OpenStack-Ansible

[os_keystone] fernet_token block still configured even though keystone_token_provider is uuid

Bug #1651511 reported by Miguel Alejandro Cantu on 2016-12-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	Low	Travis Truman

Bug Description

It seems as if there is a conditional missing here that applies the fernet_token block depending on whether or not fernet is being used as a keystone token provider.

https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone.conf.j2#L77-L80

I'm not sure if this changes the behavior of keystone in any way, but regardless that block should not appear in the keystone.conf file when keystone_token_provider is not fernet.

Tags:

Jean-Philippe Evrard (jean-philippe-evrard) on 2016-12-20

Changed in openstack-ansible:
status:	New → Confirmed
importance:	Undecided → Low
tags:	added: low-hanging-fruit
Changed in openstack-ansible:
assignee:	nobody → Miguel Alejandro Cantu (miguel-cantu)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-20: Fix proposed to openstack-ansible-os_keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/413176

Changed in openstack-ansible:
assignee:	Miguel Alejandro Cantu (miguel-cantu) → Travis Truman (travis-truman)
status:	Confirmed → In Progress

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2016-12-20:

For what it's worth - the `keystone.conf [fernet_tokens]` block should have no affect on keystone's behavior, even if the token provider is `uuid`. The options are only used when `keystone.conf [token] provider = fernet`.

I would agree that it can be misleading to have fernet options defined when not being used. I'd be happy to review the fix!

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-20: Fix merged to openstack-ansible-os_keystone (master)

Reviewed: https://review.openstack.org/413176
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/commit/?id=b82d81c0548ce87bcee7a9a8f4f2fe6cbcf3389a
Submitter: Jenkins
Branch: master

commit b82d81c0548ce87bcee7a9a8f4f2fe6cbcf3389a
Author: Travis Truman <email address hidden>
Date: Tue Dec 20 11:50:22 2016 -0500

Include fernet config block only when fernet tokens are used

Change-Id: Idddab83b63270f47af1384e57b4c621968c5edc8
Closes-Bug: #1651511

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-27: Fix included in openstack/openstack-ansible-os_keystone 15.0.0.0b3

This issue was fixed in the openstack/openstack-ansible-os_keystone 15.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.