[jira] [Commented] (LIBCLOUD-428) OpenStack provider does not check if auth token has expired before trying to use it

Wed, 13 Nov 2013 07:22:14 -0800 

    [ 
https://issues.apache.org/jira/browse/LIBCLOUD-428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13821412#comment-13821412
 ] 

ASF subversion and git services commented on LIBCLOUD-428:
----------------------------------------------------------

Commit a5648b34e3c33549913201013133a48488598b76 in branch 
refs/heads/fix_openstack_token_caching_and_reuse from [~kami]
[ https://git-wip-us.apache.org/repos/asf?p=libcloud.git;h=a5648b3 ]

Fix the following auth related things in the OpenStack classes:

- Correctly handle ex_force_auth_token argument
- Correctly cache, re-use and expire auth tokens

Also update affected tests and test fixtures.

Reported by Michael Farrell, part of LIBCLOUD-428.


> OpenStack provider does not check if auth token has expired before trying to 
> use it
> -----------------------------------------------------------------------------------
>
>                 Key: LIBCLOUD-428
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-428
>             Project: Libcloud
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.13.2
>         Environment: Linux Python 2.7
>            Reporter: Michael Farrell
>
> The OpenStack provider (and by extension, the Rackspace provider) does not 
> check to see if the authentication token has expired before attempting to use 
> it.
> In {{libcloud/common/openstack.py}} at 
> {{OpenStackBaseConnection._populate_hosts_and_request_paths}}, the library 
> checks that a token exists, and creates it if it does not.
> The issue is that it does not check if the token has expired, despite having 
> this information in {{self.auth_token_expires}}.
> So a long-running Python process will eventually fail because the token will 
> expire, and the API will return {{HTTP 401 Unauthorized}}.
> I've written a hacky workaround to this, by copying 
> {{OpenStackAuthConnection._is_token_valid}} into {{OpenStackBaseConnection}}, 
> then replacing the {{_populate_hosts_and_requests_paths}} auth token check 
> with a call to {{_is_token_valid}}.
> This is shown in this commit: 
> https://github.com/Caramel/libcloud/commit/317a039
> There's probably a better way to implement it without duplicating this 
> function, but I don't know enough of the codebase to make this change.  I'm 
> also unsure if other drivers also have this problem that are not based on 
> OpenStack.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to