
Review: https://review.openstack.org/220116

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.