[
https://issues.apache.org/jira/browse/LIBCLOUD-428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13812563#comment-13812563
]
Michael Farrell commented on LIBCLOUD-428:
------------------------------------------
If I call the constructor for {{OpenStackAuthConnection}} in
{{OpenStackBaseConnection.__init__}}, there is another issue. The existing
function uses the auth URL from the following sources in this order:
1. {{self.auth_url}}
2. Constructor parameter {{ex_force_auth_url}}
3. If neither of these are available, it will throw {{LibcloudError}}.
However, if the instantiation of the {{OpenStackAuthConnection}} is done in the
{{OpenStackBaseConnection.__init__}} constructor, it will mean that it is no
longer possible to use {{self.auth_url}}, as this cannot be set before the
constructor is called.
A specific example of where this would fail is in
{{storage.drivers.CloudFilesConnection}}, the {{auth_url}} is set after calling
the base constructor.
> OpenStack provider does not check if auth token has expired before trying to
> use it
> -----------------------------------------------------------------------------------
>
> Key: LIBCLOUD-428
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-428
> Project: Libcloud
> Issue Type: Bug
> Components: Core
> Affects Versions: 0.13.2
> Environment: Linux Python 2.7
> Reporter: Michael Farrell
>
> The OpenStack provider (and by extension, the Rackspace provider) does not
> check to see if the authentication token has expired before attempting to use
> it.
> In {{libcloud/common/openstack.py}} at
> {{OpenStackBaseConnection._populate_hosts_and_request_paths}}, the library
> checks that a token exists, and creates it if it does not.
> The issue is that it does not check if the token has expired, despite having
> this information in {{self.auth_token_expires}}.
> So a long-running Python process will eventually fail because the token will
> expire, and the API will return {{HTTP 401 Unauthorized}}.
> I've written a hacky workaround to this, by copying
> {{OpenStackAuthConnection._is_token_valid}} into {{OpenStackBaseConnection}},
> then replacing the {{_populate_hosts_and_requests_paths}} auth token check
> with a call to {{_is_token_valid}}.
> This is shown in this commit:
> https://github.com/Caramel/libcloud/commit/317a039
> There's probably a better way to implement it without duplicating this
> function, but I don't know enough of the codebase to make this change. I'm
> also unsure if other drivers also have this problem that are not based on
> OpenStack.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
