Critically fail on startup if fernet_setup has not been run

Bug #1576315 reported by Dolph Mathews on 2016-04-28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Raildo Mascena de Sousa Filho

Bug Description

As a result of the Fernet work session at the Newton design summit in Austin:

Prior to making Fernet the default token provider, keystone should fail on startup if fernet_setup has not been run when fernet is also the configured token provider. Today, keystone will instead return a 500 trying to create or validate tokens. Failing on startup will give operators a bigger red flag about the work they need to do to use Fernet.

Dolph Mathews (dolph) on 2016-04-28
Changed in keystone:
status: New → Confirmed
Changed in keystone:
assignee: nobody → Lance Bragstad (lbragstad)
status: Confirmed → In Progress
Changed in keystone:
assignee: Lance Bragstad (lbragstad) → Raildo Mascena de Sousa Filho (raildo)

Submitter: Jenkins
Branch: master

commit 971ba5fa4522349d8c24a318fd6f0701ff0668f4
Author: Lance Bragstad <email address hidden>
Date: Mon May 2 18:57:05 2016 +0000

    Make keystone exit when fernet keys don't exist

    An outcome of some of the token discussions in Austin was that when Fernet is
    the configured token provider, Keystone should fail on start up if there are no
    keys in the key repository or if the repository doesn't exist.

    Closes-Bug: 1576315

    Change-Id: I0351dddc49da5908f46e09e22467f6fb112593dd

Changed in keystone:
status: In Progress → Fix Released

This issue was fixed in the openstack/keystone development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers