keystonemiddleware

'invalid' tokens redundantly remarked as 'invalid'

Bug #1289075 reported by Peter Feiner
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
keystonemiddleware
Fix Released
Medium
Brant Knudson
keystonemiddleware 1.2.0

Bug Description

When the WSGI middleware in keystoneclient rejects a token because it's marked as 'invalid' in the cache, the middleware redundantly re-marks the token as 'invalid' in the cache. These redundant invalidations make debugging the original cause for the token being marked invalid difficult because each invalidation adds spam to log files. I've attached a patch that eliminates the redundant invalidation.

Tags: performance
Revision history for this message
Peter Feiner (pete5) wrote :
Revision history for this message
Matt Fischer (mfisch) wrote :

Peter,

You'll need to submit this through gerritt for it to get any attention:
https://wiki.openstack.org/wiki/Gerrit_Workflow

Revision history for this message
Brant Knudson (blk-u) wrote :

https://review.openstack.org/#/c/96786/ should take care of this.

Changed in python-keystoneclient:
assignee: nobody → Brant Knudson (blk-u)
OpenStack Infra (hudson-openstack)
Changed in python-keystoneclient:
status: New → In Progress
Brant Knudson (blk-u)
Changed in keystonemiddleware:
assignee: nobody → Brant Knudson (blk-u)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on python-keystoneclient (master)

Change abandoned by Brant Knudson (<email address hidden>) on branch: master
Review: https://review.openstack.org/96786
Reason: Moved to keystonemiddleware -- https://review.openstack.org/102399

Dolph Mathews (dolph)
no longer affects: python-keystoneclient
Dolph Mathews (dolph)
Changed in keystonemiddleware:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystonemiddleware (master)

Fix proposed to branch: master
Review: https://review.openstack.org/114848

Dolph Mathews (dolph)
tags: added: performance
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (master)

Reviewed: https://review.openstack.org/114848
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=7c954516f52761596aa39c5a7f5ed7b25ec0eacd
Submitter: Jenkins
Branch: master

commit 7c954516f52761596aa39c5a7f5ed7b25ec0eacd
Author: Brant Knudson <email address hidden>
Date: Sun Aug 17 16:34:33 2014 -0500

    Add a test for re-caching a token

    There was no test that showed that when a token was in the cache
    and a request is made to validate it again, it gets cached again.

    Change-Id: I1992fa6b5ddc0792dfd1ce90fb888c365ecb1612
    Partial-Bug: #1289075

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/102399
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=40a2d48ba48aa3d38bed590dbc135d83553a9314
Submitter: Jenkins
Branch: master

commit 40a2d48ba48aa3d38bed590dbc135d83553a9314
Author: Brant Knudson <email address hidden>
Date: Sun Aug 17 12:58:35 2014 -0500

    auth_token cached token handling

    auth_token handles tokens that are from its cache, uncached PKI
    (compressed and ASN, "offline validation") and UUID/hashed tokens
    ("online" validation).

    For all of these cases, the auth_token middleware was doing

    1) expiration check
    2) confirm token bind
    3) store in cache

    In some cases, some of these steps aren't necessary.

    When getting the token from the cache
    1) no expiration check is needed because the expiration time is
       stored as cache data and the token would be rejected during
       _cache_get.
    2) Storing in the cache is unnecessary because the token is
       already in the cache.

    When doing online validation, it's not necessary to do the
    expiration check because the identity server would have rejected
    the token if it was expired.

    Closes-Bug: #1289075
    Change-Id: I6afa98504215521538434f1f8a2d97585ce35de5

Changed in keystonemiddleware:
status: In Progress → Fix Committed
David Stanek (dstanek)
Changed in keystonemiddleware:
milestone: none → 1.2.0
Dolph Mathews (dolph)
Changed in keystonemiddleware:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.