Moving to Fernet tokens. Revocations will be handled by revocation events, not revocation list. Memcache as a storage mechanism for PKI tokens was deeply flawed, as dropping tokens from Memcache effectively unrevoked them.
** Changed in: keystone Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1242620 Title: "Unable to add token to revocation list" warning happened when revoking token in memcache Status in OpenStack Identity (keystone): Won't Fix Bug description: Memcache backend is used to store the token. When revoking a token, such error reported. "Unable to add token to revocation list" As a result, the revoked token could not be added to revocation-list in memcache although the token was actually revoked. I found this warning always happen when the size of value of the revocation-list key in memcache is about 512K. Expected result: No warning exception should be raised when revoking token. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1242620/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp