keystonemiddleware

  1. Bug #1987355
  2. Comment #11

Comment 11 for bug 1987355

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/keystonemiddleware/+/873924
Committed: https://opendev.org/openstack/keystonemiddleware/commit/11eef7db7591d12acbc9d6e449a871ce21b76b94
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 11eef7db7591d12acbc9d6e449a871ce21b76b94
Author: Jorge Merlino <email address hidden>
Date: Wed Oct 5 14:41:06 2022 -0300

    Remove cache invalidation when using expired token

    This can create a race condition for long running services that reuse
    their token (eg. Kubernetes Cinder CSI plugin) in this case for
    example:

    1 [user] Asks nova to attach a volume to a server
    2 ...the user's token expires
    3 [user] Asks cinder if the volume has been attached
    4 [nova] Asks cinder to attach the volume

    In step 3 the token is marked as invalid in the cache and step 4 fails
    even if allow_expired is true

    Closes-Bug: #1987355
    Change-Id: Ice8e34440a5fe1baa370646ed70b5e085c4af70e