Fernet + Memcache causes validation failures
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystonemiddleware |
Fix Released
|
Medium
|
Morgan Fainberg |
Bug Description
Reported via EMail:
When enabling memcache caching of tokens at the endpoint and utilizing Fernet tokens, the Fernet token id is utilized as the cache key. In many cases this results in a cache key that is too large for Memcache.
The solution is to always hash token ids (even uuid) to a consistent cache key that is within the parameters of memcache's limitations.
This can be solved either by simply hashing the token_id to a consistent key or rewriting keystonemiddleware to utilize a toolchain/library like dogpile.cache. As this impacts both Kilo and Master, it is likely the correct fix is to start with a simple key-hashing and then move master to using better toolchains such as dogpile.cache.
tags: | added: kilo-backport-potential |
Changed in keystonemiddleware: | |
importance: | Undecided → Medium |
milestone: | none → 1.7.0 |
tags: | added: fernet |
Changed in keystonemiddleware: | |
assignee: | Morgan Fainberg (mdrnstm) → Samuel de Medeiros Queiroz (samueldmq) |
Changed in keystonemiddleware: | |
assignee: | Samuel de Medeiros Queiroz (samueldmq) → Morgan Fainberg (mdrnstm) |
Fix proposed to branch: master /review. openstack. org/186971
Review: https:/